Domain 3.1: Backup and Disaster Recovery

You are designing a disaster recovery strategy using Azure Site Recovery (ASR) for a complex, multi-tier application hosted on Azure Virtual Machines. The application consists of a web tier, an application tier, and a database tier. If a failover occurs, it is absolutely critical that all VMs across all tiers are recovered to the exact same point in time to prevent data corruption and application state mismatch. Which ASR feature must you configure?

You are designing a backup solution for Azure Virtual Machines and Azure Database for PostgreSQL. The business requires that backups be stored in a secondary region. In the event of a primary region outage, administrators must be able to restore the VMs and databases directly in the secondary region. Which TWO configurations are required to achieve this? (Select TWO)

A financial company uses Azure Blob Storage to store immutable audit logs. Recently, a compromised administrator account was used to maliciously delete several storage accounts and their associated backups. You need to design a solution to protect against this specific ransomware/malicious insider threat. The solution must ensure that even a user with the highest administrative privileges cannot delete the backup data before a specified retention period expires. What should you configure?

You are configuring Azure Backup for a fleet of Azure Virtual Machines. The business requires a Recovery Point Objective (RPO) of 4 hours. You configure a backup policy to take snapshots multiple times a day. Which Azure Backup feature allows you to achieve this sub-daily RPO for Azure VMs?

A company hosts a mission-critical, 3-tier application on Azure Virtual Machines (Web, App, and Database tiers). The business continuity plan requires a Recovery Time Objective (RTO) of 2 hours and a Recovery Point Objective (RPO) of 15 minutes. In the event of a regional disaster, the application must be failed over to a secondary region. Crucially, during failover, the Database VMs must boot first, followed by the App VMs, and finally the Web VMs. Custom PowerShell scripts must run automatically after the Database VMs boot to reconfigure connection strings. Which disaster recovery solution should you recommend?

You are designing a backup strategy for Azure Virtual Machines using Azure Backup. The security team requires that backups must be protected against accidental deletion or malicious ransomware attacks. If an administrator attempts to delete a backup vault or stop protection and delete data, the data must remain recoverable for at least 14 days. Which TWO features should you configure? (Select TWO)

A company runs a fleet of Linux Virtual Machines in Azure. They need to implement a backup solution. The application running on the VMs caches significant amounts of data in memory. If a backup is taken while data is in memory but not yet written to disk, restoring that backup could lead to application corruption. You need to ensure that backups capture all data in memory and pending I/O operations are flushed to disk before the snapshot is taken. What type of backup must you configure?

A developer accidentally executes a `DROP TABLE` command on a production Azure SQL Database at 2:15 PM. The database is configured with the default automated backup settings. You need to recover the deleted table with the minimum amount of data loss. What should you do?

CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees across 30 countries. They currently operate a mix of on-premises infrastructure (500 servers across 5 data centers) and Azure (20 subscriptions with 100+ VMs and various PaaS services). Their annual IT budget is $50 million, with plans to migrate 70% of workloads to Azure within 2 years. Business Requirements: The company needs to reduce IT costs by 30%, improve disaster recovery (current RTO: 24 hours -> target: 2 hours), enhance security posture to meet ISO 27001 and SOC 2 compliance, and enable remote work for 80% of employees. All solutions must support future growth of 20% annually. Technical Constraints: Some legacy applications cannot be modified and must run on Windows Server 2012. Network connectivity requires 10 Gbps throughput to Azure with <20ms latency. GDPR compliance mandates that EU customer data must remain in European Azure regions. You are designing the disaster recovery strategy for the newly migrated Azure Virtual Machines to meet the 2-hour RTO requirement and GDPR constraints. Which configuration should you recommend?

You are designing a backup strategy for an Azure environment. You need to back up Azure Virtual Machines, Azure SQL Databases, and Azure File shares. You want to manage all these backups from a single centralized vault. Which type of vault should you create?

You are designing a disaster recovery solution to migrate and protect 100 on-premises VMware virtual machines to Azure using Azure Site Recovery (ASR). The security team dictates that the replication traffic from the on-premises environment to Azure must be encrypted in transit and must travel over a private connection, not the public internet. Which TWO components are required to achieve this? (Select TWO)

You are designing a backup architecture for Azure Virtual Machines located in the 'West Europe' region. The business requires that backups are stored in a geographically distant region to protect against a complete regional disaster. Furthermore, the IT team must be able to restore the VMs in the secondary region at any time for disaster recovery testing, without waiting for Microsoft to declare a regional outage. Which feature should you enable on the Recovery Services vault?

Your company recently suffered a ransomware attack on-premises. To prevent this in Azure, the CISO mandates that all Azure VM backups must be protected against malicious deletion. If an attacker compromises an administrator account and attempts to delete the backup data, the data must be retained for at least 14 days, and the deletion must be reversible. Additionally, you must ensure that no one, not even a global administrator, can disable this protection mechanism. Which two features should you configure on the Recovery Services vault?

You are designing a backup strategy for 50 Azure Virtual Machines. The business requires that backups are stored in a different Azure region than the VMs to protect against a regional outage. You also need the ability to restore a VM to the secondary region if the primary region goes down. What should you configure?

A company has a mission-critical application running on VMware on-premises. The application requires a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 2 hours. You need to design a disaster recovery solution to Azure. Which solution meets these requirements?

You are designing a backup strategy for Azure SQL Databases. The business requires point-in-time restore capabilities for up to 35 days. Additionally, monthly backups must be retained for 10 years to meet regulatory compliance. Which TWO features should you configure? (Select TWO)

A malicious actor gains access to your Azure environment and deletes several critical Azure VM backups from the Recovery Services vault. You need to ensure that deleted backups are retained for 14 days before being permanently destroyed, allowing you time to recover them. What should you enable?