Q11 — AWS DVA-C02 Ch.1

Question 11 of 100 | ← Chapter 1

A developer created a web API exposed via an internet-facing Application Load Balancer (ALB) with an HTTPS listener. The developer configured an Amazon Cognito user pool and requires that every request to the API be authenticated through Amazon Cognito. To meet this requirement, what should the developer do?

Correct Answer: B. Create an authentication action for the ALB listener rule. Set the rule action type to authenticate-cognito. Set the OnUnauthenticatedRequest field to 'deny'.

Explanation

Option B describes configuring an authentication action for the ALB listener rule with action type `authenticate-cognito` and setting `OnUnauthenticatedRequest` to `deny`, which ensures every request is authenticated via Amazon Cognito before reaching the backend. Other options either involve unnecessary architectural complexity (C, D) or only perform basic header validation without integrating Amazon Cognito (A), failing to meet the requirement.