How do you handle security questions for your application?

I was wondering if anyone has implemented security questions as part of their applications with Auth0? Is it a separate service you had to create and if so how does that interact with Auth0?