exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 150 discussion

A company in France uses Amazon Cognito with the Cognito Hosted UI as an identity broker for sign-in and sign-up processes. The company is marketing an application and expects that all the application’s users will come from France.

When the company launches the application, the company’s security team observes fraudulent sign-ups for the application. Most of the fraudulent registrations are from users outside of France.

The security team needs a solution to perform custom validation at sign-up. Based on the results of the validation, the solution must accept or deny the registration request.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Create a pre sign-up AWS Lambda trigger. Associate the Amazon Cognito function with the Amazon Cognito user pool.
  • B. Use a geographic match rule statement to configure an AWS WAF web ACL Associate the web ACL with the Amazon Cognito user pool.
  • C. Configure an app client for the application's Amazon Cognito user pool. Use the app client ID to validate the requests in the hosted UI.
  • D. Update the application’s Amazon Cognito user pool to configure a geographic restriction setting.
  • E. Use Amazon Cognito to configure a social identity provider (IdP) to validate the requests on the hosted UI.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
aescudero51
Highly Voted 6 months, 1 week ago
Selected Answer: AB
A - is correct. https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html B - is correct. https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html#user-pool-waf-setting-up
upvoted 5 times
...
IPLogic
Most Recent 2 days, 22 hours ago
Selected Answer: AB
To meet the requirements, the security team should choose Option A and Option B: A. Create a pre sign-up AWS Lambda trigger. Associate the Amazon Cognito function with the Amazon Cognito user pool. This allows the team to perform custom validation during the sign-up process. The Lambda function can include logic to check the geographic location of the sign-up request and accept or deny it based on whether it originates from France. B. Use a geographic match rule statement to configure an AWS WAF web ACL. Associate the web ACL with the Amazon Cognito user pool. This adds an additional layer of security by using AWS WAF to block sign-up requests from outside France before they reach the Cognito user pool.
upvoted 1 times
...
navid1365
4 months ago
Selected Answer: AB
A and B are correct: -A: AWS documentation explains that you can use pre sign-up Lambda triggers to perform custom validation on user sign-ups. This allows you to accept or deny registration requests based on specific criteria, such as the geographic location of the user. - B: AWS WAF allows you to configure rules that can block requests from specific geographic locations. By associating an AWS WAF web ACL with the Amazon Cognito user pool, you can block sign-up requests from users outside of France.
upvoted 1 times
...
cumzle_com
5 months, 2 weeks ago
Selected Answer: AD
Create a pre sign-up AWS Lambda trigger: By associating an Amazon Cognito function with the user pool using a pre sign-up Lambda trigger, you can perform custom validation. This trigger allows you to accept or deny the registration request based on the results of your validation1. Update the application’s Amazon Cognito user pool: Configure a geographic restriction setting within the user pool. This way, you can limit sign-ups to users from specific regions (in this case, France) and prevent fraudulent registrations from outside the expected location1. https://pupuweb.com/aws-certified-security-specialty-qa-combination-steps-perform-custom-validation-sign-up/
upvoted 1 times
cumzle_com
5 months, 1 week ago
sorry AB
upvoted 1 times
...
...
sema2232
5 months, 3 weeks ago
A, C correct
upvoted 1 times
...
Certified101
6 months, 2 weeks ago
Selected Answer: AD
The correct answers are A and D. A: Creating a pre sign-up AWS Lambda trigger and associating it with the Amazon Cognito user pool will allow the security team to perform custom validation at sign-up. This Lambda function can be used to check the geographic location of the sign-up request and accept or deny the request based on whether it comes from France. D: Updating the application’s Amazon Cognito user pool to configure a geographic restriction setting will help to ensure that only users from France can sign up for the application. This setting can be used to block sign-up requests that come from outside of France. This is a straightforward way to prevent fraudulent sign-ups from users outside of France. However, it’s important to note that this method might not be 100% effective if the fraudulent users are using VPNs or other methods to appear as though they are in France. Therefore, it’s a good idea to also use the Lambda trigger for additional validation.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...