Microsoft Exam SC-100 Topic 7 Question 19 Discussion

Actual exam question for Microsoft's SC-100 exam

Question #: 19
Topic #: 7

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised administrator account cannot be used to delete the backups

What should you do?

AFrom a Recovery Services vault generate a security PIN for critical operations.

BFrom Azure Backup, configure multi-user authorization by using Resource Guard.

CFrom Microsoft Azure Backup Setup, register MABS with a Recovery Services vault

DFrom Azure AD Privileged Identity Management (PIM), create a role assignment for the Backup Contributor role.

Show Suggested Answer

Suggested Answer: D

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages#what-regulatory-compliance-standards-are-available-in-defender-for-cloud

by Derick at Feb 05, 2023, 07:35 PM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Merilyn

2 days ago

I'm not sure, but I think option A could also work by generating a security PIN for critical operations in the Recovery Services vault.

upvoted 0 times

...

Mirta

3 days ago

I agree with Tamesha, option D seems like the best choice to prevent a compromised administrator account from deleting the backups.

upvoted 0 times

...

Tamesha

6 days ago

I think we should go with option D, using Azure AD Privileged Identity Management to create a role assignment for the Backup Contributor role.

upvoted 0 times

...