ExpertHard1 markMultiple Choice
Domain 3.1: Design a solution for backup and disaster recoveryDomain 3Business ContinuitySecurityRansomware
AZ-305 · Question 34 · Domain 3.1: Design a solution for backup and disaster recovery
A financial institution is designing a defense-in-depth strategy against ransomware.
They use Azure Backup for their critical servers. An attacker who gains Global Administrator privileges must not be able to permanently delete backup data immediately.
Which two features should you ensure are enabled on the Recovery Services vault?
A financial institution is designing a defense-in-depth strategy against ransomware.
They use Azure Backup for their critical servers. An attacker who gains Global Administrator privileges must not be able to permanently delete backup data immediately.
Which two features should you ensure are enabled on the Recovery Services vault?
Answer options:
A.
Soft delete and Multi-user authorization (MUA).
B.
Cross Region Restore (CRR) and Customer-managed keys (CMK).
C.
Azure Policy and Resource Locks.
D.
Private Endpoints and Network Security Groups.
How to approach this question
Look for features specifically designed to protect backup data from malicious deletion by insiders or compromised admin accounts.
Full Answer
A.Soft delete and Multi-user authorization (MUA).✓ Correct
Soft delete and Multi-user authorization (MUA).
To protect against ransomware and compromised administrator accounts, Azure Backup provides Soft Delete (which retains deleted backup data for 14 days) and Multi-user authorization (MUA). MUA uses an Azure Resource Guard to ensure that critical operations (like disabling soft delete or reducing retention policies) require authorization from a separate security administrator, preventing a single compromised Global Admin from destroying the backups.
Common mistakes
Relying on Resource Locks. A compromised Global Admin/Owner can simply delete the lock and then delete the vault.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 managem...MediumQ02Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines ru...HardQ03A startup company has a single Azure subscription with a monthly budget of $5,000.
The CFO want...EasyQ04You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). ...MediumQ05A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance req...Hard