DVA-C02 · Question #267
DVA-C02 Question #267: Real Exam Question with Answer & Explanation
Sign in or unlock DVA-C02 to reveal the answer and full explanation for question #267. The question stem and answer options stay visible for context.
Question
A company's developer is creating an application that uses Amazon API Gateway. The company wants to ensure that only users in the Sales department can use the application. The users authenticate to the application by using federated credentials from a third-party identity provider (IdP) through Amazon Cognito. The developer has set up an attribute mapping to map an attribute that is named Department and to pass the attribute to a custom AWS Lambda authorizer. To test the access limitation, the developer sets their department to Engineering in the IdP and attempts to log in to the application. The developer is denied access. The developer then updates their department to Sales in the IdP and attempts to log in. Again, the developer is denied access. The developer checks the logs and discovers that access is being denied because the developer's access token has a department value of Engineering. Which of the following is a possible reason that the developer's department is still being reported as Engineering instead of Sales?
Options
- AAuthorization caching is enabled in the custom Lambda authorizer.
- BAuthorization caching is enabled on the Amazon Cognito user pool.
- CThe IAM role for the custom Lambda authorizer does not have a Department tag.
- DThe IAM role for the Amazon Cognito user pool does not have a Department tag.
Unlock DVA-C02 to see the answer
You've previewed enough free DVA-C02 questions. Unlock DVA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.