AWS Certified Security – Specialty (SCS-C02) — Question 171

A company runs an online game on AWS. When players sign up for the game, their username and password credentials are stored in an Amazon Aurora database.

The number of users has grown to hundreds of thousands of players. The number of requests for password resets and login assistance has become a burden for the company's customer service team.

The company needs to implement a solution to give players another way to log in to the game. The solution must remove the burden of password resets and login assistance while securely protecting each player's credentials.

Which solution will meet these requirements?

Answer options

• A. When a new player signs up, use an AWS Lambda function to automatically create an IAM access key and a secret access key. Program the Lambda function to store the credentials on the player's device. Create IAM keys for existing players.
• B. Migrate the player credentials from the Aurora database to AWS Secrets Manager. When a new player signs up, create a key-value pair in Secrets Manager for the player’s user ID and password.
• C. Configure Amazon Cognito user pools to federate access to the game with third-party identity providers (IdPs), such as social IdPs. Migrate the game’s authentication mechanism to Cognito.
• D. Instead of using usernames and passwords for authentication, issue API keys to new and existing players. Create an Amazon API Gateway API to give the game client access to the game’s functionality.

Correct answer: C

Explanation

The correct answer is C because Amazon Cognito user pools facilitate user sign-up, sign-in, and access control while integrating with third-party IdPs, effectively reducing the burden on customer service regarding password issues. Option A is incorrect as creating IAM keys for players is not a suitable authentication method for end-users. Option B is not ideal since AWS Secrets Manager is not designed for user authentication and storing passwords. Option D fails to provide secure authentication as API keys can be less secure than proper identity management solutions.