A financial services organisation wants its backup design to survive a ransomware operator who has already gained Global Administrator rights in Microsoft Entra ID and intends to delete or encrypt all backups before detonating. Which backup design property most directly satisfies this resiliency requirement?
- ABackups are written to immutable, time-locked storage that no administrator role can delete or alter until the retention period expires. Correct
- BBackups are replicated to a second Azure region so that a regional outage cannot make the restore points unavailable.
- CBackups are encrypted at rest with customer-managed keys held in an Azure Key Vault that the backup service can read automatically.
- DBackups run more frequently so that the recovery point objective is reduced to under fifteen minutes for every protected workload.
Why A is correct: Immutability with a retention lock enforces the assume-breach principle so that even a fully compromised privileged identity cannot delete or encrypt the protected restore point, which is exactly what the requirement demands.
Why B is wrong: Geo-replication defends against a datacentre or regional failure and seems resilient, but a privileged attacker can issue deletion against replicated copies just as easily, so it does not counter a malicious insider-level identity.
Why C is wrong: Encryption at rest protects backup confidentiality and is tempting because it sounds like hardening, but it does nothing to stop a Global Administrator from deleting the backups outright, so it misses the stated threat.
Why D is wrong: A tighter recovery point objective improves data freshness and is appealing for resilience metrics, but more frequent copies in deletable storage are equally destroyable by the compromised admin, so the threat is unaddressed.