Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
You are managing an Azure subscription that includes various resources such as virtual machines, storage accounts, and Azure SQL databases. To enhance data security, all these resources are currently backed up multiple times daily using Azure Backup. As part of your cybersecurity strategy, you are focusing on defending against ransomware attacks. It is essential to identify which controls should be activated to ensure that Azure Backup remains effective and can restore your resources if a ransomware attack occurs. Which two controls should be part of your recommendation? Each correct answer provides a complete solution. NOTE: Each correct selection is worth one point.
Explanation:
To ensure that Azure Backup can be used to restore resources in the event of a successful ransomware attack, two critical controls should be enabled. 'Enable soft delete for backups' ensures that even if a backup is maliciously deleted, the backup data is retained for 14 additional days, allowing for recovery without data loss. 'Require PINs for critical operations' adds an extra layer of authentication, ensuring that only authorized users can perform sensitive operations, such as deleting backups. This helps protect against unauthorized actions that could permanently delete backup data.