Answer-first summary for fast verification
Answer: Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.
## Explanation **Correct Answer: A** **Why Option A is the best solution:** 1. **Amazon Cognito for authentication**: - Perfect for serverless architectures - Supports fewer than 100 users cost-effectively (Cognito has a free tier) - Provides user pools for authentication - Integrates well with web applications - Scales automatically as user base grows 2. **Lambda@Edge for authorization**: - Runs at CloudFront edge locations globally - Provides lowest possible login latency by processing authorization requests at edge locations - Serverless and scales automatically - Can validate Cognito tokens at the edge 3. **Amazon CloudFront to serve web application globally**: - Global content delivery network (CDN) - Serves content from edge locations worldwide - Integrates with Lambda@Edge for edge computing - Provides low latency access globally - Cost-effective for serving static web content **Why other options are not optimal:** **Option B**: AWS Directory Service (Microsoft AD) is overkill for fewer than 100 users and is more expensive than Cognito. Application Load Balancer doesn't provide global content delivery like CloudFront. **Option C**: Amazon S3 Transfer Acceleration is for faster uploads to S3, not for serving web applications globally. AWS Lambda for authorization doesn't provide the edge-level low latency that Lambda@Edge offers. **Option D**: AWS Directory Service is expensive for small user base. Elastic Beanstalk is not serverless and doesn't provide global content delivery like CloudFront. **Key requirements met by Option A:** - ✅ Serverless architecture - ✅ Authentication for <100 users (Cognito is cost-effective) - ✅ Global content delivery (CloudFront) - ✅ Lowest login latency (Lambda@Edge at edge locations) - ✅ Scalability (all components scale automatically) - ✅ Cost-effectiveness (Cognito free tier, pay-per-use Lambda@Edge)
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS. The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users. The solution needs to integrate with the main web application and serve web content globally. The solution must also scale as the company's user base grows while providing the lowest login latency possible.
Which solution will meet these requirements MOST cost-effectively?
A
Use Amazon Cognito for authentication. Use Lambda@Edge for authorization. Use Amazon CloudFront to serve the web application globally.
B
Use AWS Directory Service for Microsoft Active Directory for authentication. Use AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.
C
Use Amazon Cognito for authentication. Use AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.
D
Use AWS Directory Service for Microsoft Active Directory for authentication. Use Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.