Which Amazon Cognito feature will meet these requirements?

By: study aws cloud

On: January 11, 2025

Tagged: Developer Associate

With: 0 Comments

A company is running a web application that is using Amazon Cognito for authentication.The company does not want to use multi-factor authentication (MFA) for all the visitors every time, but the company’s security team has concerns about compromised credentials.The development team needs to configure mandatoryMFA only when suspicious sign-in attempts are detected.

Which Amazon Cognito feature will meet these requirements?

Short message service (SMS) text message MFA

Advanced security metrics

Time-based one-time password (TOTP) software token MFA

Adaptive authentication

Explanations:

SMS text message MFA requires users to enter a code sent via SMS. However, it doesn’t dynamically trigger based on suspicious activity, so it doesn’t meet the requirement for conditional MFA based on security concerns.

Advanced security metrics provide insights into unusual activity but don’t trigger mandatory MFA. It does not offer a dynamic response based on detected risks like adaptive authentication.

TOTP software token MFA is another form of MFA that requires a time-based code. Like SMS MFA, it doesn’t address dynamic enforcement of MFA based on suspicious behavior.

Adaptive authentication is designed to apply MFA only when suspicious activities, such as abnormal sign-ins, are detected. It provides conditional MFA, making it the ideal solution for the company’s needs.

Previous Post: Which AWS service is a relational database compatible with MySQL and PostgreSQL?

Next Post: Which solution will ensure that existing and future objects in the S3 bucket are protected?

Leave a Reply Cancel reply