Topic 1 Question 150

AWS Certified Security - Specialty

Topic 1 Question 150
A company in France uses Amazon Cognito with the Cognito Hosted UI as an identity broker for sign-in and sign-up processes. The company is marketing an application and expects that all the application’s users will come from France.

When the company launches the application, the company’s security team observes fraudulent sign-ups for the application. Most of the fraudulent registrations are from users outside of France.

The security team needs a solution to perform custom validation at sign-up. Based on the results of the validation, the solution must accept or deny the registration request.

Which combination of steps will meet these requirements?

2 つ選択
- Create a pre sign-up AWS Lambda trigger. Associate the Amazon Cognito function with the Amazon Cognito user pool.
- Use a geographic match rule statement to configure an AWS WAF web ACL Associate the web ACL with the Amazon Cognito user pool.
- Configure an app client for the application's Amazon Cognito user pool. Use the app client ID to validate the requests in the hosted UI.
- Update the application’s Amazon Cognito user pool to configure a geographic restriction setting.
- Use Amazon Cognito to configure a social identity provider (IdP) to validate the requests on the hosted UI.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: AB
  A - is correct. https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html B - is correct. https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html#user-pool-waf-setting-up
  
  👍 5
  aescudero512024/05/29
- 正解だと思う選択肢: AD
  The correct answers are A and D.
  
  A: Creating a pre sign-up AWS Lambda trigger and associating it with the Amazon Cognito user pool will allow the security team to perform custom validation at sign-up. This Lambda function can be used to check the geographic location of the sign-up request and accept or deny the request based on whether it comes from France.
  
  D: Updating the application’s Amazon Cognito user pool to configure a geographic restriction setting will help to ensure that only users from France can sign up for the application. This setting can be used to block sign-up requests that come from outside of France. This is a straightforward way to prevent fraudulent sign-ups from users outside of France. However, it’s important to note that this method might not be 100% effective if the fraudulent users are using VPNs or other methods to appear as though they are in France. Therefore, it’s a good idea to also use the Lambda trigger for additional validation.
  
  👍 1
  Certified1012024/05/19
- A, C correct
  
  👍 1
  sema22322024/06/12
シャッフルモード

ユーザの投票

コメント(6)