Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity-related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Azure AD workbooks to monitor risk detections B. Azure AD Conditional Access integration with user flows and custom policies C. smart account lockout in Azure AD B2C D. access packages in Identity Governance E. custom resource owner password credentials (ROPC) flows in Azure AD B2C Â Suggested Answer: BD Community Answer: BC B: Add Conditional Access to user flows in Azure Active Directory B2C Conditional Access can be added to your Azure Active Directory B2C (Azure AD B2C) user flows or custom policies to manage risky sign-ins to your applications. Azure Active Directory (Azure AD) Conditional Access is the tool used by Azure AD B2C to bring signals together, make decisions, and enforce organizational policies. Not C: Credential attacks lead to unauthorized access to resources. Passwords that are set by users are required to be reasonably complex. Azure AD B2C has mitigation techniques in place for credential attacks. Mitigation includes detection of brute-force credential attacks and dictionary credential attacks. By using various signals, Azure Active Directory B2C (Azure AD B2C) analyzes the integrity of requests. Azure AD B2C is designed to intelligently differentiate intended users from hackers and botnets. Incorrect: Not D: Identity Governance though useful, does not address this specific scenario: to secure the application from identity-related attack in an Azure AD B2C environment. Note: Identity Governance gives organizations the ability to do the following tasks across employees, business partners and vendors, and across services and applications both on-premises and in clouds: Govern the identity lifecycle - Govern access lifecycle - Secure privileged access for administration Specifically, it is intended to help organizations address these four key questions: Which users should have access to which resources? What are those users doing with that access? Are there effective organizational controls for managing access? Can auditors verify that the controls are working? Note: An access package enables you to do a one-time setup of resources and policies that automatically administers access for the life of the access package. Not E: In Azure Active Directory B2C (Azure AD B2C), the resource owner password credentials (ROPC) flow is an OAuth standard authentication flow. In this flow, an application, also known as the relying party, exchanges valid credentials for tokens. The credentials include a user ID and password. Reference: https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow https://docs.microsoft.com/en-us/azure/active-directory/governance/identity-governance-overview https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management This question is in SC-100 Exam For getting Microsoft Cybersecurity Architect Expert Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Microsoft. The website does not contain actual questions and answers from Microsoft's Certification Exams. Trademarks, certification & product names are used for reference only and belong to Microsoft.
Please login or Register to submit your answer