Examice

Exam DVA-C02 All QuestionsBrowse all questions from this exam

Question 239

A developer created a web API that receives requests by using an internet-facing Application Load Balancer (ALB) with an HTTPS listener. The developer configures an Amazon Cognito user pool and wants to ensure that every request to the API is authenticated through Amazon Cognito.

What should the developer do to meet this requirement?

Add a listener rule to the listener to return a fixed response if the Authorization header is missing. Set the fixed response to 401 Unauthorized.

Create an authentication action for the listener rules of the ALSet the rule action type to authenticate-cognito. Set the OnUnauthenticatedRequest field to “deny.”

Create an Amazon API Gateway API. Configure all API methods to be forwarded to the ALB endpoint. Create an authorizer of the COGNITO_USER_POOLS type. Configure every API method to use that authorizer.

Create a new target group that includes an AWS Lambda function target that validates the Authorization header by using Amazon Cognito. Associate the target group with the listener.

Correct Answer: B

To ensure that every request to the API is authenticated through Amazon Cognito, the developer should create an authentication action for the listener rules of the Application Load Balancer (ALB). By setting the rule action type to authenticate-cognito and configuring the OnUnauthenticatedRequest field to 'deny', this ensures that only authenticated requests are processed and forwarded to the target group. This configuration leverages the built-in authentication capabilities of the ALB with Amazon Cognito, making it the most suitable choice.

Discussion

SerialiDrOption: B

This approach uses the built-in capabilities of the ALB to authenticate requests with Amazon Cognito. By configuring a rule action to authenticate with a Cognito user pool, the ALB can handle authentication before the request is forwarded to the target group. The OnUnauthenticatedRequest setting of "deny" ensures that unauthenticated requests are not allowed access, which aligns with the requirement to authenticate every request.

dostonbekabdullaevOption: B

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#configure-user-authentication

rrshah83Option: B

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#configure-user-authentication

TanTran04Option: B

https://www.examtopics.com/discussions/amazon/view/88889-exam-aws-certified-developer-associate-topic-1-question-332/

c9ebec2Option: C

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

Claire_KMT

B. Create an authentication action for the listener rules of the ALSet the rule action type to authenticate-cognito. Set the OnUnauthenticatedRequest field to “deny.”

AnandeshOption: B

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_AuthenticateCognitoActionConfig.html

tsangckl

This appear at 17 Jun exam

65703c1Option: B

B is the correct answer.

JohnPlOption: C

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html

Certified101Option: C

I think its C - API G would work better ?