Q57 — AWS DVA-C02 Ch.3

Question 57 of 100 | ← Chapter 3

A company has an application that uses Amazon Cognito User Pools as its identity provider. The company must ensure secure access to user records. The company has already enabled multi-factor authentication (MFA). The company also wants to send login activity notifications via email each time a user logs in. What is the most efficient solution to meet these requirements?

Correct Answer: B. Create an AWS Lambda function that uses Amazon Simple Email Service (Amazon SES) to send email notifications. Add an Amazon Cognito Post Authentication Lambda trigger for the function.

Explanation

Option B is optimal. Amazon Cognito supports Post Authentication Lambda triggers, which execute synchronously immediately after successful user authentication. This enables real-time, secure, and automatic delivery of login activity notifications without requiring client-side orchestration (Option A), log parsing overhead (Options C and D), or custom infrastructure. Using Amazon SES ensures reliable, scalable email delivery. This approach is natively integrated, secure, efficient, and fully managed.