Question

which solution below grants aws management console access to an devops engineer?
a) enable single sign-in on aws account by using federation and aws iam
b) create a user for the security Engineer in awd cognito user pool
c) create iam user for the engineer and associates relevant iam managed policies to this iam user
d) use aws organization to scope down iam roles and grant the security Engineer access to this iam roles​

Answer 1

Answer:

The development team at your company have created a new mobile application that will be used by users to access confidential data. The developers have used Amazon Cognito for authentication, authorization, and user management. Due to the sensitivity of the data, there is a requirement to add another method of authentication in addition to a username and password.

You have been asked to recommend the best solution. What is your recommendation?

Options are :

Enable multi-factor authentication (MFA) in IAM

Use multi-factor authentication (MFA) with a Cognito user pool

Integrate IAM with a user pool in Cognito

Integrate a third-party identity provider (IdP)

Answer : Use multi-factor authentication (MFA) with a Cognito user pool

Explanation You can use MFA

Answer 2

Answer:

C

Explanation:

c) create iam user for the engineer and associates relevant iam managed policies to this iam user