A company allows users to download its mobile app onto their phones. The app is MQTT based and connects to AWS IoT Core to subscribe to specific client-related topics.
Recently, the company discovered that some malicious attackers have been trying to get a Trojan horse onto legitimate mobile phones. The Trojan horse poses as the authentic application and uses a client ID with injected special characters to gain access to topics outside the client’s privilege scope.
Which combination of actions should the company take to prevent this threat? (Choose two.)

A. In the application, use an IoT thing name as the client ID to connect the device to AWS IoT Core.

B. In the application, add a client ID check. Disconnect from the server if any special character is detected.

C. Apply an AWS IoT Core policy that allows “AWSIoTWirelessDataAccess” with the principal set to “client/${iot:Connection.Thing.ThingName}”.

D. Apply an AWS IoT Core policy to the device to allow “iot:Connect” with the resource set to “client/${iot:ClientId}”.

E. Apply an AWS IoT Core policy to the device to allow “iot:Connect” with the resource set to “client/${iot:Connection.Thing.ThingName}”.






 

Suggested Answer: BE

Community Answer: AE




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.