ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 280 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 280
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company runs a custom online gaming application. The company uses Amazon Cognito for user authentication and authorization.

A security engineer wants to use AWS to implement fine-grained authorization on resources in the custom application. The security engineer must implement a solution that uses the user attributes that exist in Cognito. The company has already set up a user pool and an identity pool in Cognito.

Which solution will meet these requirements?

  • A. Create a set of IAM roles and IAM policies. Configure the Cognito identity pool to assign users to the IAM roles.
  • B. Create a policy store in Amazon Verified Permissions. Configure Cognito as the identity source. Map Cognito access tokens to the Verified Permissions schema.
  • C. Create customer managed permissions by using AWS Resource Access Manager (AWS RAM). Configure the Cognito identity pool to assign users to the customer managed permissions.
  • D. Create a set of IAM users and IAM policies. Configure the Cognito user pool to assign users to the IAM users.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by youonebe at Jan. 11, 2025, 3:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pat9595
3 days, 19 hours ago
Selected Answer: B
Explanation: Fine-grained authorization requires making access decisions based on user attributes, which go beyond standard IAM role-based access control. Amazon Verified Permissions provides policy-based access control (PBAC), allowing fine-grained authorization by evaluating policies against user attributes from Cognito. Mapping Cognito access tokens to Verified Permissions lets the application dynamically enforce access rules based on user attributes stored in Cognito.
upvoted 1 times
...
youonebe
3 weeks, 6 days ago
Selected Answer: A
A is the most straightforward and common solution for implementing fine-grained authorization using user attributes in Amazon Cognito. The approach uses IAM roles and policies, which are well-integrated with Cognito identity pools and can be configured dynamically based on user attributes, enabling fine-grained access control.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago