Module 12 knowledge check

Amazon Cognito user pool

A developer has been asked to add a sign-up and sign-in service to their application. Which Amazon Cognito feature should they use?

Use AWS CloudTrail to search for information about delete object events on the S3 bucket

A developer has been asked to investigate how website files have been deleted from an Amazon Simple Storage Service (Amazon S3) bucket. Which approach should they take?

Compromised credentials check

A developer has been asked to reduce the security risk of users who sign in to their application with username and password pairs that they use on other websites.Which Amazon Cognito user pool feature might the developer configure?

A mobile app user authenticates with a user pool, and the user pool returns JWTs to the app.

A developer plans to use Amazon Cognito user pools with Amazon API Gateway. Which step is part of the user pool authentication flow with API Gateway?

Both SSL and TLS encrypt network communications between connected resources.

Which statement about creating secure connections is true?

Use AWS Identity and Access Management (IAM) roles to retrieve temporary security credentials.

Which statement reflects a best practice for security credentials?

to issue a certificate

Which step in the secure connection process is the responsibility of the certificate authority (CA)?

With federated users, the first authentication is made against an ldP. With IAM users, the first authentication is made against IAM.

What is the primary difference between AWS Security Token Service (AWS STS) authentication by federated users and AWS STS authentication by AWS Identity and Access Management (IAM) users?

ACM manages certificate renewals for both public and private certificates.

Which statement about AWS Certificate Manager (ACM) is true?

With an identity pool. users can obtain temporary, limited-privilege AWS credentials to access other AWS services.

Which statement about Amazon Cognito identity pools is true?