An application uses Amazon Cognito to manage end users' permissions when directly accessing AWS resources, including Amazon DynamoDB. A new feature request reads as follows: Provide a mechanism to mark customers as suspended pending investigation or suspended permanently. Customers should still be able to log in when suspended, but should not be able to make changes. The priorities are to reduce complexity and avoid potential for future security issues. Which approach will meet these requirements and priorities?
A) Create a new database field "suspended_status" and modify the application logic to validate that field when processing requests.
B) Add suspended customers to second Cognito user pool and update the application login flow to check both user pools.
C) Use Amazon Cognito Sync to push out a "suspension_status" parameter and split the IAM policy into normal users and suspended users.
D) Move suspended customers to a second Cognito group and define an appropriate IAM access policy for the group.
Correct Answer:
Verified
Q67: A Security Engineer must implement mutually authenticated
Q68: The AWS Systems Manager Parameter Store is
Q69: A company uses user data scripts that
Q70: A Security Engineer is building a Java
Q71: A Security Engineer is defining the logging
Q73: An Amazon S3 bucket is encrypted using
Q74: A Security Engineer is working with a
Q75: The Accounting department at Example Corp. has
Q76: A company uses identity federation to authenticate
Q77: A Security Engineer is implementing a solution
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents