Microsoft Exam SC-100 Topic 7 Question 19 Discussion

Actual exam question for Microsoft's SC-100 exam

Question #: 19
Topic #: 7

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised administrator account cannot be used to delete the backups

What should you do?

AFrom a Recovery Services vault generate a security PIN for critical operations.

BFrom Azure Backup, configure multi-user authorization by using Resource Guard.

CFrom Microsoft Azure Backup Setup, register MABS with a Recovery Services vault

DFrom Azure AD Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role.

Show Suggested Answer

Suggested Answer: D

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regulatory-compliance-standards-are-available-in-defender-for-cloud

by Derick at Feb 05, 2023, 07:35 PM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alaine

30 days ago

Wait, so we're trying to stop a hacker from deleting backups? Sounds like a job for Azure's version of James Bond! Option B it is - gotta keep those backups secure, no matter how sneaky the bad guys get.

upvoted 0 times

...

Dana

1 months ago

Option C, really? Registering MABS with a Recovery Services vault is important, but it doesn't address the security issue of a compromised admin account. I'm sticking with Option B - multi-user authorization is the way to go!

upvoted 0 times

...

Margurite

1 months ago

Haha, option A with the security PIN? Sounds like something out of a spy movie! But I guess it could work for critical operations. Still, I think Option B is the way to go for this scenario.

upvoted 0 times

Alfreda

2 days ago

Yeah, having multiple users authorize critical operations seems like a safer bet.

upvoted 0 times

...

Tiffiny

6 days ago

I agree, it does sound pretty cool. But I think Option B with multi-user authorization is more practical.

upvoted 0 times

...

Raylene

8 days ago

Option A with the security PIN does sound like something out of a spy movie!

upvoted 0 times

...

Annice

1 months ago

I'm going with Option D. Assigning the Backup Contributor role through PIM will give the necessary permissions while still maintaining control over who can access the backups. Seems like a good way to follow the security best practices.

upvoted 0 times

Adelle

16 days ago

Definitely, following Microsoft Security Best Practices is crucial in designing a recovery solution for ransomware attacks.

upvoted 0 times

...

Raina

18 days ago

I agree, assigning the Backup Contributor role through PIM is a good way to ensure security while still allowing necessary access.

upvoted 0 times

...

Jamika

20 days ago

Option D sounds like the best choice. It's important to limit access to backups to prevent them from being deleted.

upvoted 0 times

...

Cherry

2 months ago

Option B looks like the best choice here. Configuring multi-user authorization with Resource Guard will help prevent a compromised admin account from deleting the backups. Solid security practice!

upvoted 0 times

Jenelle

22 hours ago

Definitely, it's important to follow Microsoft Security Best Practices to ensure the safety of our data.

upvoted 0 times

...

Vilma

15 days ago

I agree, having that extra layer of security is crucial in protecting the backups from ransomware attacks.

upvoted 0 times

...

Van

17 days ago

Option B looks like the best choice here. Configuring multi-user authorization with Resource Guard will help prevent a compromised admin account from deleting the backups. Solid security practice!

upvoted 0 times

...