Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 2 Discussion

This one's tricky, but I think A is off since the PIN is mostly for cloud vault operations, not on-prem MABS backups. D limits admin roles but won't stop an admin from deleting backups they have access to. A better safeguard might be B to add multi-user approval.

Option A seems less relevant here since a security PIN mainly covers critical actions in the Recovery Services vault but doesn't specifically block a compromised admin from deleting backups, especially on-prem with MABS. Option D, using PIM, limits who can get Backup Contributor rights, which is good for reducing risk but doesn’t directly prevent deletion if someone already has those rights. Resource Guard (B) is designed specifically to require multiple admins to approve important actions like deleting backups, making it a stronger safeguard against ransomware attacks targeting backup deletio

B/D? Resource Guard (B) definitely adds that extra approval step for deleting or modifying backups, which is great for stopping a single compromised admin. But also consider PIM (D) since limiting who can activate Backup Contributor rights and requiring just-in-time access reduces the risk surface overall. Combining both would be stronger, but if it’s just one, B seems more focused on preventing backup deletion directly. D is more about controlling elevated access, which helps but doesn’t specifically stop backup deletion once an admin role is active.

B Resource Guard requires approval from a second admin to perform critical backup operations, so a single compromised account can’t delete backups alone. That's a solid defense specifically against ransomware threats.

Good point, B makes sense since Resource Guard adds an extra layer preventing single admin misuse.

It’s B, but the explanation doesn’t clarify how Resource Guard protects backups explicitly.