You are designing a ransomware response plan that follows Microsoft Security Best Practices.
You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.
What should you include in the recommendation?
You are designing a ransomware response plan that follows Microsoft Security Best Practices.
You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out.
What should you include in the recommendation?
When designing a ransomware response plan, it is crucial to have measures in place to ensure that administrators are not locked out of the system during an attack. Emergency access accounts are essential as they provide a way to regain access to critical systems if normal accounts are locked out or compromised. These accounts are typically highly restricted in their use, ensuring they are not subject to the same risks as regular administrative accounts. This ensures that you can limit the scope of damage during a ransomware attack while maintaining necessary access.
I say D
I say D too. B is a preventive control before ransomware attacks happen. The question here is asking how to limit the scope of damage if attack has happened. An emergency access account will prevent you from being locked out.
B is the answer. https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-devices#device-roles-and-profiles Privileged Access Workstation (PAW) – This is the highest security configuration designed for extremely sensitive roles that would have a significant or material impact on the organization if their account was compromised. The PAW configuration includes security controls and policies that restrict local administrative access and productivity tools to minimize the attack surface to only what is absolutely required for performing sensitive job tasks. This makes the PAW device difficult for attackers to compromise because it blocks the most common vector for phishing attacks: email and web browsing. To provide productivity to these users, separate accounts and workstations must be provided for productivity applications and web browsing. While inconvenient, this is a necessary control to protect users whose account could inflict damage to most or all resources in the organization.
I can see why some may confuse the 'break-glass' account to this question, but clearly asks to NOT be locked! Which means you've already had access to the environment, whatever that maybe. You don't need emergency account at that point.
ChatGPT: To limit the scope of damage of ransomware attacks without being locked out, you should recommend Privileged Access Workstations (PAWs). Privileged Access Workstations (PAWs) are dedicated devices that are used to perform sensitive administrative tasks, such as configuring security settings and managing domain controllers. PAWs provide enhanced security by isolating administrative activities from regular user activities and by requiring multi-factor authentication and additional controls. By using a PAW, administrators can perform sensitive tasks without exposing their credentials to the regular network or potentially malicious content, such as ransomware. This helps to limit the scope of damage of ransomware attacks while also maintaining access to critical systems. Therefore, option B is the correct answer.
correct https://learn.microsoft.com/en-us/security/ransomware/protect-against-ransomware-phase2 https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-devices
He said clearly " limit the scope of damage of ransomware attacks without being locked out", So the right one here should be D. Emergency Access Accounts". https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-emergency-access-account