nerdexam
Amazon

DVA-C02 · Question #539

A development team is designing a mobile app that requires multi-factor authentication. Which steps should be taken to achieve this? (Choose two.)

The correct answer is A. Use Amazon Cognito to create a user pool and create users in the user pool. C. Enable multi-factor authentication for the Amazon Cognito user pool.. Amazon Cognito user pools provide built-in MFA support for mobile applications, requiring both user pool creation and explicit MFA enablement.

Submitted by cyberguy42· Mar 5, 2026Development with AWS Services

Question

A development team is designing a mobile app that requires multi-factor authentication. Which steps should be taken to achieve this? (Choose two.)

Options

  • AUse Amazon Cognito to create a user pool and create users in the user pool.
  • BSend multi-factor authentication text codes to users with the Amazon SNS Publish API call in the
  • CEnable multi-factor authentication for the Amazon Cognito user pool.
  • DUse AWS IAM to create IAM users.
  • EEnable multifactor authentication for the users created in AWS IAM.

How the community answered

(15 responses)
  • A
    93% (14)
  • B
    7% (1)

Why each option

Amazon Cognito user pools provide built-in MFA support for mobile applications, requiring both user pool creation and explicit MFA enablement.

AUse Amazon Cognito to create a user pool and create users in the user pool.Correct

Creating a Cognito user pool establishes the managed identity store for the mobile application, providing sign-up, sign-in, and user management without building a custom auth system.

BSend multi-factor authentication text codes to users with the Amazon SNS Publish API call in the

Manually sending MFA codes via SNS Publish duplicates functionality already built into Cognito and introduces unnecessary complexity and maintenance burden.

CEnable multi-factor authentication for the Amazon Cognito user pool.Correct

Enabling MFA on the Cognito user pool activates the second authentication factor (SMS TOTP or authenticator app) for users in that pool, satisfying the multi-factor requirement with a fully managed AWS service.

DUse AWS IAM to create IAM users.

IAM users are for AWS service access management, not for mobile application end-user authentication; they are not designed for consumer-facing identity scenarios.

EEnable multifactor authentication for the users created in AWS IAM.

IAM MFA protects AWS console/API access for IAM users and is irrelevant to mobile application end-user authentication.

Concept tested: Amazon Cognito user pool MFA configuration

Source: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice