SAP-C02 · Question #636
SAP-C02 Question #636: Real Exam Question with Answer & Explanation
The correct answer is B: Configure an Amazon Cognito user pool. Configure the user pool with a federated identity. Amazon Cognito seamlessly integrates with AWS Directory Service for Microsoft Active Directory, allowing the use of existing directory accounts for authentication. The authenticate-cognito action on the ALB ensures that all incoming requests are authenticated against the Cognito
Question
A company hosts an intranet web application on Amazon EC2 instances behind an Application Load Balancer (ALB). Currently, users authenticate to the application against an internal user database. The company needs to authenticate users to the application by using an existing AWS Directory Service for Microsoft Active Directory directory. All users with accounts in the directory must have access to the application. Which solution will meet these requirements?
Options
- ACreate a new app client in the directory. Create a listener rule for the ALB. Specify the
- BConfigure an Amazon Cognito user pool. Configure the user pool with a federated identity
- CAdd the directory as a new IAM identity provider (ldP). Create a new IAM role that has an entity
- DEnable AWS IAM Identity Center (AWS Single Sign-On). Configure the directory as an external
Explanation
Amazon Cognito seamlessly integrates with AWS Directory Service for Microsoft Active Directory, allowing the use of existing directory accounts for authentication. The authenticate-cognito action on the ALB ensures that all incoming requests are authenticated against the Cognito user pool before being forwarded to the application. This approach centralizes user authentication and simplifies access management while leveraging the existing Active Directory.
Community Discussion
No community discussion yet for this question.