Ask a Question

You are developing an application that is going to make use of AWS Cognito. The default sign-in and sign-up features of the AWS Cognito service will be used.

  • Home
  • AWS
  • You are developing an application that is going to make use of AWS Cognito. The default sign-in and...
0 votes
in AWS by

You are developing an application that is going to make use of AWS Cognito. The default sign-in and sign-up features of the AWS Cognito service will be used.  There is a security requirement to ensure that if the user's credentials are compromised, then they would need to use a new password. Which of the following needs to be in place for this? Choose 2 answers from the options given below.

 

1 Answer

0 votes
by

Answer - A and B.

This is given in the AWS Documentation.

Option C is incorrect since this configuration needs to be done in the Advanced Security section.

Option D is incorrect.

Currently, Amazon Cognito doesn't check for compromised credentials for sign-in operations with Secure Remote Password (SRP) flow, which doesn't send the password during sign-in.

For more information on Cognito User pools, please refer to the below URL-

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-compromised-credentials.html

Checking for Compromised Credentials Amazon Cognito can detect if a user’s credentials (user name and password) have been compromised elsewhere. This can happen when users reuse credentials at more than one site, or when they use passwords that are easy to guess. From the Advanced security page in the Amazon Cognito console, you can choose whether to allow, or block the user if compromised credentials are detected. Blocking requires users to choose another password. Choosing Allow publishes all attempted uses of compromised credentials to Amazon CloudWatch. For more information, see Viewing Advanced Security Metrics. You can also choose whether Amazon Cognito checks for compromised credentials during sign-in, sign-up, and password changes. Which action do you want to take with the compromised credentials? You can detect and protect your users from using credentials that have been exposed through breaches of other websites. Learn more about compromised credentials protections. ) Allow @) Block use Blocking use will require users to jen AWS Cloudwateh. jerent password. Choosing allow will still log all attempted uses of compromises Which events should trigger compromised credentials checks? (MSignin [MSignup {[ Password change z vent must be selec b

To meet the security requirement of forcing users with compromised credentials to create new passwords, the following two actions need to be taken:

A. Create a User Pool in AWS Cognito: A User Pool is a user directory in AWS Cognito where users can sign up, sign in, and manage their profiles. When a user signs up or signs in, the user pool authenticates the user's credentials and issues JSON web tokens (JWTs) to authorized users. By creating a User Pool, you can enable sign-up and sign-in for users and apply policies such as password strength and expiry rules.

B. Enable "Block use" for compromised credentials in the Advanced Security section: The Advanced Security section in AWS Cognito provides an option to block user accounts in case of any unusual sign-in activity or when a user's credentials are compromised. By enabling this feature, AWS Cognito will monitor user accounts for any unusual activity and automatically block the account if it detects any suspicious behavior.

C. (Incorrect) There is no option for "Block use" for compromised credentials in the Basic Security section. The Basic Security section in AWS Cognito provides a basic level of security for user accounts. It does not provide the option to block user accounts for any unusual activity or when a user's credentials are compromised. Therefore, option C is incorrect.

D. (Incorrect) Verify sign-in operation on Cognito using Secure Remote Password (SRP): Secure Remote Password (SRP) is a cryptographic protocol used for password-based authentication. It is a secure way to protect user credentials from being intercepted during the authentication process. However, this option does not address the requirement of forcing users with compromised credentials to create new passwords. Therefore, option D is incorrect.

In summary, options A and B are correct. To ensure that users with compromised credentials need to use new passwords, create a User Pool in AWS Cognito and enable "Block use" for compromised credentials in the Advanced Security section.

Top Trending Technologies Questions and Answers

Agile Questions & Answers
Javascript Questions & Answers
Ansible Questions & Answers
Bootstrap Questions & Answers
Angular Questions & Answers
Android Questions & Answers
Linux Questions & Answers
Kibana Questions & Answers
Dataware Questions & Answers
Gradle Questions & Answers
Bitcoin Questions & Answers
Cassandra Questions & Answers
ABBYY-FlexiCapture Questions
Statistics & Probability Questions
Amazon Database Questions & Answers
Amazon Elastic Questions & Answers
Amazon Neptune Questions & Answers
Amazon Storage Questions & Answers
Amazon S3 Glacier Questions & Answers
5G-Network Questions & Answers
AWS Questions & Answers
C# Questions & Answers
C++ Interview Questions & Answers
REACTJS Questions & Answers
AJAX Questions & Answers
Data Handling Questions & Answers
Hadoop Questions & Answers
Big Data Questions & Answers
HTML Questions & Answers
JAVA Questions & Answers
JavaScript Questions & Answers
Apache Druid Questions & Answers
Apache Phoenix Questions & Answers
Apache Pig Questions & Answers
Apache Storm Questions & Answers
AWS Codecommit Questions & Answers
AWS Essentials Questions & Answers
Cache Techniques Questions & Answers
JIRA Questions & Answers
Azure Questions & Answers
Blockchain Questions & Answers
GIT Questions & Answers
DOT NET Questions & Answers
Machine Learning Questions & Answers
MVC Language Questions & Answers
NOSQL Questions & Answers
Python Questions & Answers
R Language Questions & Answers
Framework Questions & Answers
IONIC Questions & Answers
Cyber Security Questions & Answers
Data Mining Methods Questions & Answers
Devops Security Questions & Answers
End Point Security Questions & Answers
Fortify Code Scanner Questions & Answers
Growth & Transformation Questions
Keycloak Questions & Answers
Cloud Questions & Answers
Salesforce Questions & Answers
Selenium Questions & Answers
Spark SQL Questions & Answers
VUE JS Questions & Answers
Devops Questions & Answers
Jenkins Questions & Answers
Artificial Intelligence Questions & Answers
Continuous Integration Questions & Answers
GIT Questions & Answers
Continuous Deployment Questions & Answers
Cyber Security Questions & Answers
Memcached Questions & Answers
Sequence Models Questions & Answers
Tableau Questions & Answers
Typography Questions & Answers
Usability Principles Questions & Answers
Image processing Questions
Generative AI Interview Questions
About us

HOT LINKS

NO SQL/MangoDB

Data Visualisation Aurora

DevOps

Javascript

Hadoop and Big Data

JAVA

TRANDING TECHNOLOGIES

Agile and SAFE

DevOps

Spark SQL

Git

Service Now

Arduino

CONTACT US

New York, NY 10012, US

info@madanswer.com

Copyright

Contact US

About US

Follow us on Social Media


© Copyright 2018-2024 www.madanswer.com. All rights reserved. Developed by Madanswer. Sitemap Madanswer Sitemap

...