ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An online lending startup hosts its customer portal on AWS and authenticates users through Amazon Cognito user pools. At present, applicants complete registration by supplying an email address and choosing a password. Following a recent compliance audit, the company must add a strong identity-proofing step that confirms each applicant's real-world identity before the account is activated, while still leveraging the existing Cognito sign-up process. Which approach BEST meets this requirement?
Require users to confirm their email address through a verification link before the account becomes active.
Enable SMS-based multi-factor authentication (MFA) for all new users during their first login after registration.
Replace the user-name-and-password flow with social sign-in through a trusted OpenID Connect provider such as Google.
Invoke an AWS Lambda pre-sign-up trigger that calls a third-party service to validate a government photo ID and perform a live selfie match before completing registration.
Identity proofing focuses on validating that the person who is requesting an account is the legitimate subject of the claimed identity, typically by checking authoritative evidence (for example, a government-issued document) and binding it to the new digital identity. Integrating Amazon Cognito's pre-sign-up or post-confirmation Lambda triggers with a specialized third-party service that performs document verification and biometric liveness matching meets this goal: the workflow can call the external service, receive a pass/fail decision, and allow or deny account creation accordingly. Email confirmation, SMS one-time passwords, and social logins improve authentication strength or convenience but do not establish the applicant's real-world identity; they only prove control of an email address, phone number, or external credential. Therefore, only the integration that validates a government ID and matches it to the user through biometrics provides the required level of identity proofing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a pre-sign-up Amazon Lambda trigger?
Open an interactive chat with Bash
What does biometric liveness matching involve?
Open an interactive chat with Bash
Why doesn't email confirmation or SMS-based MFA provide identity proofing?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .