SC-100 Question #138: Real Exam Question with Answer & Explanation

Question

Your company is developing an invoicing application that will use Azure AD B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity-related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options

• AAzure AD Conditional Access integration with user flows and custom policies
• Bsmart account lockout in Azure AD B2C
• Caccess packages in Identity Governance
• Dcustom resource owner password credentials (ROPC) flows in Azure AD B2C

Explanation

{"question_number": 7, "correct_answer": "A, B", "explanation": "For an Azure AD B2C application, protection against identity-related attacks requires both policy-based access controls and brute-force protection. Conditional Access integration with user flows and custom policies (A) allows enforcement of risk-based policies - blocking suspicious sign-ins, requiring MFA under risky conditions, or restricting access based on location/device - directly within the B2C authentication flows. Smart account lockout (B) is a built-in B2C capability that automatically locks accounts after a configurable number of failed sign-in attempts, directly mitigating credential stuffing and brute-force attacks. Access packages (C) are an Identity Governance feature for enterprise entitlement management, not applicable to B2C consumer scenarios. Custom ROPC flows (D) bypass the interactive sign-in UI and MFA, actually increasing identity attack risk.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.