ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 87 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 87
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider.

Which combination of the following actions should the engineer take to allow users to be authenticated into the web application and call APIs? (Choose three.)

  • A. Create a custom authorization service using AWS Lambda.
  • B. Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
  • C. Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
  • D. Configure an Amazon Cognito identity pool to integrate with social login providers.
  • E. Update DynamoDB to store the user email addresses and passwords.
  • F. Update API Gateway to use a COGNITO_USER_POOLS authorizer.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by oioi at Nov. 23, 2023, 9:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel76
8 months, 1 week ago
Selected Answer: BCF
For API to refer to Cognito user pool, use "COGNITO_USER_POOLS" authorizer https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html For Cognito user pool to act as relying party to SAML IdP https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html Other options: A- "As an alternative to using IAM roles and policies or Lambda authorizers (formerly known as custom authorizers), you can use an Amazon Cognito user pool to control who can access your API in Amazon API Gateway." https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html D - social login users not required for this question. E - Dynamo DB is irrelevant- never store store password in db without all the additional overheads required to keep them secure.
upvoted 2 times
...
rahav
8 months, 1 week ago
Selected Answer: BCF
BCF is logical here
upvoted 1 times
...
[Removed]
9 months, 1 week ago
Selected Answer: BCF
BCF. This was on the other exam topics practice set
upvoted 2 times
...
oioi
9 months, 2 weeks ago
Selected Answer: BCF
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago