SCS-C03 Question #50: Real Exam Question with Answer & Explanation

Question

A company detects bot activity targeting Amazon Cognito user pool endpoints. The solution must block malicious requests while maintaining access for legitimate users. Which solution meets these requirements?

Options

• AEnable Amazon Cognito threat protection.
• BRestrict access to authenticated users only.
• CAssociate AWS WAF with the Cognito user pool.
• DMonitor requests with CloudWatch.

Explanation

Explanation

Amazon Cognito Threat Protection (formerly known as Advanced Security Features) is purpose-built to detect and respond to malicious activity targeting Cognito user pools, including bot activity, credential stuffing, and account takeover attempts - it can automatically block suspicious requests while allowing legitimate users through, making it the precise fit for this scenario.

Why the distractors are wrong:

• B (Restrict to authenticated users only) is counterproductive - the attack targets the authentication endpoints themselves (e.g., sign-in, sign-up), where users are not yet authenticated, so restricting to authenticated users would block everyone.
• C (AWS WAF) can protect many AWS services, but WAF cannot be directly associated with a Cognito user pool - this is a common trap answer, as WAF protects resources like ALBs and CloudFront, not Cognito endpoints natively.
• D (CloudWatch monitoring) only observes traffic and generates alerts - it has no capability to block requests, making it a detection tool, not a prevention solution.

Memory Tip 🧠

Think "Cognito problem → Cognito native solution." When a question involves blocking threats specific to Cognito user pools, always favor Cognito's built-in Threat Protection over generic tools like WAF or CloudWatch - native services solve native problems most precisely on AWS exams.

No community discussion yet for this question.