AWS Certified Solutions Architect – Associate (SAA-C02) — Question 397

A company designs a mobile app for its customers to upload photos to a website. The app needs a secure login with multi-factor authentication (MFA). The company wants to limit the initial build time and the maintenance of the solution.
Which solution should a solutions architect recommend to meet these requirements?

Answer options

• A. Use Amazon Cognito Identity with SMS-based MFA.
• B. Edit IAM policies to require MFA for all users.
• C. Federate IAM against the corporate Active Directory that requires MFA.
• D. Use Amazon API Gateway and require server-side encryption (SSE) for photos.

Correct answer: A

Explanation

Amazon Cognito provides a fully managed, scalable user directory that supports SMS-based MFA, making it the ideal choice to minimize development effort and maintenance for customer-facing applications. Using IAM policies or federating IAM with a corporate Active Directory is designed for internal employee access rather than external customers and would introduce unnecessary management overhead. Amazon API Gateway with server-side encryption addresses data protection but does not handle user authentication or MFA requirements.