Azure Storage

Question 1

What types of storage is available in Azure?

Answer 1

• (LRS) Locally redundant storage (Single DC)
• (ZRS) Zone redundant storage (Multiple DC in the region)
• (GRS) Geo-redundant storage (Multiple DC in region + secondary DC)
• (RA-GRS) Read access geo-redundant storage
• (RA-GZRS) Read access geo-zone -redundant storage

Question 2

When you provision storage what types of storage do you get?

Answer 2

• File share (SMB)
• Table storage
• Queues
• Containers (Object/BLOB)

Question 3

What is container storage?

Answer 3

This is object/blob storage and is used for unstructured data.

Question 4

What is Azure file share storage?

Answer 4

SMB and NFS

Question 5

I need to provide file share for 10 Linux servers, as Azure only supports SMB storage, do I need to provide a highly available Linux NFS server to act as a file share?

Answer 5

No, Azure supports NFS natively as part of Azure storage (File share NFS).

Question 6

What are the available accesstiers for blob storage?

Answer 6

• Hot for frequent access
• Cold for data not accessed often
• Archive for data thet can tolerate retrieval latency of several hours

Question 7

Can I have a two storage accounts called keith01?

Answer 7

No the storage account name has to be unique

Question 8

Explain LRS?

Answer 8

Local redundant storage

Question 9

Explan how LRS data is replicated?

Answer 9

LRS is replicated 3 time in a single data center in a region

Question 10

Explain ZRS?

Answer 10

Zone redundant storage

Question 11

Explain how ZRS is replicated?

Answer 11

ZRS is replicated 3 time with in a single region

Question 12

How may 9 of durability has blob storage in azure?

Answer 12

11 x 9s

Question 13

Explain GRS?

Answer 13

Global resundant storage

Question 14

Explain how GRS is replicated?

Answer 14

Data is replicate 3 time with in a region to 3 data centers and to a secondary data center called secondary.

Question 15

When using GRS can I get accesss to the secondary region copy of the data?

Answer 15

No, it is used ny MS if these is a issues with primary copys to restore form. There is a option to use RGRS and this way you can access the secondary copy fro read lonely access

Question 16

What is RGRS?

Answer 16

Same as GRS but with the ability to read the secondary copy of the data in the secondary region.

Question 17

What is an access tier?

Answer 17

It is the type opf storage,
Hot
Cold
Archive

Question 18

What is a preformanc tier?

Answer 18

Preformance tier allows you to select the performance of the storage to suit your application,

• Premium: optimized for high transaction rates and single-digit consistent storage latency
• Standard: optimized for high capacity and high throughput

Question 19

I need single digit latency and consistances storage, what opetion do i have for Azure storage?

Answer 19

Premium: optimized for high transaction rates and single-digit consistent storage latency

Question 20

I require object storage, but do not require single digit latency, what is my bets option?

Answer 20

Standard: optimized for high capacity and high throughput

Question 21

List AccountKind’s available in Azure Storage?

Answer 21

3 storage accont types,

• General purpus v2
• General purups v1
• Blob sorage

Question 22

Can I have table storage in blob storage account type?

Answer 22

No only block storage

Question 23

Has general purpus v1 got storage tiers?

Answer 23

No, they do not have hot, cold or archive access tiers.

Question 24

When would i used general purpus v1 storage ?

Answer 24

To support clasic azure service manager, but this is all starting to be retired. General purpose v2 has all the same functionality of v1 with all the additions. Latest features will be applied to v2 only.

Question 25

What is the container access levels available?

Answer 25

• No public read access: The container and its blobs can be accessed only with an authorized request. This option is the default for all new containers.
• Public read access for blobs only: Blobs within the container can be read by anonymous request, but container data is not available anonymously. Anonymous clients cannot enumerate the blobs within the container.
• Public read access for container and its blobs: Container and blob data can be read by anonymous request, except for container permission settings and container metadata. Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.

Question 26

I wnat to write to a blob, how cna i ensure n o one else writes to the blob at the same time?

Answer 26

You can acquire a lease, you can renew, change or break lease using the lease ID.

Question 27

Can a container have only one type of data tier?

Answer 27

No, data tier is set per blob/objetc.

Question 28

How cna i make a file public available using azure storage?

Answer 28

You can upload the file to a container,. make the file publically available and the file is accessible over the web.

Question 29

When writing to blob storage, what options do you have?

Answer 29

• block blob
• append blob
• page blob

Question 30

Explain block blob?

Answer 30

Block blobs are optimized for uploading large amounts of data efficiently. Block blobs are comprised of blocks, each of which is identified by a block ID. A block blob can include up to 50,000 blocks. Each block in a block blob can be a different size, up to the maximum size permitted for the service version in use. To create or modify a block blob, write a set of blocks via the Put Block operation and then commit the blocks to a blob with the Put Block List operation.

Question 31

Explain append blob?

Answer 31

An append blob is comprised of blocks and is optimized for append operations. When you modify an append blob, blocks are added to the end of the blob only, via the Append Block operation. Updating or deleting of existing blocks is not supported. Unlike a block blob, an append blob does not expose its block IDs.

Question 32

Explain page blob?

Answer 32

Page blobs are a collection of 512-byte pages optimized for random read and write operations. To create a page blob, you initialize the page blob and specify the maximum size the page blob will grow. To add or update the contents of a page blob, you write a page or pages by specifying an offset and a range that align to 512-byte page boundaries. A write to a page blob can overwrite just one page, some pages, or up to 4 MiB of the page blob. Writes to page blobs happen in-place and are immediately committed to the blob. The maximum size for a page blob is 8 TiB.

Question 33

I need to add styatic content for my web site, what Iare my options?

Answer 33

You cna use Azure storage and there is a option in side menu to enable static content hosting, you select the same of the index file and also create a folder called $web to place your content in.

Question 34

What is a the storgae preformance tier?

Answer 34

It defines the preformance of the storage,
Standared : Is backed by magnetic drives
Prenium : Is backed by SSD

Question 35

When would you used Standared preformance tier?

Answer 35

When you need general purpus storage and lowe sustained transactions.

Question 36

When would you used Prenium preformance tier?

Answer 36

When you need sustained higher numbers of transactions. Can only be used with VM, you would use them for Databases for example

Question 37

I wnat to use GRS with Prenium storage for a database, how do I set this up?

Answer 37

You cant, prenium storage is only supported using LRS (local storage)

Question 38

Can I use append blobs with prenium storage?

Answer 38

No, you cna only use page blobs with premium storage.

Question 39

Can you change the preformance tier after the storage account is created?

Answer 39

No

Question 40

When I set the access tier on a container what am i doing?

Answer 40

You are only setting the default, when it comes to writing the blob you can overide the access tier.

Question 41

I need to ensure my container blobs are not altered for a time period, a legal hold?

Answer 41

Azure storage has ‘imutable blob storage’ as part of access policy. This enables you to set a time frame where the objects in the blob can not ba altered.

Question 42

I need to ensure my container blobs are not altered for a time period or for ever?

Answer 42

Azure storage has ‘imutable blob storage’ as part of access policy. This enables you to set a time frame where the objects in the blob can not ba altered. This can be until legal host is removedwith legal host or time based

Question 43

What is an access policy?

Answer 43

There are two types of access policies

• Time based (for a period)
• Legal hold (until legal hold is removed)

Question 44

What are the options for securing a storage account?

Answer 44

• Access keys
• Account SAS
• Service SAS

Question 45

What is a access key?

Answer 45

Access keys are automaticaly created when the storage account is created and you use this key with REST API to access the container. You get two access kleys by default.

Question 46

What privelages do you get with access keys?

Answer 46

You get root level access to the storage account the key is belong to.

Question 47

Are access keys recomended?

Answer 47

No, b ecause they give you root level access to the storage account, breaks the best practice of least preveladge.

Question 48

Ì wnat to provide access to a contractor for a day, should i uses access keys?

Answer 48

No, access keys are root level keys giving you access to everything, here we wnat to use Share Access Signature, with SAS we can just give the contractor access for the time period and to only the objects they require to do there job.

Question 49

I wnat to give access to only the blobs and not tables etc, how can i do this?

Answer 49

SAS has option to allow only blob access

Question 50

I am required to give access to a BLOB ctainer and not the whole storage account, how can i acheive this?

Answer 50

Azure storage as a option to acheive this,. you open storage explorer and right click the container you wnat to give access to, select get-SAS

Question 51

I wnat to give access to a container and later changes the permissions, how can i do this?

Answer 51

Use SAAS with a access piolicy. A access policy can be assigned to a SAS, access policy can then be changed and alter the permissions.

Question 52

What is the storage service firewall?

Answer 52

It controls the inbound access to the storage account

Question 53

Is the storage firewall per network or per storage account or global?

Answer 53

The storage firewal is per storage account.

Question 54

I ahve a storage account, how cna i restrict the inbound network connections?

Answer 54

Use a storage firewall, this enables you to control the inbound conenctions.

Question 55

How do I enables service endpoints for storage on a vNET?

Answer 55

In the vNET you selct the option in service endpoint and select storage. Or you can use powershell and update commend.

Question 56

I wnat to be able to ensure my traffic dose not leave my network and goes direct to the storage services and not through the internet. I have a vNET, how can I do this?

Answer 56

In the vNET use service endpoints to configure Azure storage as a service to be used through the endponts.

Question 57

When you add service endpoint to aziure storage, what will happen to the NICs in the vNET?

Answer 57

A new route will be added to enables traffic to be routed direct to the azure storgae.

Question 58

I need to ensure my storage account can not be accessed from the internet but can be accessed from a VM in vNET, how canI do this?

Answer 58

You can used the storage account firewall and configure it so traffic is only accepted from the vNET.

Question 59

When using storage account firewall, do i have to configure an exception to allow Microsoft services access the storage?

Answer 59

Yes, if you are using the storage form Azure services then there is a checkbox to create an exception.

Question 60

When using an Azure storage account firewall, do I have to configure an exception to allow Microsoft services access the storage?

Answer 60

Yes, if you are using the storage form Azure services then there is a checkbox to create an exception. For example, metrics and logs.

Question 61

What are public endpoint in reference to Azure storage accounts?

Answer 61

When you create an Azure storage account is automatically has a public-facing endpoint available. Depending on your firewall setting and access configuration for the storage account will depend on the ability to connect on the endpoint.

Question 62

What do I need ot make my storage account only accessible through my vNET?

Answer 62

You need to enable Azure storage service access in the vNET and alos configure the storage account firewall is used.

Question 63

What does the storage account endpoint URL look like?

Answer 63

mystorageaccountname.blob.core.windows.net

Question 64

Explain Azure storage tables?

Answer 64

This is a storage type where you can store semi-structured data

Question 65

Is there a URL per table?

Answer 65

Yes, the URL is meas up of the storage name + table name.

Question 66

I wnat the traffic coming from my client to enter the Microsoft network closest to the client, this way the traffic will be across the Microsoft network and not the internet, how can I do this?

Answer 66

In ‘Firewall & networks’ there are two options,

• Intenet routing
• Microsoft routing

Question 67

For my storage account, how can I provide control at the network access level?

Answer 67

Azure storage has a configurable network-level firewall thet can be used to control access, this is a per storage account firewall.

Question 68

Explain the two layers of access control there is when using storage accounts?

Answer 68

• Data access (Reading and writing data like a file to/from the storage)
• Management layer (Preforming actions on set storage account API/Portal)

Question 69

When using access keys, are we providing access to the management layer or the data layer or both?

Answer 69

The access key allows the most access, you have access to the management layer and the data layer.

Question 70

If I wnat ot just provide assess to the data layer, what would I have?

Answer 70

Shared Access Signature (SAS)

Question 71

Where is RBAC mostly used in relation to the storage account?

Answer 71

It is used when accessing the Management layer but it is alos possible to use it for accessing the Data layer too.

Question 72

When creating an access control policy what are the properties I can set?

Answer 72

• Start date
• Expire date
• Read
• Write
• List
• Delete
• Add
• Update
• Process

Question 73

What types of SAS can you have?

Answer 73

• Account: Provides access to resources in one or more services in a storage account (like blob, file, table, queue).
• Server: Provides access to resources in a single service (like blob, file, table, queue).

Question 74

Once you create a SAS and give it out for use to someone, can you then alter permission or revoke it.

Answer 74

No, the permission and start and expiry date are in the token given out and cant be altered or revoked. You can associate an access control policy with the SAS and the permission will be on the server-side and you can change them or revoke them.

Question 75

Where would we use append blobs?

Answer 75

Log files where we are appending to the blob all the time.

Question 76

Where would we use page blobs?

Answer 76

VM disks, where we need to randomly write and read all that time.

Question 77

I have an older application using SMB, what is my best option to use an Azure service to provide the file share?

Answer 77

You can use Azure storage files to create a file share accessible using SMB

Question 78

I am using Azure storage files and I am about to make large changes to many of the files and I wnat to be able to roll back changes, what options do I have?

Answer 78

You can take a snapshot and later if needed roll it back

Question 79

I wnat to backup my Azure storage files nightly, what options do I have?

Answer 79

You can use backup, this is an option on the Azure storage files.

Question 80

What access control options do I have an available for accessing Azure storage files?

Answer 80

You have the same access control options as container storage, access keys, SAS, etc.

Question 81

Can you change Azure Storage account replication form when the account was first created and if so how?

Answer 81

ZRS can not be changed to GRS, but GRS can be changed to ZRS

Question 82

When I create a Azure storage of type GRS, what could I do if the region failed with the primary storage?

Answer 82

In the ‘Geo Replication’ in left menu, you can select the failover to the second region?

Question 83

When using GRS with Azure Storage, what happens in a region failover?

Answer 83

The DNS is switched from primary to secondary so there storage becomes available again. After failover storage will be LRS and you have to then decide on replication strategy.

Question 84

What is an access policy used for?

Answer 84

You use an access policy with a SAS to grant permissions, when you grant permissions with access policy, you can change them at any time.

Question 85

How can I give an application access to storage?

Answer 85

You have options to use AD and register the app with AD and then you can used storage account level RBAC to assign a role to the registered application.

Question 86

I am using AD and a registered application to access my storage account, what do I need in my application to get this access?

Answer 86

You need either a AD cert or secret key

Question 87

Explain point in time in relation to Azure Storage?

Answer 87

Point-in-time restore provides protection against accidental deletion or corruption by enabling you to restore block blob data to an earlier state. Point-in-time restore is useful in scenarios where a user or application accidentally deletes data or where an application error corrupts data. Point-in-time restore also enables testing scenarios that require reverting a data set to a known state before running further tests.

Question 88

What option do I have for encryption?

Answer 88

Managed keys

Customer managed keys

Question 89

Explain how Azure Storage GEO failover works?

Answer 89

This is where you can force a failover from primary to secondary region. DNS entries are changed to point to new primary region.

Question 90

What services are available in the storage account?

Answer 90

• Blob storage
• Table storage
• Queue storage
• Files storage

Question 91

What is stored in the Azure storage Files?

Answer 91

This is a file share service, SMB.

Question 92

What is the Azure storage queue service used for?

Answer 92

Queuing messages

Question 93

Is Azure storage b lob good for storing structured data?

Answer 93

No, it is intended for storing unstructured data such as files, docs, videos.

Question 94

Where are the blobs stored in Azure blob storage?

Answer 94

In a container.

Question 95

I have log files that are been wrote to all the time, what type of blob should i use?

Answer 95

Append blobs because this is optimized to keep appending data to the end of the blob.

Question 96

I have a file that is random accessed and i want to store in Azure storage, what type of blob is best?

Answer 96

Page blob as it is optimized for random access

Question 97

I want to have the minimal cost storage for blobs and do not care about loosing a single datacenter.

Answer 97

LRS is local redundant storage and storage is in a single datacenter.

Question 98

I want to have my blob storage so a single datacenter in a region can fail and i can still access my data, what option do i have?

Answer 98

Zone redundant storage (ZRS) is storage a single region and across all datacenters in the region.

Question 99

I want to have my blob storage so a single region can fail and i can still access my data, what option do i have?

Answer 99

GRS is global redundant storage and data is stored to a secondary region.

Question 100

If I am using GRS and the primary region fails, what will happen?

Answer 100

The primary region will take over serving the blobs, the URL will be changed to point at the secondary datacenter. You can also fail this over manually form the portal or form the CLI/API.

Question 101

What using GRS can I read the data in the secondary region?

Answer 101

No, you can create RA-GRS type storage and you will then be able.

Question 102

What is GRSZ?

Answer 102

Globally Redundant Storage across zones. It means data is replicated form the primary region to secondary region and in secondary region is replicated across the secondary regions zones.

Question 103

Is file storage available as GRS?

Answer 103

No, only LRS and ZRS

Question 104

Is BlobStorage available as GRS?

Answer 104

Mo, only ZRS and GRS

Question 105

When GRS storage is used is the replication sync and async?

Answer 105

Async, meaning there is a log between the write in the primary storage and secondary storage.

Question 106

What is Azure storage access tiers?

Answer 106

• Hot: Accesses often
• Cold: Accessed infrequently and stored for at least 30 days.
• Archive: Accessed rarely, stored for at least 180 days.

Question 107

Can you access the data in the archive?

Answer 107

No you have to rehydrate the archive first.

Question 108

What options have i for accessing the Blob storage?

Answer 108

You can access over public, private or both.

• Public: is a public URL
• Private: is a private end point.

Question 109

I am concerned about azure storage protection what options do i have?

Answer 109

• Blob Soft delete

- File share soft delete

Question 110

What is soft delete?

Answer 110

You can recover files/blobs after retention period.

Question 111

Dose every blob in a storage account container get a URL?

Answer 111

Yes

Question 112

`What is Azure storage access level?

Answer 112

You can select between,

• Private: Access only from private VNET
• Public: Access from internet
• Both

Question 113

What is the tool available for working with Azure storage?

Answer 113

Storage explorer is available in both download to run as app and also in the browser in the portal.

Question 114

What option do i have to access Azure storage?

Answer 114

• Access keys (no recommended as they give you admin)
• Share access keys
• AD (Register app and use certs, key)
• AD (Managed identity)

Question 115

I want to give access to only a single blob, what steps are involved?

Answer 115

Access keys do not allow you to give access to a single blob, shared access keys or AD (registered app) or AD (Managed iD)

Question 116

I am using Azure storage and concerned about customer to storage latency, we can not use CDN, what option do i have to mitigate internet latency?

Answer 116

You have option to select how traffic gets to storage,

• Routed over internet
• Routed through MS network

Question 117

I want to give temp access to a storage account, I would like access to expire on a date and time, how can i do this?

Answer 117

Use share access key, set the date and time, this is created at account level, you can also do it at the blob level too.

Question 118

What would i use Azure storage premium?

Answer 118

When you need higher performance access, in premium disks are SSD, giving you high performance for apps like large SQL databases, AI and machine learning.