FreeCram
  1. Home
  2. Microsoft
  3. Microsoft Cybersecurity Architect
  4. Microsoft.SC-100.v2024-09-03.q74
  5. Question 48
<< Prev Question Next Question >>

Question 48/74

You have an Azure subscription and an on-premises datacenter. The datacenter contains 100 servers that run Windows Server. AJI the servers are backed up to a Recovery Services vault by using Azure Backup and the Microsoft Azure Recovery Services (MARS) agent.
You need to design a recovery solution for ransomware attacks that encrypt the on-premises servers. The solution must follow Microsoft Security Best Practices and protect against the following risks:
* A compromised administrator account used to delete the backups from Azure Backup before encrypting the servers
* A compromised administrator account used to disable the backups on the MARS agent before encrypting the servers What should you use for each risk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Recent Comments (The most recent comments are at the top.)

sam - Jan 24, 2025

Still Soft Delete is for workloads running in Azure only - not on-prem server backups with MARS agents
https://learn.microsoft.com/en-us/azure/backup/backup-azure-security-feature
For Deleted Backups:
A Security PIN for Critical Operations

Why?
For on-premises workloads backed up with the MARS agent, the Security PIN adds an additional layer of protection for critical operations, including deleting backup data.
Even if an administrator account is compromised, a Security PIN must be entered before backups can be deleted, reducing the risk of ransomware attacks deleting the backups.
For Disabled Backups:
Multi-user Authorization by Using Resource Guard

Why?
Resource Guard ensures that disabling backups or modifying critical backup settings requires multi-user authorization (MUA).
This prevents a single compromised administrator account from disabling backups on the MARS agent, ensuring backups remain operational.

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (74q)
Question 1: You have an Azure AD tenant that syncs with an Active Direct...
1 commentQuestion 2: Your company has an Azure subscription that has enhanced sec...
Question 3: You have an Azure AD tenant that syncs with an Active Direct...
Question 4: You open Microsoft Defender for Cloud as shown in the follow...
Question 5: You are designing the encryption standards for data at rest ...
1 commentQuestion 6: You use Azure Pipelines with Azure Repos to implement contin...
Question 7: You are evaluating the security of ClaimsApp. For each of th...
Question 8: You have an Azure subscription that contains a Microsoft Sen...
Question 9: Your company has an office in Seattle. The company has two A...
1 commentQuestion 10: Your company has devices that run either Windows 10, Windows...
1 commentQuestion 11: You have an Azure subscription that contains virtual machine...
Question 12: A customer has a hybrid cloud infrastructure that contains a...
Question 13: You have an operational model based on the Microsoft Cloud A...
Question 14: You have an Azure subscription that has Microsoft Defender f...
Question 15: You have a Microsoft 365 subscription and an Azure subscript...
1 commentQuestion 16: Your company has a multi-cloud environment that contains a M...
1 commentQuestion 17: Your company plans to evaluate the security of its Azure env...
Question 18: You have legacy operational technology (OT) devices and loT ...
1 commentQuestion 19: You have an Azure subscription. The subscription contains 10...
1 commentQuestion 20: Your company plans to follow DevSecOps best practices of the...
Question 21: You plan to deploy a dynamically scaling, Linux-based Azure ...
1 commentQuestion 22: What should you create in Azure AD to meet the Contoso devel...
2 commentQuestion 23: You have an Azure subscription that has Microsoft Defender f...
1 commentQuestion 24: You are designing a security operations strategy based on th...
Question 25: You are designing security for a runbook in an Azure Automat...
Question 26: You have an Azure subscription that has Microsoft Defender f...
Question 27: You need to recommend a solution to meet the security requir...
Question 28: Your company uses Microsoft Defender for Cloud and Microsoft...
Question 29: A customer follows the Zero Trust model and explicitly verif...
Question 30: Your company is preparing for cloud adoption. You are design...
1 commentQuestion 31: You have a customer that has a Microsoft 365 subscription an...
Question 32: You have an on-premises server that runs Windows Server and ...
1 commentQuestion 33: You are designing a security operations strategy based on th...
1 commentQuestion 34: You have a Microsoft 365 E5 subscription that uses Microsoft...
Question 35: You have an Azure subscription. The subscription contains an...
Question 36: Your company has an on-premises network, an Azure subscripti...
1 commentQuestion 37: Your company is designing an application architecture for Az...
1 commentQuestion 38: You use Azure Pipelines with Azure Repos to implement contin...
Question 39: You are creating the security recommendations for an Azure A...
Question 40: Note: This question is part of a series of questions that pr...
Question 41: Your company is moving all on-premises workloads to Azure an...
1 commentQuestion 42: You are designing a new Azure environment based on the secur...
1 commentQuestion 43: Your company, named Contoso. Ltd... has an Azure AD tenant n...
1 commentQuestion 44: Your company plans to deploy several Azure App Service web a...
2 commentQuestion 45: Your company plans to follow DevSecOps best practices of the...
Question 46: You need to recommend a solution to meet the compliance requ...
1 commentQuestion 47: You have a multi-cloud environment that contains an Azure su...
1 commentQuestion 48: You have an Azure subscription and an on-premises datacenter...
1 commentQuestion 49: For a Microsoft cloud environment, you are designing a secur...
1 commentQuestion 50: You have a Microsoft 365 E5 subscription and an Azure subscr...
Question 51: Your company plans to apply the Zero Trust Rapid Modernizati...
1 commentQuestion 52: Your company is developing an invoicing application that wil...
Question 53: Your company has a Microsoft 365 E5 subscription. The Chief ...
1 commentQuestion 54: Your company is migrating data to Azure. The data contains P...
Question 55: You have an Azure subscription that contains several storage...
Question 56: You need to recommend an identity security solution for the ...
1 commentQuestion 57: You need to recommend a solution to evaluate regulatory comp...
1 commentQuestion 58: You have a Microsoft 365 subscription and an Azure subscript...
Question 59: You have an Azure AD tenant that contains 10 Windows 11 devi...
Question 60: You need to design a solution to provide administrators with...
1 commentQuestion 61: You have Windows 11 devices and Microsoft 365 E5 licenses. Y...
Question 62: You have a hybrid cloud infrastructure. You plan to deploy t...
Question 63: You need to design a strategy for securing the SharePoint On...
1 commentQuestion 64: Your company wants to optimize using Microsoft Defender for ...
Question 65: You have an Azure subscription. Your company has a governanc...
1 commentQuestion 66: You are designing the security standards for a new Azure env...
1 commentQuestion 67: You have an Azure subscription that has Microsoft Defender f...
Question 68: You are designing the encryption standards for data at rest ...
1 commentQuestion 69: Your company develops several applications that are accessed...
Question 70: You are designing the encryption standards for data at rest ...
Question 71: A customer has a hybrid cloud infrastructure that contains a...
1 commentQuestion 72: You are designing a security strategy for providing access t...
Question 73: Your company develops several applications that are accessed...
Question 74: You have a Microsoft 365 tenant. Your company uses a third-p...