SC-100 Certification Practice Question #35

Question

You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).

You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.

You need to ensure that a compromised local administrator account cannot be used to stop scheduled backups.

What should you do?

Accepted Answer

The goal is to ensure a single compromised local administrator cannot stop scheduled backups, following Microsoft Security Best Practices. MS Learn's ransomware-protection guidance directly states that Multi-User Authorization (MUA) using the Resource Guard is the control for the "rogue admin scenario," ensuring destructive operations such as stopping or deleting backups require approval from a separate security administrator — exactly the second-person control the question demands. The security PIN (D) is a weaker, single-admin feature and does not introduce a separate approver, which is why MUA supersedes it in best-practice guidance. Suggested Answer, the 12-vote consensus, and the top Highly Voted comment all align on A, with MS Learn confirming. Confidence is 92%: near-unanimous agreement, MS Learn explicit, with only a minority D vote that one of its own proponents walked back.

More SC-100 practice questions