ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 4 question 10 discussion

Actual exam question from Microsoft's SC-100
Question #: 10
Topic #: 4
[All SC-100 Questions]

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app.
You need to recommend a solution to the application development team to secure the application from identity-related attacks.
Which two configurations should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Azure AD workbooks to monitor risk detections
  • B. Azure AD Conditional Access integration with user flows and custom policies
  • C. smart account lockout in Azure AD B2C
  • D. access packages in Identity Governance
  • E. custom resource owner password credentials (ROPC) flows in Azure AD B2C
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by [deleted] at Sept. 2, 2022, 12:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PlumpyTumbler
Highly Voted 2 years, 4 months ago
Selected Answer: BC
https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow
upvoted 21 times
...
CertShooter
Highly Voted 2 years ago
Selected Answer: BC
I recommend configuring Azure AD Conditional Access and using smart account lockout in Azure AD B2C. Azure AD Conditional Access allows you to set policies that determine when and how users can access your application. By integrating Azure AD Conditional Access with user flows and custom policies, you can define rules that ensure only authenticated users can access the application, and you can also set up multifactor authentication for additional security. Smart account lockout in Azure AD B2C is a feature that helps protect against brute-force attacks by temporarily locking out accounts after a certain number of failed login attempts. This can help prevent unauthorized access to the application by preventing attackers from guessing login credentials. Options A, D, and E are not relevant to securing the application from identity-related attacks. Option A involves monitoring risk detections, which is not directly related to securing the application. Option D involves access packages in Identity Governance, which is not related to the security of the application. Option E involves custom ROPC flows, which are not relevant to securing the application from identity-related attacks.
upvoted 13 times
...
tocane
Most Recent 1 year ago
Selected Answer: BC
it should be BC
upvoted 1 times
...
rishiraval007
1 year, 2 months ago
To secure the invoicing application that will use Azure Active Directory (Azure AD) B2C from identity-related attacks, the two configurations to recommend are: B. Azure AD Conditional Access integration with user flows and custom policies: Conditional Access in Azure AD B2C allows you to create and enforce access policies based on various conditions, such as user location, device state, and more. Integrating these policies with user flows and custom policies in Azure AD B2C can enhance the security of the application by ensuring that only authenticated and authorized users can access it under specific conditions. C. Smart account lockout in Azure AD B2C: The smart account lockout feature in Azure AD B2C helps protect user accounts from brute force attacks. It intelligently locks out accounts when suspicious activities are detected, such as repeated failed sign-in attempts, without affecting legitimate users.
upvoted 3 times
...
cyber_sa
1 year, 3 months ago
Selected Answer: BC
repeated question#24. Answers are BC. explanation can be found in Q#24
upvoted 4 times
Ramye
12 months ago
Exactly - they have different answers to the same question. They need to fix it...
upvoted 1 times
...
...
sherifhamed
1 year, 3 months ago
Selected Answer: BC
To secure your application from identity-related attacks when using Azure AD B2C for authentication, you should recommend the following configurations: B. Azure AD Conditional Access integration with user flows and custom policies: Azure AD Conditional Access allows you to define policies to control access to your application based on specific conditions, such as risk detections or user behavior. Integrating Azure AD Conditional Access with user flows and custom policies provides additional layers of security to your application's authentication process. C. Smart account lockout in Azure AD B2C: Smart account lockout policies help protect user accounts from brute-force attacks or suspicious login attempts. When you configure smart account lockout policies in Azure AD B2C, you can define conditions under which accounts are locked or require additional verification, enhancing security.
upvoted 2 times
...
zellck
1 year, 7 months ago
Selected Answer: BC
BC is the answer. https://learn.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow Conditional Access can be added to your Azure Active Directory B2C (Azure AD B2C) user flows or custom policies to manage risky sign-ins to your applications. Azure Active Directory (Azure AD) Conditional Access is the tool used by Azure AD B2C to bring signals together, make decisions, and enforce organizational policies.
upvoted 4 times
zellck
1 year, 7 months ago
https://learn.microsoft.com/en-us/azure/active-directory-b2c/threat-management#how-smart-lockout-works Azure AD B2C uses a sophisticated strategy to lock accounts. The accounts are locked based on the IP of the request and the passwords entered. The duration of the lockout also increases based on the likelihood that it's an attack. After a password is tried 10 times unsuccessfully (the default attempt threshold), a one-minute lockout occurs. The next time a login is unsuccessful after the account is unlocked (that is, after the account has been automatically unlocked by the service once the lockout period expires), another one-minute lockout occurs and continues for each unsuccessful login. Entering the same, or similar password repeatedly doesn't count as multiple unsuccessful logins.
upvoted 3 times
...
...
Mo22
1 year, 11 months ago
Selected Answer: BC
B. Azure AD Conditional Access integration with user flows and custom policies C. Smart account lockout in Azure AD B2C. Conditional Access in Azure Active Directory (Azure AD) is a feature that enables you to enforce security policies and control access to applications based on specific conditions,
upvoted 2 times
...
TJ001
2 years ago
will go for B and C . have not seen a reference telling Entitlement Mgmt can be used in B2C ..It is available for B2B though
upvoted 2 times
...
Learing
2 years, 2 months ago
Selected Answer: BC
Azure B2C does not support Identity Governance Entitlement management
upvoted 7 times
...
InformationOverload
2 years, 4 months ago
Selected Answer: BC
i go with B and C here
upvoted 7 times
...
prabhjot
2 years, 4 months ago
Identity Governance is the correct selection over all it seems the ans is correct
upvoted 2 times
prabhjot
2 years, 4 months ago
B&C is more relevant
upvoted 1 times
...
...
JaySapkota
2 years, 4 months ago
Selected Answer: BC
Would say B & C
upvoted 3 times
...
[Removed]
2 years, 4 months ago
Am i the only one who sees the stated answer as BD then in the description it says 'Not D'?
upvoted 5 times
PlumpyTumbler
2 years, 4 months ago
That's right, it says "Not D: Identity Governance though useful, does not address this specific scenario" Also all documentation of access packages with Identity Governance specifies B2B. Whether it's a learning module or a reference document, B2C is never mentioned. This question is about B2C. https://docs.microsoft.com/en-us/learn/modules/plan-implement-entitlement-management/2-define-access-packages
upvoted 2 times
...
Paimon
2 years, 1 month ago
It's happens more than you might think.......
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel