ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 989 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 989
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is developing a new game app for mobile devices. The app has two user tiers: one tier for free-play users and another tier for premium users.

The company currently uses custom identity authentication across its apps. The company wants to continue to use custom authentication if possible. However, the company's custom identity provider (IdP) is not compatible with either the SAML or Open ID Connect (OIDC) standards. A solutions architect needs to design an authentication approach that makes it easy to transition free-play users to premium users.

Which design will meet these requirements with the LEAST development effort?

  • A. Create a single Amazon Cognito identity pool. Develop an authentication provider for the pool that calls the existing custom IdP. Implement two separate authentication flows in the mobile app: one for the free-play users and one for the premium users.
  • B. Create an Amazon Cognito user pool for the premium users. Add a user pool sign-in through the custom IdP. Create a second Amazon Cognito user pool to provide guest access for the free-play users.
  • C. Create two Amazon Cognito identity pools. Develop an authentication provider for the premium user identity pool that calls the existing custom IdP. For the second identity pool, configure an authentication flow for the free-play users.
  • D. Create a single Amazon Cognito user pool. Add a user pool sign-in through the custom IdP. Set up Amazon Cognito guest access in the same user pool for the free-play users.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by YellowSky002 at Jan. 13, 2023, 2:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
YellowSky002
Highly Voted 2 years, 5 months ago
B I go with B If you want to authenticate for your applications, you need User pool. If you want to authenticate for your AWS resources, you need Identity pool. Identity pools provide AWS credentials to grant your users access to other AWS services Your application does not have to be compatible with OIDC or SAML because the user pool is. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
upvoted 7 times
...
3a632a3
Most Recent 1 year, 6 months ago
Selected Answer: A
Use developer authenticated identities with identity pools. You can't use user pools for custom auth flows. Then create two flows for free and premium users. https://docs.aws.amazon.com/cognito/latest/developerguide/developer-authenticated-identities.html https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
upvoted 2 times
3a632a3
1 year, 5 months ago
I meant custom auth backends not custom auth flows.
upvoted 1 times
...
...
Pr44
1 year, 9 months ago
Selected Answer: D
Easy architecture with less complexity. Why do we need two user pools if we can get the work done with one user pool.
upvoted 2 times
...
dev112233xx
2 years, 2 months ago
Selected Answer: B
I agree it's B ... https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
upvoted 1 times
...
hobokabobo
2 years, 3 months ago
Selected Answer: B
pushing AssilAbdulrahim correct answer as voting comment. Identity pools for AWS Resources("admins") and user pools for application("enduser").
upvoted 3 times
...
andras
2 years, 4 months ago
Selected Answer: A
https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html Every identity in your identity pool is either authenticated or unauthenticated. Authenticated identities belong to users who are authenticated by a public login provider (Amazon Cognito user pools, Login with Amazon, Sign in with Apple, Facebook, Google, SAML, or any OpenID Connect Providers) or a developer provider (your own backend authentication process). Unauthenticated identities typically belong to guest users. When Amazon Cognito receives a request, the service determines the identity type, determines the role assigned to that identity type, and uses the policy attached to that role to respond. By modifying a policy or assigning a different role to an identity type, you can control which AWS services an identity type can access.
upvoted 2 times
...
andras
2 years, 4 months ago
You can enable your users access to AWS services through an identity pool. An identity pool requires an IdP token from a user that's authenticated by a third-party identity provider (or nothing if it's an anonymous guest) Authenticate with a third party and access AWS services with an identity pool https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-basic-user-pool
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel