ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 1 question 68 discussion

Actual exam question from Microsoft's SC-300
Question #: 68
Topic #: 1
[All SC-300 Questions]

HOTSPOT
-

You have a Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.

Department1 has the users shown in the Users exhibit. (Click the Users tab.)



Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)



The User Administrator role assignments are shown in the Assignments exhibit (Click the Assignments tab.)



The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by SFAY at Jan. 23, 2024, 2 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SFAY
Highly Voted 1 year, 4 months ago
No, No, Yes
upvoted 36 times
...
Bossdwarf
Highly Voted 1 year, 3 months ago
No No Yes Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group. In other words, an administrator scoped to the administrative unit can manage properties of the group, such as group name or membership, but they cannot manage properties of the users or devices within that group (unless those users and devices are separately added as members of the administrative unit).
upvoted 23 times
Ody
1 year, 3 months ago
Link. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units#groups
upvoted 2 times
...
...
d1e85d9
Most Recent 2 months, 1 week ago
NO NO YES
upvoted 1 times
...
Frank9020
4 months, 4 weeks ago
No, No, Yes Administrative units in Azure AD do not extend permissions to indirect members of groups. For the User Administrator to reset User3's password, User3 must be directly added to AU1.
upvoted 2 times
...
anonymousarpanch
5 months ago
No, No, Yes..Administrative groups cannot be nested. Refer the table for permissions. It says that a user administrator scoped to an admin unit that contains a group cannot ‘reset the passwords of individual members of the group’
upvoted 1 times
...
[Removed]
1 year, 4 months ago
Isn't the given answer correct? User3 and User4 are both assigned to group2 which is assigned to the Department1 AU (second screenshot), so that would be YNY for the answer? Open to learning if that's correct or not...
upvoted 2 times
einkaufacs
1 year, 3 months ago
I thought it the same way. But here nesting users in groups does not work. "Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group" https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units#groups
upvoted 7 times
...
...
Tim1119
1 year, 4 months ago
No, No, Yes Admin1 has a only the permissions on Department1 administrative unit. User3 and User4 are not assigned to Department1, so Admin1 has no permissions to reset passwords. Group3 is not assigned to Department1. Admin3 has permissions for the entire Directory.
upvoted 10 times
loukyexamtopic
10 months, 2 weeks ago
incorrect, they are actually part of department1 admin unit, check pictures again
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel