ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 46 discussion

Actual exam question from Microsoft's SC-300
Question #: 46
Topic #: 4
[All SC-300 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.



The users are assigned the roles shown in the following table.



For which users can User1 and User4 reset passwords? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by kanag1 at Aug. 3, 2023, 7:01 a.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kanag1
Highly Voted 1 year, 7 months ago
Correct User1 -> User2, User3, User4, User5 User4 -> User1, User2 & User3 Can reset passwords for non-administrators and Password Administrators https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#who-can-reset-passwords
upvoted 11 times
rvln7
2 weeks, 1 day ago
User2 is a global reader which is a privileged role...so it's not gonna work
upvoted 1 times
...
AleFerrillo
10 months, 1 week ago
up to date link: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords
upvoted 2 times
Nail
4 months, 2 weeks ago
I don't understand how you have found the right link to the information but you are showing the wrong answer. User 1 is a Password Admin over the whole organization. According to the table, they can reset the passwords of other Password Admins but not Global Admins. So the answer is User3, User4, and User5 only. For user4 you have to refer to https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope . User4 is a Password Admin over AU1. Password Admins can reset passwords for non-admins only in the administrative unit. That means User3 only. Answer: User1: User3, User4, and User5 only User4: User3 only.
upvoted 1 times
Arash123
3 months, 1 week ago
User2 is Global Reader not Global Admin
upvoted 1 times
...
Labelfree
4 months ago
Why can't User4 reset for User 2?
upvoted 1 times
...
...
...
...
YesPlease
Most Recent 3 days, 7 hours ago
1) User2, User3, User4, User5 User1 has the Role Scope set to ORGANIZATION. This means they have the ability to change passwords for all users...even if the users are in an AU. 2) User3 ONLY To prevent an elevation of privilege, an administrative unit-scoped administrator can't reset the password of a user who's assigned to a role with an organization-wide scope.
upvoted 1 times
...
rvln7
2 weeks, 1 day ago
- Password Administrator- Privileged role that can reset passwords for non-administrators and Password Administrators. - Global reader is a privileged role https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference user1->user3,user4,user5 user4->user3 only
upvoted 1 times
...
anonymousarpanch
1 month, 3 weeks ago
The answer options are not correct here. I tried simplifying like this Password administrator cannot change passwords for privileged roles. Global reader is a priviledged role in azure built-in roles. so no matter whether global reader belongs to organization or an AU, his password cannot be changed. which means neither User 1 nor User 4 can reset User 2's password. Coming to User 1, since his scope is for the organization, which means the AU within which means that User 1 can reset passwords for User 1, 3,4,5 and for User 4 the scope is only AU1, which means only User 1 & User 3. User 2 is a privileged role so cannot be touched by a password administrator. Link/ s i referred are as below. https://docs.azure.cn/en-us/entra/identity/role-based-access-control/privileged-roles-permissions?tabs=admin-center#which-roles-and-permissions-are-privileged https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#global-reader
upvoted 4 times
...
Labelfree
4 months ago
Not sure why you guys are saying User 4 can't reset user 2, and only 3.. it's User 2 and 3 | AU1 Scoped Password Administrator: An AU1 scoped Password Administrator can reset the passwords for users within AU1, including other administrators with roles scoped to AU1. This includes resetting passwords for other AU1 scoped Password Administrators.
upvoted 1 times
...
admmehran
6 months, 3 weeks ago
User1 -> User1,User2,User3,User4 User4-> ONLY USER3 Password administrators can reset passwords for non-administrators within the assigned administrative unit only. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope
upvoted 1 times
admmehran
6 months, 3 weeks ago
and If we consider global reader not as non-administrato=> User4=> ONLY USER2 ,USER3
upvoted 1 times
admmehran
6 months, 3 weeks ago
and If we consider global reader as non-administrator=>as non-administrator User4=> ONLY USER2 ,USER3
upvoted 1 times
...
...
...
haazybanj
1 year, 4 months ago
Correct
upvoted 3 times
...
Leacco99
1 year, 5 months ago
Correct. Organization - everyone under the org AU1 - only those belonging to the said AU
upvoted 4 times
...
EmnCours
1 year, 7 months ago
Correct User1 -> User2, User3, User4, User5 User4 -> User1, User2 & User3
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
AI-900
Atlanta, 1 minute ago