It also needs to be ensured that a second level of authentication is available for users. Which of the following would assist in this? Choose 2 answers from the options given below.

Question

A development team is developing a mobile-based application. They want to use AWS services for data storage and for managing authentication.

It also needs to be ensured that a second level of authentication  is available for users. Which of the following would assist in this? Choose 2 answers from the options given below.

A. Use the AWS Cognito Service.

B. Use the AWS Config Service.

C. Enable MFA for the underlying user pool.

D. Enable user names and passwords for the underlying user pools.

Answer 1

Answer - A and C.

The AWS Documentation mentions the following.

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps.

Your users can sign in directly with a user name and password or through a third party such as Facebook, Amazon, or Google.

Multi-factor authentication (MFA) increases security for your app by adding another authentication method and not relying solely on user name and password.

You can choose to use SMS text messages or time-based one-time (TOTP) passwords as second factors in signing in to your users.

Option B is invalid since this is a configuration service.

Option D is invalid since user names and passwords is not a valid second level of authentication.

For more information on MFA with AWS Cognito, please refer to the below URL-

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

The development team is building a mobile application that requires data storage and authentication services. Additionally, the application requires a second level of authentication for users. Two AWS services that can assist with these requirements are:

A. Use the AWS Cognito Service: Amazon Cognito is a service that enables the developer to add user sign-up, sign-in, and access control to mobile and web applications quickly and easily. Cognito provides a user directory that can be used to store and manage user identities, including email addresses, usernames, and passwords. Cognito also offers social identity providers, such as Facebook, Google, and Amazon, that allow users to sign in using their social media credentials. With Cognito, developers can also enable multi-factor authentication (MFA) to provide an extra layer of security.

C. Enable MFA for the underlying user pool: Cognito provides the ability to enable MFA for user authentication. MFA requires users to provide two or more authentication factors, such as a password and a security token, to access their account. This provides an extra layer of security to protect against unauthorized access.

AWS Config Service and enabling user names and passwords for underlying user pools are not relevant to the requirements of the development team for this scenario. AWS Config is a service that provides a detailed inventory of the resources used in an AWS account and can be used to monitor compliance with security and operational best practices. Enabling user names and passwords for underlying user pools is a basic feature of Cognito and is not related to the requirement for a second level of authentication.

In summary, the two AWS services that can assist the development team in this scenario are AWS Cognito Service and enabling MFA for the underlying user pool.