ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 252 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 252
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company’s developer is creating an application that uses Amazon API Gateway. The company wants to ensure that only users in the Sales department can use the application. The users authenticate to the application by using federated credentials from a third-party identity provider (IdP) through Amazon Cognito. The developer has set up an attribute mapping to map an attribute that is named Department and to pass the attribute to a custom AWS Lambda authorizer.

To test the access limitation, the developer sets their department to Engineering in the IdP and attempts to log in to the application. The developer is denied access. The developer then updates their department to Sales in the IdP and attempts to log in. Again, the developer is denied access. The developer checks the logs and discovers that access is being denied because the developer’s access token has a department value of Engineering.

Which of the following is a possible reason that the developer’s department is still being reported as Engineering instead of Sales?

  • A. Authorization caching is enabled in the custom Lambda authorizer.
  • B. Authorization caching is enabled on the Amazon Cognito user pool.
  • C. The IAM role for the custom Lambda authorizer does not have a Department tag.
  • D. The IAM role for the Amazon Cognito user pool does not have a Department tag.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Claire_KMT at Oct. 29, 2023, 2:09 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tapan666
Highly Voted 1 year, 6 months ago
Selected Answer: A
https://www.examtopics.com/discussions/amazon/view/88914-exam-aws-certified-developer-associate-topic-1-question-294/
upvoted 6 times
...
albert_kuo
Most Recent 5 months, 2 weeks ago
Selected Answer: A
Set authorizerResultTtlInSeconds to 0 in API gateway
upvoted 1 times
...
65703c1
11 months, 2 weeks ago
Selected Answer: A
A is the correct answer.
upvoted 1 times
...
ethanluvsbooks
1 year, 1 month ago
A is correct
upvoted 2 times
...
KarBiswa
1 year, 2 months ago
Selected Answer: A
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html#:~:text=If%20access%20is%20allowed%2C%20API%20Gateway%20invokes%20the%20method.%20If%20caching%20is%20enabled%20in%20the%20authorizer%20settings%2C%20API%20Gateway%20also%20caches%20the%20policy%20so%20that%20the%20Lambda%20authorizer%20function%20doesn%27t%20need%20to%20be%20invoked%20again.
upvoted 3 times
...
joshnort
1 year, 3 months ago
Selected Answer: A
https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html
upvoted 2 times
...
SerialiDr
1 year, 3 months ago
Selected Answer: A
When authorization caching is enabled in a custom Lambda authorizer, the authorizer can cache the policy associated with an access token. This caching is designed to improve performance by reducing the number of calls to the Lambda function. However, it can also lead to outdated authorization information being used if the user's attributes change in the identity provider (IdP) but the cached policy in the Lambda authorizer is still based on the old attributes. In this case, when the developer initially logged in with the department set to Engineering, the custom Lambda authorizer created and cached a policy based on this information. Subsequently, even after the developer updated their department to Sales in the IdP, the cached policy (which still reflects the Engineering department) was used, leading to the access denial.
upvoted 4 times
...
SerialiDr
1 year, 3 months ago
Selected Answer: A
This approach leverages the real-time capabilities of WebSocket connections managed by Amazon API Gateway. When a user uploads a file, the application can associate the file with the user's WebSocket connection ID. Once the file validation process completes, the application can send the status directly to the connected client, allowing immediate updates to the dashboard without the need for manual refreshes.
upvoted 1 times
SerialiDr
1 year, 3 months ago
wrongly added here, please delete
upvoted 1 times
...
...
tqiu654
1 year, 4 months ago
Selected Answer: D
Based on ChatGPT:D
upvoted 1 times
...
anasbakla
1 year, 5 months ago
Selected Answer: A
A is Correct
upvoted 3 times
...
PrakashM14
1 year, 6 months ago
Selected Answer: B
Options A, C, and D do not directly address the caching of user attributes in the context of Amazon Cognito. Option A refers to caching in the custom Lambda authorizer, but the issue seems more likely to be related to the Cognito user pool's caching mechanism. Options C and D mention IAM roles and tags, which may be relevant for other aspects of access control but are not the primary cause of the reported department value in this scenario.
upvoted 2 times
...
Claire_KMT
1 year, 6 months ago
B. Authorization caching is enabled on the Amazon Cognito user pool.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago