SCS-C02 · Question #248
SCS-C02 Question #248: Real Exam Question with Answer & Explanation
The correct answer is C: Review any recent changes in Cognito configuration, IAM policies, and role trust policies to. When external users cannot log in to an application that uses Amazon Cognito for authentication, the first step is to check any recent changes made to the configuration, such as updates to Cognito settings, IAM policies, or role trust policies. These changes could directly impact
Question
A company uses Amazon Cognito for external user authentication for a web application. External users report that they can no longer log in to the application. What is the FIRST step that a security engineer should take to troubleshoot the problem?
Options
- AReview AWS CloudTrail togs to identify authentication errors that relate to Cognito users.
- BUse AWS Identity and Access Management Access Analyzer to delete all unused IAM roles and
- CReview any recent changes in Cognito configuration, IAM policies, and role trust policies to
- DWrite a script that uses CLI commands to reset all user passwords in the Cognito user pool.
Explanation
When external users cannot log in to an application that uses Amazon Cognito for authentication, the first step is to check any recent changes made to the configuration, such as updates to Cognito settings, IAM policies, or role trust policies. These changes could directly impact the ability of users to authenticate. By reviewing these configurations, a security engineer can identify if any modifications inadvertently disrupted user authentication, such as incorrect settings, policy changes, or misconfigured trust relationships. This is a more direct and efficient troubleshooting approach than starting with logs or password resets.
Community Discussion
No community discussion yet for this question.