SafeMode is a critical data protection feature designed to prevent accidental or malicious data deletion. To weaken its protections, such as reducing retention or eradication timers, Pure Storage enforces a multi-person control (MPC) security model. This process requires a request to be initiated by an administrator and then approved by two separate, pre-designated "SafeMode Admins" within the Pure1 management platform. Each approver must verify their identity using multi-factor authentication (MFA), also known as step-up authentication, ensuring that no single individual can compromise the snapshot protection policy. This workflow is managed exclusively through Pure1 to provide secure, out-of-band control.

A. This is incorrect. The process requires approval from two designated SafeMode Admins, not just a single Pure1 Admin, and the changes are not necessarily performed by Pure Support.

C. This is incorrect. SafeMode administration is intentionally managed through the cloud-based Pure1 platform, not local array accounts, to protect against a compromised local administrator.

1. Pure Storage Support Knowledge Base, "Purity//FA: SafeMode": This document outlines the functionality of SafeMode. In the section on administration, it details the requirement for multi-person approval for any action that reduces protection. It states, "To reduce the retention period or disable SafeMode, two users with the SafeMode Admin role must approve the change in Pure1. This multi-person approval process ensures that no single individual can compromise the data protection provided by SafeMode."

2. Pure Storage, "Pure1 User Guide," Role-Based Access Control (RBAC) Section: This guide describes the different administrative roles available in Pure1, including the "SafeMode Admin" role. It specifies that this role is required to approve or deny pending SafeMode policy changes, and the platform enforces MFA for these critical security actions.

3. Pure Storage, "Ransomware Protection with Purity SafeMode," White Paper: This paper discusses the security principles behind SafeMode. It emphasizes the out-of-band management via Pure1 and the dual-control approval workflow as key architectural components to prevent unauthorized tampering, stating, "Changes that would weaken protection... require approval from multiple authorized users."