ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3.1: Backup and Disaster RecoveryDomain 3BackupSecurityRansomware

AZ-305 · Question 34 · Domain 3.1: Backup and Disaster Recovery

Your company recently suffered a ransomware attack on-premises. To prevent this in Azure, the CISO mandates that all Azure VM backups must be protected against malicious deletion.

If an attacker compromises an administrator account and attempts to delete the backup data, the data must be retained for at least 14 days, and the deletion must be reversible. Additionally, you must ensure that no one, not even a global administrator, can disable this protection mechanism.

Which two features should you configure on the Recovery Services vault?

Answer options:

A.

Soft delete and Multi-user authorization (MUA)

B.

Soft delete and Immutable vault

C.

Resource locks and Azure Policy

D.

Cross Region Restore (CRR) and Soft delete

How to approach this question

Identify the feature that retains deleted data (Soft delete) and the feature that locks the vault settings permanently (Immutable vault).

Full Answer

B.Soft delete and Immutable vault✓ Correct
Soft delete and Immutable vault
To protect against ransomware and malicious insiders, Azure Backup provides 'Soft delete', which retains backup data for 14 days after a delete operation is performed, allowing it to be recovered. However, a compromised admin could theoretically disable soft delete and then delete the data. To prevent this, you enable the 'Immutable vault' feature. Once locked, Immutable vault ensures that soft delete cannot be disabled, and retention periods cannot be reduced, by anyone.

Common mistakes

Relying on Resource Locks. A compromised administrator can simply delete the resource lock and then delete the vault.
33All questions35

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →