A company uses Amazon Cognito User Pools for customer authentication. They want to implement a custom security requirement: if a user logs in from an IP address that is different from their last login, they must be prompted for Multi-Factor Authentication (MFA). If the IP is the same, MFA should be bypassed. How can the architect implement this logic?

Look for the extensibility feature of Cognito (Lambda triggers).

What mistakes do candidates make on this AWS SAP-C02 question?

Assuming WAF can handle authentication logic.

Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...Hard

Q02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...Medium

Q03An e-commerce company requires a multi-region active-active architecture for its critical order p...Medium

Q04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...Hard

Q05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium