You have an Azure subscription along with an on-premises datacenter which houses 100 servers running Windows Server. These servers are currently backed up to a Recovery Services vault using Azure Backup and the Microsoft Azure Recovery Services (MARS) agent. Your task is to design a recovery solution specifically for ransomware attacks that encrypt the on-premises servers. The solution must comply with Microsoft Security Best Practices and safeguard against the following risks:

• A compromised administrator account used to delete the backups from Azure Backup before encrypting the servers
• A compromised administrator account used to disable the backups on the MARS agent before encrypting the servers

What should you use for each risk? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.