Azure Storage Flashcards
Focused on flash cards for Azure Storage
1
Q
What types of storage is available in Azure?
A
- (LRS) Locally redundant storage (Single DC)
- (ZRS) Zone redundant storage (Multiple DC in the region)
- (GRS) Geo-redundant storage (Multiple DC in region + secondary DC)
- (RA-GRS) Read access geo-redundant storage
- (RA-GZRS) Read access geo-zone -redundant storage
2
Q
When you provision storage what types of storage do you get?
A
- File share (SMB)
- Table storage
- Queues
- Containers (Object/BLOB)
3
Q
What is container storage?
A
This is object/blob storage and is used for unstructured data.
4
Q
What is Azure file share storage?
A
SMB and NFS
5
Q
I need to provide file share for 10 Linux servers, as Azure only supports SMB storage, do I need to provide a highly available Linux NFS server to act as a file share?
A
No, Azure supports NFS natively as part of Azure storage (File share NFS).
6
Q
What are the available accesstiers for blob storage?
A
- Hot for frequent access
- Cold for data not accessed often
- Archive for data thet can tolerate retrieval latency of several hours
7
Q
Can I have a two storage accounts called keith01?
A
No the storage account name has to be unique
8
Q
Explain LRS?
A
Local redundant storage
9
Q
Explan how LRS data is replicated?
A
LRS is replicated 3 time in a single data center in a region
10
Q
Explain ZRS?
A
Zone redundant storage
11
Q
Explain how ZRS is replicated?
A
ZRS is replicated 3 time with in a single region
12
Q
How may 9 of durability has blob storage in azure?
A
11 x 9s
13
Q
Explain GRS?
A
Global resundant storage
14
Q
Explain how GRS is replicated?
A
Data is replicate 3 time with in a region to 3 data centers and to a secondary data center called secondary.
15
Q
When using GRS can I get accesss to the secondary region copy of the data?
A
No, it is used ny MS if these is a issues with primary copys to restore form. There is a option to use RGRS and this way you can access the secondary copy fro read lonely access
16
Q
What is RGRS?
A
Same as GRS but with the ability to read the secondary copy of the data in the secondary region.
17
Q
What is an access tier?
A
It is the type opf storage,
Hot
Cold
Archive
18
Q
What is a preformanc tier?
A
Preformance tier allows you to select the performance of the storage to suit your application,
- Premium: optimized for high transaction rates and single-digit consistent storage latency
- Standard: optimized for high capacity and high throughput
19
Q
I need single digit latency and consistances storage, what opetion do i have for Azure storage?
A
Premium: optimized for high transaction rates and single-digit consistent storage latency
20
Q
I require object storage, but do not require single digit latency, what is my bets option?
A
Standard: optimized for high capacity and high throughput
21
Q
List AccountKind’s available in Azure Storage?
A
3 storage accont types,
- General purpus v2
- General purups v1
- Blob sorage
22
Q
Can I have table storage in blob storage account type?
A
No only block storage
23
Q
Has general purpus v1 got storage tiers?
A
No, they do not have hot, cold or archive access tiers.
24
Q
When would i used general purpus v1 storage ?
A
To support clasic azure service manager, but this is all starting to be retired. General purpose v2 has all the same functionality of v1 with all the additions. Latest features will be applied to v2 only.
25
What is the container access levels available?
- No public read access: The container and its blobs can be accessed only with an authorized request. This option is the default for all new containers.
- Public read access for blobs only: Blobs within the container can be read by anonymous request, but container data is not available anonymously. Anonymous clients cannot enumerate the blobs within the container.
- Public read access for container and its blobs: Container and blob data can be read by anonymous request, except for container permission settings and container metadata. Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.
26
I wnat to write to a blob, how cna i ensure n o one else writes to the blob at the same time?
You can acquire a lease, you can renew, change or break lease using the lease ID.
27
Can a container have only one type of data tier?
No, data tier is set per blob/objetc.
28
How cna i make a file public available using azure storage?
You can upload the file to a container,. make the file publically available and the file is accessible over the web.
29
When writing to blob storage, what options do you have?
- block blob
- append blob
- page blob
30
Explain block blob?
Block blobs are optimized for uploading large amounts of data efficiently. Block blobs are comprised of blocks, each of which is identified by a block ID. A block blob can include up to 50,000 blocks. Each block in a block blob can be a different size, up to the maximum size permitted for the service version in use. To create or modify a block blob, write a set of blocks via the Put Block operation and then commit the blocks to a blob with the Put Block List operation.
31
Explain append blob?
An append blob is comprised of blocks and is optimized for append operations. When you modify an append blob, blocks are added to the end of the blob only, via the Append Block operation. Updating or deleting of existing blocks is not supported. Unlike a block blob, an append blob does not expose its block IDs.
32
Explain page blob?
Page blobs are a collection of 512-byte pages optimized for random read and write operations. To create a page blob, you initialize the page blob and specify the maximum size the page blob will grow. To add or update the contents of a page blob, you write a page or pages by specifying an offset and a range that align to 512-byte page boundaries. A write to a page blob can overwrite just one page, some pages, or up to 4 MiB of the page blob. Writes to page blobs happen in-place and are immediately committed to the blob. The maximum size for a page blob is 8 TiB.
33
I need to add styatic content for my web site, what Iare my options?
You cna use Azure storage and there is a option in side menu to enable static content hosting, you select the same of the index file and also create a folder called $web to place your content in.
34
What is a the storgae preformance tier?
It defines the preformance of the storage,
Standared : Is backed by magnetic drives
Prenium : Is backed by SSD
35
When would you used Standared preformance tier?
When you need general purpus storage and lowe sustained transactions.
36
When would you used Prenium preformance tier?
When you need sustained higher numbers of transactions. Can only be used with VM, you would use them for Databases for example
37
I wnat to use GRS with Prenium storage for a database, how do I set this up?
You cant, prenium storage is only supported using LRS (local storage)
38
Can I use append blobs with prenium storage?
No, you cna only use page blobs with premium storage.
39
Can you change the preformance tier after the storage account is created?
No
40
When I set the access tier on a container what am i doing?
You are only setting the default, when it comes to writing the blob you can overide the access tier.
41
I need to ensure my container blobs are not altered for a time period, a legal hold?
Azure storage has 'imutable blob storage' as part of access policy. This enables you to set a time frame where the objects in the blob can not ba altered.
42
I need to ensure my container blobs are not altered for a time period or for ever?
Azure storage has 'imutable blob storage' as part of access policy. This enables you to set a time frame where the objects in the blob can not ba altered. This can be until legal host is removedwith legal host or time based
43
What is an access policy?
There are two types of access policies
- Time based (for a period)
- Legal hold (until legal hold is removed)
44
What are the options for securing a storage account?
- Access keys
- Account SAS
- Service SAS
45
What is a access key?
Access keys are automaticaly created when the storage account is created and you use this key with REST API to access the container. You get two access kleys by default.
46
What privelages do you get with access keys?
You get root level access to the storage account the key is belong to.
47
Are access keys recomended?
No, b ecause they give you root level access to the storage account, breaks the best practice of least preveladge.
48
Ì wnat to provide access to a contractor for a day, should i uses access keys?
No, access keys are root level keys giving you access to everything, here we wnat to use Share Access Signature, with SAS we can just give the contractor access for the time period and to only the objects they require to do there job.
49
I wnat to give access to only the blobs and not tables etc, how can i do this?
SAS has option to allow only blob access
50
I am required to give access to a BLOB ctainer and not the whole storage account, how can i acheive this?
Azure storage as a option to acheive this,. you open storage explorer and right click the container you wnat to give access to, select get-SAS
51
I wnat to give access to a container and later changes the permissions, how can i do this?
Use SAAS with a access piolicy. A access policy can be assigned to a SAS, access policy can then be changed and alter the permissions.
52
What is the storage service firewall?
It controls the inbound access to the storage account
53
Is the storage firewall per network or per storage account or global?
The storage firewal is per storage account.
54
I ahve a storage account, how cna i restrict the inbound network connections?
Use a storage firewall, this enables you to control the inbound conenctions.
55
How do I enables service endpoints for storage on a vNET?
In the vNET you selct the option in service endpoint and select storage. Or you can use powershell and update commend.
56
I wnat to be able to ensure my traffic dose not leave my network and goes direct to the storage services and not through the internet. I have a vNET, how can I do this?
In the vNET use service endpoints to configure Azure storage as a service to be used through the endponts.
57
When you add service endpoint to aziure storage, what will happen to the NICs in the vNET?
A new route will be added to enables traffic to be routed direct to the azure storgae.
58
I need to ensure my storage account can not be accessed from the internet but can be accessed from a VM in vNET, how canI do this?
You can used the storage account firewall and configure it so traffic is only accepted from the vNET.
59
When using storage account firewall, do i have to configure an exception to allow Microsoft services access the storage?
Yes, if you are using the storage form Azure services then there is a checkbox to create an exception.
60
When using an Azure storage account firewall, do I have to configure an exception to allow Microsoft services access the storage?
Yes, if you are using the storage form Azure services then there is a checkbox to create an exception. For example, metrics and logs.
61
What are public endpoint in reference to Azure storage accounts?
When you create an Azure storage account is automatically has a public-facing endpoint available. Depending on your firewall setting and access configuration for the storage account will depend on the ability to connect on the endpoint.
62
What do I need ot make my storage account only accessible through my vNET?
You need to enable Azure storage service access in the vNET and alos configure the storage account firewall is used.
63
What does the storage account endpoint URL look like?
mystorageaccountname.blob.core.windows.net
64
Explain Azure storage tables?
This is a storage type where you can store semi-structured data
65
Is there a URL per table?
Yes, the URL is meas up of the storage name + table name.
66
I wnat the traffic coming from my client to enter the Microsoft network closest to the client, this way the traffic will be across the Microsoft network and not the internet, how can I do this?
In 'Firewall & networks' there are two options,
- Intenet routing
- Microsoft routing
67
For my storage account, how can I provide control at the network access level?
Azure storage has a configurable network-level firewall thet can be used to control access, this is a per storage account firewall.
68
Explain the two layers of access control there is when using storage accounts?
- Data access (Reading and writing data like a file to/from the storage)
- Management layer (Preforming actions on set storage account API/Portal)
69
When using access keys, are we providing access to the management layer or the data layer or both?
The access key allows the most access, you have access to the management layer and the data layer.
70
If I wnat ot just provide assess to the data layer, what would I have?
Shared Access Signature (SAS)
71
Where is RBAC mostly used in relation to the storage account?
It is used when accessing the Management layer but it is alos possible to use it for accessing the Data layer too.
72
When creating an access control policy what are the properties I can set?
- Start date
- Expire date
- Read
- Write
- List
- Delete
- Add
- Update
- Process
73
What types of SAS can you have?
- Account: Provides access to resources in one or more services in a storage account (like blob, file, table, queue).
- Server: Provides access to resources in a single service (like blob, file, table, queue).
74
Once you create a SAS and give it out for use to someone, can you then alter permission or revoke it.
No, the permission and start and expiry date are in the token given out and cant be altered or revoked. You can associate an access control policy with the SAS and the permission will be on the server-side and you can change them or revoke them.
75
Where would we use append blobs?
Log files where we are appending to the blob all the time.
76
Where would we use page blobs?
VM disks, where we need to randomly write and read all that time.
77
I have an older application using SMB, what is my best option to use an Azure service to provide the file share?
You can use Azure storage files to create a file share accessible using SMB
78
I am using Azure storage files and I am about to make large changes to many of the files and I wnat to be able to roll back changes, what options do I have?
You can take a snapshot and later if needed roll it back
79
I wnat to backup my Azure storage files nightly, what options do I have?
You can use backup, this is an option on the Azure storage files.
80
What access control options do I have an available for accessing Azure storage files?
You have the same access control options as container storage, access keys, SAS, etc.
81
Can you change Azure Storage account replication form when the account was first created and if so how?
ZRS can not be changed to GRS, but GRS can be changed to ZRS
82
When I create a Azure storage of type GRS, what could I do if the region failed with the primary storage?
In the 'Geo Replication' in left menu, you can select the failover to the second region?
83
When using GRS with Azure Storage, what happens in a region failover?
The DNS is switched from primary to secondary so there storage becomes available again. After failover storage will be LRS and you have to then decide on replication strategy.
84
What is an access policy used for?
You use an access policy with a SAS to grant permissions, when you grant permissions with access policy, you can change them at any time.
85
How can I give an application access to storage?
You have options to use AD and register the app with AD and then you can used storage account level RBAC to assign a role to the registered application.
86
I am using AD and a registered application to access my storage account, what do I need in my application to get this access?
You need either a AD cert or secret key
87
Explain point in time in relation to Azure Storage?
Point-in-time restore provides protection against accidental deletion or corruption by enabling you to restore block blob data to an earlier state. Point-in-time restore is useful in scenarios where a user or application accidentally deletes data or where an application error corrupts data. Point-in-time restore also enables testing scenarios that require reverting a data set to a known state before running further tests.
88
What option do I have for encryption?
Managed keys
| Customer managed keys
89
Explain how Azure Storage GEO failover works?
This is where you can force a failover from primary to secondary region. DNS entries are changed to point to new primary region.
90
What services are available in the storage account?
- Blob storage
- Table storage
- Queue storage
- Files storage
91
What is stored in the Azure storage Files?
This is a file share service, SMB.
92
What is the Azure storage queue service used for?
Queuing messages
93
Is Azure storage b lob good for storing structured data?
No, it is intended for storing unstructured data such as files, docs, videos.
94
Where are the blobs stored in Azure blob storage?
In a container.
95
I have log files that are been wrote to all the time, what type of blob should i use?
Append blobs because this is optimized to keep appending data to the end of the blob.
96
I have a file that is random accessed and i want to store in Azure storage, what type of blob is best?
Page blob as it is optimized for random access
97
I want to have the minimal cost storage for blobs and do not care about loosing a single datacenter.
LRS is local redundant storage and storage is in a single datacenter.
98
I want to have my blob storage so a single datacenter in a region can fail and i can still access my data, what option do i have?
Zone redundant storage (ZRS) is storage a single region and across all datacenters in the region.
99
I want to have my blob storage so a single region can fail and i can still access my data, what option do i have?
GRS is global redundant storage and data is stored to a secondary region.
100
If I am using GRS and the primary region fails, what will happen?
The primary region will take over serving the blobs, the URL will be changed to point at the secondary datacenter. You can also fail this over manually form the portal or form the CLI/API.
101
What using GRS can I read the data in the secondary region?
No, you can create RA-GRS type storage and you will then be able.
102
What is GRSZ?
Globally Redundant Storage across zones. It means data is replicated form the primary region to secondary region and in secondary region is replicated across the secondary regions zones.
103
Is file storage available as GRS?
No, only LRS and ZRS
104
Is BlobStorage available as GRS?
Mo, only ZRS and GRS
105
When GRS storage is used is the replication sync and async?
Async, meaning there is a log between the write in the primary storage and secondary storage.
106
What is Azure storage access tiers?
- Hot: Accesses often
- Cold: Accessed infrequently and stored for at least 30 days.
- Archive: Accessed rarely, stored for at least 180 days.
107
Can you access the data in the archive?
No you have to rehydrate the archive first.
108
What options have i for accessing the Blob storage?
You can access over public, private or both.
- Public: is a public URL
- Private: is a private end point.
109
I am concerned about azure storage protection what options do i have?
- Blob Soft delete
| - File share soft delete
110
What is soft delete?
You can recover files/blobs after retention period.
111
Dose every blob in a storage account container get a URL?
Yes
112
`What is Azure storage access level?
You can select between,
- Private: Access only from private VNET
- Public: Access from internet
- Both
113
What is the tool available for working with Azure storage?
Storage explorer is available in both download to run as app and also in the browser in the portal.
114
What option do i have to access Azure storage?
- Access keys (no recommended as they give you admin)
- Share access keys
- AD (Register app and use certs, key)
- AD (Managed identity)
115
I want to give access to only a single blob, what steps are involved?
Access keys do not allow you to give access to a single blob, shared access keys or AD (registered app) or AD (Managed iD)
116
I am using Azure storage and concerned about customer to storage latency, we can not use CDN, what option do i have to mitigate internet latency?
You have option to select how traffic gets to storage,
- Routed over internet
- Routed through MS network
117
I want to give temp access to a storage account, I would like access to expire on a date and time, how can i do this?
Use share access key, set the date and time, this is created at account level, you can also do it at the blob level too.
118
What would i use Azure storage premium?
When you need higher performance access, in premium disks are SSD, giving you high performance for apps like large SQL databases, AI and machine learning.
