Q60 — AWS DVA-C02 Ch.1
Question 60 of 100 | ← Chapter 1
A developer is building web and mobile applications for two types of users: regular users and guest users. Regular users must log in, but guest users do not. Users should only see their own data regardless of authentication status. Users require AWS credentials to access AWS resources. What is the most secure solution the developer can implement to allow guest users access?
- A. Use the Amazon Cognito Credentials Provider to issue temporary credentials linked to an unauthenticated role authorized to access required resources. ✓
- B. Set up an IAM user authorized to access required resources. Hardcode IAM credentials in the web and mobile applications.
- C. Generate temporary keys stored in AWS Key Management Service (AWS KMS). Use the temporary keys to access required resources.
- D. Generate temporary credentials and store them in AWS Secrets Manager. Use the temporary credentials to access required resources.
Correct Answer: A. Use the Amazon Cognito Credentials Provider to issue temporary credentials linked to an unauthenticated role authorized to access required resources.
Explanation
Amazon Cognito identity pools provide temporary AWS credentials for both authenticated users (who receive tokens) and unauthenticated (guest) users. An identity pool serves as a repository for user identity data specific to your account.