ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 143 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 143
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has several workloads running on AWS. Employees are required to authenticate using on-premises ADFS and SSO to access the AWS Management
Console. Developers migrated an existing legacy web application to an Amazon EC2 instance. Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.
How should the Security Engineer implement employee-only access to this system without changing the application?

  • A. Place the application behind an Application Load Balancer (ALB). Use Amazon Cognito as authentication for the ALB. Define a SAML-based Amazon Cognito user pool and connect it to ADFS.
  • B. Implement AWS SSO in the master account and link it to ADFS as an identity provider. Define the EC2 instance as a managed resource, then apply an IAM policy on the resource.
  • C. Define an Amazon Cognito identity pool, then install the connector on the Active Directory server. Use the Amazon Cognito SDK on the application instance to authenticate the employees using their Active Directory user names and passwords.
  • D. Create an AWS Lambda custom authorizer as the authenticator for a reverse proxy on Amazon EC2. Ensure the security group on Amazon EC2 only allows access from the Lambda function.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Tester3 at Aug. 30, 2020, 4:08 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tester3
Highly Voted 3 years, 9 months ago
A. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
upvoted 25 times
chengxu32
3 years, 8 months ago
I believe A is the correct answer too. AWS SSO is for single sign on to multiple AWS account, which is not the case in this question. So B is out. Questions states you have to use ADFS, so D is out since it does not even mention AD C is using identity pool, which is for authorization. This question is for authentication, so C is out. A is what's left, and the setup is in line with this article https://aws.amazon.com/premiumsupport/knowledge-center/cognito-ad-fs-saml/
upvoted 12 times
arae
2 years, 8 months ago
In C it says authenticate if you read the question.
upvoted 1 times
...
...
...
GVGREAT
Highly Voted 3 years, 8 months ago
A is the answer. The question says - "without changing the application" B - overhead to have an extra EC2 C - change in application
upvoted 5 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: A
Correct answer is A. Cognito user pool integrated with SAML 2.0 IdP
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
Amazon Cognito user pools allow sign-in through a third party (federation), including through a SAML IdP such as AD FS. For more information, see Adding user pool sign-in through a third party and Adding SAML identity providers to a user pool. Answer A
upvoted 1 times
...
arae
2 years, 8 months ago
Can someone help me understand this, on other exam questions A would not be accepted because ALB does not accept legacy application hence why some use classic load balancers?
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: A
The scenario asks for authentication on a web page, and not authorization (access control). Please check: https://aws.amazon.com/pt/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/
upvoted 2 times
...
gofavad926
3 years ago
Selected Answer: A
A with no doubt
upvoted 1 times
...
RaySmith
3 years, 4 months ago
A is correct
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
Correct Answer A https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
upvoted 1 times
...
daniel5cloud
3 years, 5 months ago
Selected Answer: A
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
upvoted 2 times
...
nhokicuc
3 years, 8 months ago
Anwser: A. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html - Authenticate users through social IdPs, such as Amazon, Facebook, or Google, through the user pools supported by Amazon Cognito. - Authenticate users through corporate identities, using SAML, LDAP, or Microsoft AD, through the user pools supported by Amazon Cognito.
upvoted 3 times
...
DerekKey
3 years, 8 months ago
B is WRONG - although they have ADFS and SSO there is no authentication system built into the application! Therefore you need to implement additional step to perform user authentication. A should be CORRECT
upvoted 2 times
...
pmjcr
3 years, 8 months ago
A - Check here https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
upvoted 1 times
...
sanjaym
3 years, 8 months ago
A looks promising.
upvoted 1 times
...
Hungdv
3 years, 8 months ago
A or B?
upvoted 1 times
Hungdv
3 years, 8 months ago
A is answer
upvoted 1 times
...
...
Larsson
3 years, 8 months ago
I thought it was B. You should be able to do it without Cognito
upvoted 1 times
...
Mike_1
3 years, 8 months ago
Practice gives experience A is ans.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel