ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 65 discussion

Actual exam question from Microsoft's SC-300
Question #: 65
Topic #: 2
[All SC-300 Questions]

You have an Azure AD tenant that contains the users shown in the following table.



You enable self-service password reset (SSPR) for all the users and configure SSPR to require security questions as the only authentication method.

Which users must use security questions when resetting their password?

  • A. User4 only
  • B. User3 and User4 only
  • C. User1 and User4 only
  • D. User1, User3, and User4 only
  • E. User1, User2, User3, and User4
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Trappie at Oct. 4, 2023, 9:33 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
0byte
Highly Voted 1 year, 2 months ago
Selected Answer: B
Correct answer. Basically, some administrative roles, by design can only use strong, two-gate password reset policy, regardles of SSPR settings. User Administrator and Password Administrator will be always forced to use two methods and cannot use security questions. Securiry Reader and User will use whatever is set under SSPR, so security questions in this case. https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences
upvoted 15 times
...
d1e85d9
Most Recent 4 months ago
Selected Answer: A
User1 (User Administrator) – Admins are not allowed to use security questions for SSPR because it’s considered a weaker authentication method. User2 (Password Administrator) – As an admin role, User2 cannot use security questions for SSPR. User3 (Security Reader) – Security roles are still considered privileged, so User3 cannot use security questions for SSPR. User4 (Standard User) – User4, being a regular user with no admin privileges, can use security questions for SSPR, as they’re the target audience for this method.
upvoted 2 times
...
be9z
1 year, 1 month ago
Administrator accounts can't use security questions as verification method with SSPR. Answer is B. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-security-questions
upvoted 2 times
...
Naya24
1 year, 2 months ago
Selected Answer: B
Security reader not listed in 2 gate admin accounts https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#administrator-reset-policy-differences
upvoted 2 times
...
haazybanj
1 year, 2 months ago
Selected Answer: A
Shouldn't it be A since Security Reader is an Admin and Admins can't use security questions? https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-security-questions
upvoted 4 times
Alcpt
8 months, 2 weeks ago
no. Administrator accounts can't use security questions as verification method with SSPR. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-security-questions
upvoted 1 times
...
AleFerrillo
8 months, 1 week ago
Security Reader is not an Admin role subjected to "admin" SSPR rules.
upvoted 1 times
...
...
Nivos23
1 year, 2 months ago
Selected Answer: B
I agree with 0byteThe answer is b
upvoted 1 times
...
Lekong
1 year, 2 months ago
I think it should be Username only
upvoted 1 times
Lekong
1 year, 2 months ago
I mean User 4 only. A
upvoted 1 times
...
Alcpt
8 months, 2 weeks ago
Security Reader account can use security questions as a verification method for Self-Service Password Reset (SSPR). Security questions are not used during sign-in but can be used during the SSPR process to confirm the user’s identity. However, it’s important to note that while security questions can be enabled for non-administrative roles, they are generally considered less secure than other methods
upvoted 1 times
...
...
shuhaidawahab
1 year, 3 months ago
Administrator accounts can't use security questions as verification method with SSPR.
upvoted 1 times
...
Trappie
1 year, 3 months ago
Correct: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-security-questions
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel