Which combination of steps will meet these requirements?
(Choose two.)
Create a pre sign-up AWS Lambda trigger. Associate the Amazon Cognito function with the Amazon Cognito user pool.
Use a geographic match rule statement to configure an AWS WAF web ACL. Associate the web ACL with the Amazon Cognito user pool.
Configure an app client for the application’s Amazon Cognito user pool. Use the app client ID to validate the requests in the hosted UI.
Update the application’s Amazon Cognito user pool to configure a geographic restriction setting.
Use Amazon Cognito to configure a social identity provider (IdP) to validate the requests on the hosted UI.
Explanations:
Creating a pre sign-up AWS Lambda trigger allows custom logic to be implemented, enabling validation of user sign-ups based on geographic restrictions.
An AWS WAF web ACL with a geographic match rule can block or allow requests based on the user’s country, effectively restricting access to users in France.
Configuring an app client does not provide geographic restrictions or validation for sign-up requests, so it will not address the fraud issue.
Amazon Cognito does not support direct geographic restrictions within user pools, so this option would not achieve the desired validation requirements.
Using a social identity provider (IdP) does not restrict sign-ups geographically and does not address validation for fraudulent or non-local sign-ups.