Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-100 Exam - Topic 7 Question 19 Discussion

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.You need to ensure that a compromised administrator account cannot be used to delete the backupsWhat should you do?
D) From Azure AD Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role.
A) From a Recovery Services vault generate a security PIN for critical operations.
B) From Azure Backup, configure multi-user authorization by using Resource Guard.
C) From Microsoft Azure Backup Setup, register MABS with a Recovery Services vault

Microsoft SC-100 Exam - Topic 7 Question 19 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 19
Topic #: 7
[All SC-100 Questions]

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised administrator account cannot be used to delete the backups

What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regulatory-compliance-standards-are-available-in-defender-for-cloud


by Derick at Feb 05, 2023, 07:35 PM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Genevieve
7 months ago
PIM role assignment sounds good, but is it really enough?
upvoted 0 times
...
Cristina
7 months ago
Wait, can compromised accounts really bypass these measures?
upvoted 0 times
...
Adell
7 months ago
Definitely go with Resource Guard for better protection.
upvoted 0 times
...
Crissy
8 months ago
I think the security PIN option is too basic for this scenario.
upvoted 0 times
...
Major
8 months ago
Multi-user authorization is a must for security!
upvoted 0 times
...
Crista
8 months ago
I’m a bit confused about the role assignment in Azure AD PIM; does that really prevent a compromised account from deleting backups?
upvoted 0 times
...
Tammi
8 months ago
I practiced a similar question where we had to secure backups, and I feel like configuring multi-user authorization was the answer there too.
upvoted 0 times
...
Desirae
8 months ago
I think generating a security PIN for critical operations could help, but it seems like there might be a better option to prevent admin account misuse.
upvoted 0 times
...
Pete
8 months ago
I remember something about using multi-user authorization to protect backups, but I'm not entirely sure if Resource Guard is the right feature for this scenario.
upvoted 0 times
...
Carin
8 months ago
Hmm, this looks like it's asking about a specific feature of Puppet Labs. I'll need to think carefully about the options and see if I can recall what each one refers to.
upvoted 0 times
...
Lon
8 months ago
Hmm, I'm a bit unsure about this one. The clock issue could be caused by a few different things, so I'll need to think through the options carefully to determine the best solution.
upvoted 0 times
...
Susana
8 months ago
I feel like we covered DNS zones in class, but I'm not entirely clear on how they relate to routing calls to unknown domains.
upvoted 0 times
...
Frederica
8 months ago
I remember that database sync is crucial for SSO to work correctly. If they hadn't synced, that could definitely explain why only half the clients are showing up.
upvoted 0 times
...
Alaine
1 year ago
Wait, so we're trying to stop a hacker from deleting backups? Sounds like a job for Azure's version of James Bond! Option B it is - gotta keep those backups secure, no matter how sneaky the bad guys get.
upvoted 0 times
...
Dana
1 year ago
Option C, really? Registering MABS with a Recovery Services vault is important, but it doesn't address the security issue of a compromised admin account. I'm sticking with Option B - multi-user authorization is the way to go!
upvoted 0 times
...
Margurite
1 year ago
Haha, option A with the security PIN? Sounds like something out of a spy movie! But I guess it could work for critical operations. Still, I think Option B is the way to go for this scenario.
upvoted 0 times
An
11 months ago
Definitely, it adds an extra layer of security to prevent any compromised accounts from deleting backups.
upvoted 0 times
...
Alfreda
12 months ago
Yeah, having multiple users authorize critical operations seems like a safer bet.
upvoted 0 times
...
Tiffiny
12 months ago
I agree, it does sound pretty cool. But I think Option B with multi-user authorization is more practical.
upvoted 0 times
...
Raylene
12 months ago
Option A with the security PIN does sound like something out of a spy movie!
upvoted 0 times
...
...
Annice
1 year ago
I'm going with Option D. Assigning the Backup Contributor role through PIM will give the necessary permissions while still maintaining control over who can access the backups. Seems like a good way to follow the security best practices.
upvoted 0 times
Adelle
1 year ago
Definitely, following Microsoft Security Best Practices is crucial in designing a recovery solution for ransomware attacks.
upvoted 0 times
...
Raina
1 year ago
I agree, assigning the Backup Contributor role through PIM is a good way to ensure security while still allowing necessary access.
upvoted 0 times
...
Jamika
1 year ago
Option D sounds like the best choice. It's important to limit access to backups to prevent them from being deleted.
upvoted 0 times
...
...
Cherry
1 year ago
Option B looks like the best choice here. Configuring multi-user authorization with Resource Guard will help prevent a compromised admin account from deleting the backups. Solid security practice!
upvoted 0 times
Gerardo
12 months ago
I think we should implement this solution as soon as possible to mitigate any potential risks.
upvoted 0 times
...
Jenelle
12 months ago
Definitely, it's important to follow Microsoft Security Best Practices to ensure the safety of our data.
upvoted 0 times
...
Vilma
1 year ago
I agree, having that extra layer of security is crucial in protecting the backups from ransomware attacks.
upvoted 0 times
...
Van
1 year ago
Option B looks like the best choice here. Configuring multi-user authorization with Resource Guard will help prevent a compromised admin account from deleting the backups. Solid security practice!
upvoted 0 times
...
Crista
1 year ago
I agree, configuring multi-user authorization with Resource Guard is a smart move.
upvoted 0 times
...
Ruthann
1 year ago
Option B is definitely the way to go to protect against ransomware attacks.
upvoted 0 times
...
Francisca
1 year ago
I think option D could also work well to prevent unauthorized deletion of backups.
upvoted 0 times
...
Darci
1 year ago
I agree, option B seems like the most secure choice.
upvoted 0 times
...
...
Merilyn
1 year ago
I'm not sure, but I think option A could also work by generating a security PIN for critical operations in the Recovery Services vault.
upvoted 0 times
...
Mirta
1 year ago
I agree with Tamesha, option D seems like the best choice to prevent a compromised administrator account from deleting the backups.
upvoted 0 times
...
Tamesha
1 year ago
I think we should go with option D, using Azure AD Privileged Identity Management to create a role assignment for the Backup Contributor role.
upvoted 0 times
...

Save Cancel