Exam AZ-104 topic 1 question 35 discussion

It should be C

I belive it is the C option A - If you delete the VM you cannot recover to that vm it must exist B - You do not know the other VMs C - Creating a New VM you can recover the VM D - You can recover from the backup https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

When dealing with a VM infected with ransomware, the safest and most effective approach is to restore the VM to a new Azure VM

Restoring to an on-premises server is possible but involves significant compatibility, complexity, and performance issues, making it impractical for disaster recovery scenarios. Restoring the VM to a new Azure VM (option C) is the most efficient and reliable choice in this situation.

A. You should restore the VM after deleting the infected VM. B. You should restore the VM to any VM within the company's subscription. C. You should restore the VM to a new Azure VM. D. You should restore the VM to an on-premise Windows device. Correct Answer is C However, one can argue that answer A is also correct, but deleting the infected VM is not a mandatory step to restore a VM. You can simply restore the VM to a new Azure VM.

A is wrong because if you delete the VM , replace existing disks or resore disk options cannot be used . C is the best option. https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

A is incorrect because you need the source machine to be available while recovering a corrupted VM, visit [https://learn.microsoft.com/en-us/azure/backup/backup-azure-restore-system-state] and search for [source machine] you will understand this point. C is incorrect, you can recover to any VM, no need to create a new one. B is correct.

Answer: Create a new VM Create a new VM: Quickly creates and gets a basic VM up and running from a restore point. Restore disk: Restores a VM disk, which can then be used to create a new VM. Both of these options state creating a new VM and either doing it directly or attaching a restored VM disk. You could use an existing VM as well but that VM is probably already being used for something else. In the other question in this series it states what is TRUE and they are saying you can ONLY recover to specified locations which is not correct. In this answer it states SHOULD. You should use a new VM. ​​​​​​​Replace existing: The current VM must exist. If it's been deleted, this option can't be used. https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

The answer is C. As described here: https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms#choose-a-vm-restore-configuration You can Restore Virtual Machine to a new VM or replace disks on existing VM. A => you don’t need to delete the infected VM B => you cannot restore to any VM (Linux or Windows), but you can restore to a new Windows VM or to the existing Windows VM C => this option is valid D => you cannot restore to an on-premise VM

It is not possible to "restore the vm TO any vm". - I can restore a vm to a NEW vm - I can restore a vw REPLACING any other vm - I can restore FILES to any other vm. Doesn't matter what I do, it is better to shutdown the infected VM, but not to delete it until the restore prosses is finished.

C is correct

Replace existing: You can restore a disk, and use it to replace a disk on the existing VM. The current VM must exist. If it's been deleted, this option can't be used. https://learn.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

It should be C

be careful at wording, it say you should (so where is recommended not where you can)..so it should be C as is safe way to go

What is wrong with A? You delete the compromised VM and restore the VM from backup. What is the added value for another VM?

Answer C (You should restore the VM to a new Azure VM) is a better choice. This approach ensures you're working with a completely uncontaminated, fresh environment, thereby significantly reducing the risk of any remnants of the ransomware affecting your new setup. However, it should be noted that this option should ideally be combined with the deletion of the infected VM (A) to mitigate any risk of spreading the ransomware further. This isn't explicitly mentioned in option C but is a critical step in the recovery process. So, while C is the better answer among the provided options for where to restore the VM, ensure to first delete the infected VM as a preparatory step.

gpt v4 ansewr: The best practice in this scenario, to maintain security and prevent the spread of ransomware, would be to delete the infected VM and then restore the clean backup to a new VM. This prevents the ransomware from potentially remaining on the system or affecting other VMs within the same environment. Therefore, the most appropriate action would be: A. You should restore the VM after deleting the infected VM. This answer ensures that the infected VM is completely removed and that the clean, backed-up version is restored, minimizing the risk of the ransomware persisting or spreading.