SC-100 · Question #136
SC-100 Question #136: Real Exam Question with Answer & Explanation
The correct answer is D: Disable Microsoft OneDrive sync and Exchange ActiveSync.. {"question_number": 5, "correct_answer": "D", "explanation": "Microsoft Security Best Practices for ransomware recovery specify that the very first step is to stop the bleeding - prevent ongoing encryption and lateral spread before attempting any recovery or investigation. Disabl
Question
You have a Microsoft 365 subscription that syncs with Active Directory Domain Services (AD DS). You need to define the recovery steps for a ransomware attack that encrypted data in the subscription. The solution must follow Microsoft Security Best Practices. What is the first step in the recovery plan?
Options
- AFrom Microsoft Defender for Endpoint, perform a security scan.
- BRecover files to a cleaned computer or device.
- CContact law enforcement.
- DDisable Microsoft OneDrive sync and Exchange ActiveSync.
Explanation
{"question_number": 5, "correct_answer": "D", "explanation": "Microsoft Security Best Practices for ransomware recovery specify that the very first step is to stop the bleeding - prevent ongoing encryption and lateral spread before attempting any recovery or investigation. Disabling Microsoft OneDrive sync and Exchange ActiveSync (D) immediately halts the synchronization pathways ransomware uses to propagate encrypted files to the cloud and to other devices. If sync remains active, recovery becomes impossible because clean backups get overwritten with encrypted versions. Scanning (A) and recovering files (B) come later after the environment is isolated. Contacting law enforcement (C) is recommended but is not the first technical step. Isolation must precede all other actions.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.