Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 0d 16h 56m 16s Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam SC-100 Topic 7 Question 19 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 19
Topic #: 7
[All SC-100 Questions]

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised administrator account cannot be used to delete the backups

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regulatory-compliance-standards-are-available-in-defender-for-cloud


by Derick at Feb 05, 2023, 07:35 PM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alaine
18 days ago
Wait, so we're trying to stop a hacker from deleting backups? Sounds like a job for Azure's version of James Bond! Option B it is - gotta keep those backups secure, no matter how sneaky the bad guys get.
upvoted 0 times
...
Dana
20 days ago
Option C, really? Registering MABS with a Recovery Services vault is important, but it doesn't address the security issue of a compromised admin account. I'm sticking with Option B - multi-user authorization is the way to go!
upvoted 0 times
...
Margurite
22 days ago
Haha, option A with the security PIN? Sounds like something out of a spy movie! But I guess it could work for critical operations. Still, I think Option B is the way to go for this scenario.
upvoted 0 times
...
Annice
26 days ago
I'm going with Option D. Assigning the Backup Contributor role through PIM will give the necessary permissions while still maintaining control over who can access the backups. Seems like a good way to follow the security best practices.
upvoted 0 times
Adelle
5 days ago
Definitely, following Microsoft Security Best Practices is crucial in designing a recovery solution for ransomware attacks.
upvoted 0 times
...
Raina
7 days ago
I agree, assigning the Backup Contributor role through PIM is a good way to ensure security while still allowing necessary access.
upvoted 0 times
...
Jamika
9 days ago
Option D sounds like the best choice. It's important to limit access to backups to prevent them from being deleted.
upvoted 0 times
...
...
Cherry
2 months ago
Option B looks like the best choice here. Configuring multi-user authorization with Resource Guard will help prevent a compromised admin account from deleting the backups. Solid security practice!
upvoted 0 times
Vilma
4 days ago
I agree, having that extra layer of security is crucial in protecting the backups from ransomware attacks.
upvoted 0 times
...
Van
6 days ago
Option B looks like the best choice here. Configuring multi-user authorization with Resource Guard will help prevent a compromised admin account from deleting the backups. Solid security practice!
upvoted 0 times
...
Crista
22 days ago
I agree, configuring multi-user authorization with Resource Guard is a smart move.
upvoted 0 times
...
Ruthann
23 days ago
Option B is definitely the way to go to protect against ransomware attacks.
upvoted 0 times
...
Francisca
28 days ago
I think option D could also work well to prevent unauthorized deletion of backups.
upvoted 0 times
...
Darci
1 months ago
I agree, option B seems like the most secure choice.
upvoted 0 times
...
...
Merilyn
2 months ago
I'm not sure, but I think option A could also work by generating a security PIN for critical operations in the Recovery Services vault.
upvoted 0 times
...
Mirta
2 months ago
I agree with Tamesha, option D seems like the best choice to prevent a compromised administrator account from deleting the backups.
upvoted 0 times
...
Tamesha
2 months ago
I think we should go with option D, using Azure AD Privileged Identity Management to create a role assignment for the Backup Contributor role.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77
a