AWS Certified Cloud Practitioner — Question 986

A company needs to set up user authentication for a new application. Users must be able to sign in directly with a user name and password, or through a third- party provider.
Which AWS service should the company use to meet these requirements?

Answer options

• A. AWS Single Sign-On
• B. AWS Signer
• C. Amazon Cognito
• D. AWS Directory Service

Correct answer: C

Explanation

Amazon Cognito provides user sign-up, sign-in, and access control for web and mobile applications, supporting direct sign-in with username/password as well as federation through social or enterprise identity providers. AWS Single Sign-On is designed for managing SSO access to AWS accounts and business applications rather than application-level user management. AWS Directory Service is used to manage managed Active Directory in the cloud, and AWS Signer is a code-signing service, making them incorrect for this use case.