nerdexam
Amazon

DVA-C02 · Question #485

A company has an application that uses an Amazon Cognito user pool for authentication. A developer needs to add a new REST API that will use the user pool to authenticate requests. Which solution will

The correct answer is B. Create a Cognito authorizer for the correct user pool. Reference the header that contains the. A Cognito authorizer is a native API Gateway feature that validates JWTs from a Cognito user pool with no custom code, making it the lowest-effort solution for Cognito-based authentication.

Submitted by cyberguy42· Mar 5, 2026Security

Question

A company has an application that uses an Amazon Cognito user pool for authentication. A developer needs to add a new REST API that will use the user pool to authenticate requests. Which solution will meet this requirement with the LEAST development effort?

Options

  • ACreate a new API key and a new usage plan. Associate the API key and the REST API with the
  • BCreate a Cognito authorizer for the correct user pool. Reference the header that contains the
  • CCreate an AWS Lambda token authorizer. Reference the authorization token in the event
  • DCreate an AWS Lambda request authorizer. Reference the authorization header in the event

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    94% (32)
  • C
    3% (1)

Why each option

A Cognito authorizer is a native API Gateway feature that validates JWTs from a Cognito user pool with no custom code, making it the lowest-effort solution for Cognito-based authentication.

ACreate a new API key and a new usage plan. Associate the API key and the REST API with the

API keys and usage plans are mechanisms for throttling and metering API access, not for authenticating users via a Cognito user pool.

BCreate a Cognito authorizer for the correct user pool. Reference the header that contains theCorrect

API Gateway natively supports Cognito User Pool Authorizers, which automatically validate the Authorization header token against the specified Cognito user pool; this requires only configuration in the console or IaC with no Lambda function code to write or maintain.

CCreate an AWS Lambda token authorizer. Reference the authorization token in the event

A Lambda token authorizer requires writing, deploying, and maintaining custom Lambda code to validate the Cognito JWT, which is significantly more development effort than using the native Cognito authorizer.

DCreate an AWS Lambda request authorizer. Reference the authorization header in the event

A Lambda request authorizer also requires custom Lambda code and inspects the full request context, adding unnecessary development overhead when the native Cognito authorizer already handles this use case.

Concept tested: API Gateway Cognito User Pool Authorizer configuration

Source: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice