Topic 1 Question 87
3 つ選択A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider.
Which combination of the following actions should the engineer take to allow users to be authenticated into the web application and call APIs?
Create a custom authorization service using AWS Lambda.
Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
Configure an Amazon Cognito identity pool to integrate with social login providers.
Update DynamoDB to store the user email addresses and passwords.
Update API Gateway to use a COGNITO_USER_POOLS authorizer.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: BCF
BCF. This was on the other exam topics practice set
👍 2[Removed]2024/05/25 - 正解だと思う選択肢: BCF
For API to refer to Cognito user pool, use "COGNITO_USER_POOLS" authorizer https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
For Cognito user pool to act as relying party to SAML IdP https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html
Other options: A- "As an alternative to using IAM roles and policies or Lambda authorizers (formerly known as custom authorizers), you can use an Amazon Cognito user pool to control who can access your API in Amazon API Gateway." https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html D - social login users not required for this question. E - Dynamo DB is irrelevant- never store store password in db without all the additional overheads required to keep them secure.
👍 2Daniel762024/06/29 - 正解だと思う選択肢: BCF
correct
👍 1oioi2024/05/23
シャッフルモード