AWS Certified Developer – Associate (DVA-C02) — Question 473

A developer is building the authentication mechanism for a new mobile app. Users need to be able to sign up, sign in, and access secured backend AWS resources.

Which solution will meet these requirements?

Answer options

• A. Use AWS Identity and Access Management Access Analyzer to generate IAM policies. Create an IAM role. Attach the policies to the role. Integrate the IAM role with an identity provider that the mobile app uses.
• B. Create an IAM policy that grants access to the backend resources. Create an IAM role. Attach the policy to the role. Create an Amazon API Gateway endpoint. Attach the role to the endpoint. Integrate the endpoint with the mobile app.
• C. Create an Amazon Cognito identity pool. Configure permissions by choosing a default IAM role for authenticated users or guest users in the identity pool. Associate the identity pool with an identity provider. Integrate the identity pool with the mobile app.
• D. Create an Amazon Cognito user pool. Configure the security requirements by choosing a password policy, multi-factor authentication (MFA) requirements, and user account recovery options. Create an app client. Integrate the app client with the mobile app.

Correct answer: D

Explanation

Amazon Cognito user pools provide a user directory that manages the sign-up and sign-in flows for mobile and web applications, fulfilling the requirement for user authentication and management. Amazon Cognito identity pools (Option C) are primarily used to authorize users to access AWS resources by providing temporary AWS credentials, but they do not manage user registration and login directories directly. Options A and B lack the built-in user management capabilities (such as sign-up, sign-in, and MFA) needed for a complete mobile app authentication solution.