When a user signs up in AWS Cognito User Pool, what is the default behavior for confirming the user's account?
Think about how AWS Cognito verifies the user's contact information during sign-up.
By default, AWS Cognito sends a verification code to the user's email or phone number. The user must enter this code to confirm their account.
You want to allow users to sign in using their Google or Facebook accounts. Which AWS Cognito feature should you use?
Consider which Cognito service manages user authentication and supports social identity providers.
Cognito User Pools support federated identity providers like Google and Facebook, enabling social login integration.
You want to enforce MFA for all users in your Cognito User Pool. Which configuration achieves this?
Think about how to enforce MFA for every user, not just optionally.
Setting MFA to 'ON' enforces multi-factor authentication for all users. You can choose SMS or TOTP as the second factor.
In an AWS Cognito Identity Pool, how does the service assign IAM roles to authenticated users?
Consider how Identity Pools use rules to provide fine-grained access control.
Identity Pools use role mapping rules to assign IAM roles based on the user's identity provider and attributes, enabling different permissions.
You use AWS Cognito Lambda triggers to customize user authentication flows. What is a best practice to minimize security risks?
Think about the principle of least privilege and input validation.
Limiting permissions and validating inputs reduces the attack surface and prevents unauthorized access or injection attacks.