AWS Certified Developer – Associate (DVA-C02) — Question 534

A development team is designing a mobile app that requires multi-factor authentication.

Which steps should be taken to achieve this? (Choose two.)

Answer options

• A. Use Amazon Cognito to create a user pool and create users in the user pool.
• B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code.
• C. Enable multi-factor authentication for the Amazon Cognito user pool.
• D. Use AWS IAM to create IAM users.
• E. Enable multifactor authentication for the users created in AWS IAM.

Correct answer: A, C

Explanation

Amazon Cognito is designed for consumer-facing mobile applications, allowing developers to easily manage user sign-up, sign-in, and access control through user pools where MFA can be natively enabled. AWS IAM is meant for securing AWS resources and infrastructure, making it inappropriate and unscalable for managing mobile app end-users. Using Amazon SNS directly in the application code to send MFA codes is redundant because Amazon Cognito handles the delivery of MFA codes automatically.