SCS-C03 Question #119: Real Exam Question with Answer & Explanation

Question

A company runs an online game on AWS. When players sign up for the game, their username and password credentials are stored in an Amazon Aurora database. The number of users has grown to hundreds of thousands of players. The number of requests for password resets and login assistance has become a burden for the company's customer service team. The company needs to implement a solution to give players another way to log in to the game. The solution must remove the burden of password resets and login assistance while securely protecting each player's credentials. Which solution will meet these requirements?

Options

• AWhen a new player signs up, use an AWS Lambda function to automatically create an IAM
• BMigrate the player credentials from the Aurora database to AWS Secrets Manager.
• CConfigure Amazon Cognito user pools to federate access to the game with third-party identity
• DIssue API keys to new and existing players and use Amazon API Gateway for authentication.

Explanation

Amazon Cognito is a fully managed identity service that provides user authentication, authorization, and user management for web and mobile applications. According to AWS Certified Security - Specialty documentation, Cognito user pools are specifically designed to offload authentication responsibilities from applications while maintaining strong security controls. By federating authentication with third-party identity providers (such as social IdPs), Cognito eliminates the need for the company to manage user passwords directly. This dramatically reduces password reset requests and customer service overhead, while also improving security through industry-standard authentication mechanisms, including MFA and token-based access.

No community discussion yet for this question.