Question 1

A financial company uses Azure Blob Storage to store immutable audit logs.

Recently, a compromised administrator account was used to maliciously delete several storage accounts and their associated backups.

You need to design a solution to protect against this specific ransomware/malicious insider threat. The solution must ensure that even a user with the highest administrative privileges cannot delete the backup data before a specified retention period expires.

What should you configure?

Accepted Answer

Identify the feature that requires a 'two-man rule' for destructive actions.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Choosing Resource Locks or Soft Delete. A compromised admin with Owner rights can easily disable soft delete or remove resource locks.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam