Exam SC-100 topic 4 question 10 discussion

https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow

I recommend configuring Azure AD Conditional Access and using smart account lockout in Azure AD B2C. Azure AD Conditional Access allows you to set policies that determine when and how users can access your application. By integrating Azure AD Conditional Access with user flows and custom policies, you can define rules that ensure only authenticated users can access the application, and you can also set up multifactor authentication for additional security. Smart account lockout in Azure AD B2C is a feature that helps protect against brute-force attacks by temporarily locking out accounts after a certain number of failed login attempts. This can help prevent unauthorized access to the application by preventing attackers from guessing login credentials. Options A, D, and E are not relevant to securing the application from identity-related attacks. Option A involves monitoring risk detections, which is not directly related to securing the application. Option D involves access packages in Identity Governance, which is not related to the security of the application. Option E involves custom ROPC flows, which are not relevant to securing the application from identity-related attacks.

it should be BC

To secure the invoicing application that will use Azure Active Directory (Azure AD) B2C from identity-related attacks, the two configurations to recommend are: B. Azure AD Conditional Access integration with user flows and custom policies: Conditional Access in Azure AD B2C allows you to create and enforce access policies based on various conditions, such as user location, device state, and more. Integrating these policies with user flows and custom policies in Azure AD B2C can enhance the security of the application by ensuring that only authenticated and authorized users can access it under specific conditions. C. Smart account lockout in Azure AD B2C: The smart account lockout feature in Azure AD B2C helps protect user accounts from brute force attacks. It intelligently locks out accounts when suspicious activities are detected, such as repeated failed sign-in attempts, without affecting legitimate users.

repeated question#24. Answers are BC. explanation can be found in Q#24

To secure your application from identity-related attacks when using Azure AD B2C for authentication, you should recommend the following configurations: B. Azure AD Conditional Access integration with user flows and custom policies: Azure AD Conditional Access allows you to define policies to control access to your application based on specific conditions, such as risk detections or user behavior. Integrating Azure AD Conditional Access with user flows and custom policies provides additional layers of security to your application's authentication process. C. Smart account lockout in Azure AD B2C: Smart account lockout policies help protect user accounts from brute-force attacks or suspicious login attempts. When you configure smart account lockout policies in Azure AD B2C, you can define conditions under which accounts are locked or require additional verification, enhancing security.

BC is the answer. https://learn.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow Conditional Access can be added to your Azure Active Directory B2C (Azure AD B2C) user flows or custom policies to manage risky sign-ins to your applications. Azure Active Directory (Azure AD) Conditional Access is the tool used by Azure AD B2C to bring signals together, make decisions, and enforce organizational policies.

B. Azure AD Conditional Access integration with user flows and custom policies C. Smart account lockout in Azure AD B2C. Conditional Access in Azure Active Directory (Azure AD) is a feature that enables you to enforce security policies and control access to applications based on specific conditions,

will go for B and C . have not seen a reference telling Entitlement Mgmt can be used in B2C ..It is available for B2B though

Azure B2C does not support Identity Governance Entitlement management

i go with B and C here

Identity Governance is the correct selection over all it seems the ans is correct

Would say B & C

Am i the only one who sees the stated answer as BD then in the description it says 'Not D'?