Ch. 2 Implement and manage storage. Flashcards

Question 1

Q

How are storage accounts managed?

Answer

A

Through the Azure Resource Manager.

Question 2

Q

How are storage accounts authenticated and authorized?

Answer

A

Through Azure Active Directory and RBAC.

Question 3

Q

Azure storage account

Answer

A

contains all of your Azure Storage data objects (blob, file shares, queues, tables, and disks)
provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP and HTTPS
data in the storage account is durable and highly available, secure, and massively scalable

Question 4

Q

Endpoint

Answer

A

the combination of the account name and the service endpoint

Question 5

Q

Storage firewall

Answer

A

allows you to limit access to specific IP addresses or an IP address range

by limiting access to the IP address range of your company, access from other locations will be blocked
service endpoints are used to restrict access to specific subnets within an Azure VNet

Question 6

Q

Where do you configure the storage firewall using Azure portal?

Answer

A

open the storage account blade
Click Firewalls and virtual networks
Under All Access From, click Selected Networks to reveal the Firewall and Virtual Network settings

Question 7

Q

Address space for storage firewall

Answer

A

When creating a storage firewall, you must use public Internet IP address space. You cannot use IPs in the private IP address space.

Question 8

Q

How do you access the storage account via the Internet?

Answer

A

Use the storage firewall to specify the Internet-facing source IP addresses.

Question 9

Q

Benefits of using network service endpoints

Answer

A

allows you to remove access from the public Internet and only allow traffic from a virtual network for improved security
optimized routing - service endpoints create a direct network route from the virtual network to the storage service

Question 10

Q

Configuring service endpoints

Answer

A

Step 1. create the route from the subnet to the storage service

Step 2. configure which virtual networks can access a particular storage account

Question 11

Q

How do you enable anonymous user access in Blob storage?

Answer

A

you much change the container access level

by default no public read access is enabled for anonymous users

Question 12

Q

Blob Storage access levels

Answer

A

Private
Blob
Container

the access level is configured separately on each blob container

Question 13

Q

Blob Storage access levels - Private

Answer

A

only the storage account owner can access the container and its blobs, no one else has access

Question 14

Q

Blob Storage Access levels - Blob

Answer

A

only blobs within the container can be accessed anonymously

Question 15

Q

Blob Storage access levels

Answer

A

only blobs within the container can be accessed anonymously

Question 16

Q

Blob Storage access levels Container

Answer

A

blobs and their containers can be accessed anonymously

Question 17

Q

Shared Access Signature token (SAS token)

Answer

A

a URI query string parameter that grants access to specific containers, blobs, queues, and tables

use a SAS token to grant access to a client that shouldn’t have access to the entire contents of the storage account (and storage account keys) but still requires secure authentication

grant access to a specific resource, for a specified period of time, and with a specified set of permissions

used to read and write the data to users’ storage accounts

used to copy blobs or files to another storage account

only use HTTPS because active SAS tokens provide direct authentication to your storage account, you must use a secure connection to distribute SAS token URIs

Question 18

Q

Types of services within a storage account

Answer

A

blobs
tables
queues
files
disks

Question 19

Q

Blobs

Answer

A

provides highly scalable service for storing arbitrary data objects such as text or binary data

Question 20

Q

tables

Answer

A

provides a NoSQL-style store for storing structured data

tables in Azure storage do not require a fixed schema, different entries in the same table can have different fields

Question 21

Q

queues

Answer

A

reliable message queuing between application components

Question 22

Q

files

Answer

A

managed files shares that can be used by Azure VMs or on-premises servers

Question 23

Q

disks

Answer

A

persistent storage volume for Azure VM which can be attached as a virtual hard disk

Question 24

Q

Types of Storage Blobs

Answer

A

Block Blobs
Append Blobs
Page Blobs: used to store VHD files when deploying unmanaged disks (older disk storage technology for Azure virtual machines, managed disks are recommended for new deployments)

Question 25

Q

Configurable Options when creating a storage account

Answer

A

Performance Tier
Account Kind
Replication Option
Access Tier

Question 26

Q

Naming storage accounts

Answer

A

the storage account name must be unique across all existing storage account names in Azure
the name must be between 3 to 24 characters and can contain only lowercase letters and numbers

Question 27

Q

Performance tiers

Answer

A

Standard: supports all storage services, blobs, tables, files, queues, and unmanaged Azure virtual machine disks. It uses magnetic disks to provide cost-efficient and reliable storage.

Premium: designed to support workloads with greater demands on I/O and is backed by high-performance SSD disks
It only supports General-Purpose accounts with Disk Blobs and Page Blobs
It also supports Block Blobs or Append Blobs with BlockBlobStorage accounts and files with FileStorage accounts

Question 28

Q

Can the performance tier setting be changed once selected?

Answer

A

No, the setting cannot be changed at a later date.

Question 29

Q

Replication options with premium tier

Answer

A

premium tier only supports LRS as a replication option for general-purpose storage accounts
it supports LRS and ZRS both for BlockBlobStorage and File Storage accounts

Question 30

Q

Standard Tier account kind

Answer

A

Storage V2 ( General-Purpose V2)
Storage (General-Purpose V1)
BlobStorage

Question 31

Q

Premium Tier Account kind

Answer

A

Storage V2 (General-Purpose v2)
Storage (General - Purpose v1)
BlockBlobStorage
FileStorage

Question 32

Q

Key points to remember.

Answer

A

the Blob Storage account is a specialized storage account used to store Block Blobs and Append Blobs. You can’t store Page Blobs in these accounts, therefore you can’t use them for unmanaged disks
Only General-Purpose V2 and Blob Storage accounts support the Hot, Cold, and Archive access tiers
General-Purpose V1 and Blob Storage accounts can both be upgraded to General-Purpose V2 account. This operation is irreversible. No other changes to the account kind are supported.

Question 33

Q

Storage Account Replication Options

Answer

A

Locally redundant storage (LRS)
Zone Redundant storage (ZRS)
Geographically redundant storage (GRS)
Read access geographically redundant storage (RA-GRS)
Geographically zone redundant storage (GZRS)
Read access geographically zone redundant storage (RA-GZRS)

Question 34

Q

Locally Redundant Storage (LRS)

Answer

A

makes 3 synchronous copies of your data within a single datacenter

available for General-Purpose or Blob Storage accounts at both Standard and Premium Performance tiers

Question 35

Q

Zone redundant storage (ZRS)

Answer

A

makes 3 synchronous copies to 3 separate availability zones within a single region

available for General-Purpose V2 storage accounts only at the Standard Performance tier only, also available for BlockBlobStorage and FileStorage

Question 36

Q

Geographically redundant storage (GRS)

Answer

A

There are 3 local copies in the same datacenter (LRS) and 3 additional asynchronous copies to a second datacenter hundreds of miles away from the primary region. Data replication occurs within 15 min although no SLA s provided.

available for General-Purpose or Blob Storage accounts at the Standard Performance tier only

Question 37

Q

Read access geographically redundant storage (RA-GRS)

Answer

A

There are 3 local copies, plus 3 additional asynchronous copies to a second datacenter hundreds of miles away from the primary region as well as read-only access to the data in the secondary datacenter.

Available for General-Purpose or Blob Storage account at the Standard Performance tier only

Question 38

Q

Geographically zone redundant storage (GZRS)

Answer

A

There are 3 synchronous copies across multiple availability zones, plus 3 additional asynchronous copies to a second datacenter hundreds of miles away from the primary region. Data replication occurs within 15min although there is no SLA.

Question 39

Q

Read access geographically zone redundant storage (RA-GZRS)

Answer

A

There are 3 synchronous copies across multiple availability zones, plus 3 additional asynchronous copies to a second datacenter hundreds of miles away from the primary region, plus read-only access to the data in the secondary datacenter

Available for General-Purpose V2 storage accounts only at the Standard Performance tier only

Question 40

Q

Note on Replication options

Answer

A

if an entire datacenter is down then LRS would incur an outage
if a primary region is down both the LRS and ZRS options would incur an outage, but GRS and GZRS would provide the secondary region that takes care of requests
not all the replication options are available in all regions

Question 41

Q

Specifying replication and performance tier settings

Answer

A

When creating a storage account via the Azure portal, the replication and performance tier options are specified using separate settings

When creating an account using Azure PowerShell, the Azure CLI, or via template, these settings are combined within the SKU settings

ex. to specify a Standard storage account using locally redundant storage using the Azure CLI, use –sku Standard_LRS

Question 42

Q

Access Tiers

Answer

A

Hot
Cool
Archive

– access tiers apply to Blob Storage only. They do no apply to other storage services including Block Blob Storage

Question 43

Q

Access Tier - Hot

Answer

A

used to store frequently accessed objects
data access costs are low while storage costs are higher

Question 44

Q

Access Tiers - Cool

Answer

A

used to store large amounts of data that is not accessed frequently and that is stored for at least 30 days
the availability SLA is lower than for the Hot tier
relative to the Hot tier, data access costs are higher and storage costs are lower

Question 45

Q

Access Tiers - Archive

Answer

A

used to archive data for long-term storage, that is accessed rarely, can tolerate several hours of retrieval latency and will remain in the Archive tier for at least 180 days
most cost effective option for storing data, but accessing that data is more expensive than accessing data in the Hot or Cool tiers

Question 46

Q

Note on Access Tiers

Answer

A

new blobs will default to the access tier that is set at the storage account level, though you can override that at the blob level by setting a different access tier, including the archive tier
the archive tier is not supported for ZRS, GZRS, and RA-GZRS

Question 47

Q

Shared Access Signatures (SAS) Token

Answer

A

a SAS token is a way granularly control how a client can access data in an Azure storage account
you can use an account - level SAS to access the account itself
- you can control what services and resources the client can access
- what permission the client has
- how long the token is valid for

Question 48

Q

What is the simplest way to create a SAS token?

Answer

A

Through the Shared Access Signature blade in the Azure portal

Question 49

Q

Using shared access signatures (SAS)

Answer

A

each SAS token is a query string parameter that can be appended to the full URI of the blob or other storage resource for which the SAS token was created.
create the SAS URS by appending the SAS token to the full URI of the blob or other storage resources

Question 50

Q

Account-level SAS

Answer

A

with account-level SAS you can manage all the resources belonging to the storage account
you can also perform write and delete operations for all the resources (blobs, tables, etc)
stored access policy is not supported for account level SAS

Question 51

Q

Using user delegation SAS

Answer

A

create user delegation SAS using Azure AD credentials
only supported by the Blob Storage
* can grant access to containers and blobs
SAS is not supported for user delegation SAS

Question 52

Q

Using shared access signatures

Answer

A

each SAS token is a query string parameter that can be appended to the full URI of the blob or other storage resource for which the SAS token was created
- URI: uniform string identifier, a unique sequence of characters that identifies a logical or physical resource used by web technologies. They provide a means of locating and retrieving information resources on a network
create the SAS URI by appending the SAS token to the full URI of the blob or other storage resources

example
storage account: examref
blob container: examrefcontainer
blob path: sample-file.png

Full URI to the blob in storage is: https://examrefstorae.blob.core.windows.net/examrefcontainer/sample-file.png

The combine URI with the generated SAS token is: https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png?sv=2019-10-10&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-05-08T08:50:14Z&st=2020-05-08T00:50:14Z&spr=https&sig=65tNhZtj2lu0tih8HQtK7aEL9YCIpGGprZocXjiQ%2Fko%3D

Question 53

Q

Using a stored access policy

Answer

A

A SAS token incorporates the access parameters (start to end, time, permissions, etc). Stored access policies allow the parameters for a SAS token to be decoupled from the token itself.
the access policy sets the start to end time, access permissions etc.
generated SAS tokens will reference the access policy rather than having it embedded
You can update the access policy rather than regenerating a SAS token when you want to change the parameters

Question 54

Q

How many access policies can you have on a container, table, queue or file share?

Question 55

Q

Access keys

Answer

A

the easiest way to manage a storage account
with the storage account name and an access key of the Azure storage account you have full access to all data in all services within the storage account
applications use the storage account name and key for access to Azure Storage

Question 56

Q

Key rolling

Answer

A

each storage account has 2 keys, a primary and secondary
If the primary key needs to be reset, then the secondary key can be used by applications
in this way there will be no downtime for applications that directly access storage using and access key

Question 57

Q

Access keys and SAS tokens

Answer

A

rolling a storage account access key will invalidate any SAS tokens that were generated using that key

Question 58

Q

Regenerate storage account access keys

Answer

A

can be regenerated in Azure portal or the command-line tools
in PowerShell use New-AzStorageAccountKey cmdlet

-Azure CLI use az storage account keys renew command

Question 59

Q

Azure Key Vault

Answer

A

helps safeguard cryptographic keys and secrets used by cloud applications and services
stores authentication keys, storage account keys, data encryption keys, and certificate private keys

Question 60

Q

hardware security modules (HSM)

Answer

A

protects keys in the Azure Key Vault
HSM keys can be generated in place or imported

Question 61

Q

bring your own key (BYOK)

Answer

A

keys that are imported

Question 62

Q

Accessing encrypted keys from Azure Key Vault

Answer

A

accessing and unencrypting keys is performed by a developer
keys from the Key Vault can also be accessed from ARM templates during deployment

Question 63

Q

Azure AD Authentication (AAD Authentication)

Answer

A

beneficial for large customers who want to control data access at an enterprise based on their security and compliance standards.
Azure blobs and queues are supported by AAD authentication
Azure Table storage is not supported with AAD authentication
storage accounts that are created with Azure Resource Manager deployment model only support Azure AD authorization

Question 64

Q

manage service identity (MSI)

Answer

A

an automatically managed identity in AAD for applications to use when connecting to resources that support AAD authentication
applications use managed identities to obtain AAD tokens without having to manage any credentials

Answer 64

A

the scope of access for a security principal for assigning a RBAC role
container, queue, storage account, resource group, subscription

Answer 65

A

the role assignment will be applicable at the container level
all blobs inside the container, the container properties, and the metadata will inherit the role assignment when this scope is selected

Answer 66

A

the role assignment will be applicable at the queue level
all messages inside queue, queue properties and metadata will inherit the role assignment

Answer 67

A

the role assignment will be applicable at the storage account level
all containers, blobs, queues, and messages within the storage account will inherit the role assignment

Answer 68

A

role assignment will be applicable at the resource group level
all the containers or queues in all the storage accounts in the resource group will inherit the role assignment when this scope is selected

Answer 69

A

the role assignment will be applicable at the subscription level
all the containers or queues in all the storage accounts in all the resource groups in the subscription will inherit the role assignment

Answer 70

A

RBAC roles take up to 5 min to propagate the role assignments

Answer 71

A

On-premises Active Directory Domain Services (AD DS)
Azure Active Directory Domain Services (Azure AD DS)

Answer 72

A

Follow these steps for AD DS authentications

Enable AD DS authentication on your storage account.
Assign share-level access permissions to an Azure AD identity.
Assign directory/file-level permissions using Windows ACLs
Mount the Azure file share.
Update the password of your storage account identity in AD DS.

Answer 73

A

Azure AD DS joined Windows machines can access Azure file shares with AZure AD credentials over SMB.

Enable Azure AD DS for your storage account.
Register your storage account with AD DS and enable AD DS authentication for you Azure files shares
Configure share-level permissions in order to get access to your file shares
Assign granular-level permissions at the root, directory, or file level using basic and advanced Windows ACLs
Mount an Azure file share from a domain-joined VM Log in to the domain-joined VM using an Azure AD identity.
Grant permissions to additional users (optional)
Mount the share by using your storage account key from your domain-joined VM. This enables you to configure ACLs with superuser permissions.
Configure the Windows ACLs using either Windows File Explorer or icacls.
You can use Windows File Explorer to grant the necessary permissions.
Update the password of the AD DS identity/account that represents your storage account in an organizational unit or domain that enforces password expiration time.

Answer 74

A

allows you to ship data into or out of an Azure Storage account by physically shipping disks to and Azure datacenter
only used with Blob Storage and Azure Files

Answer 75

A

export large volumes of data from Azure Storage to your on-premises environment by shipping you the data on disk
only supports the export of blobs

Answer 76

A

allows you to import large volumes of data to Azure by shipping the data on disk to MS

Answer 77

A

Tool used to import/export data for Azure
2 versions
- Version 1 is for Azure Blob Storage
- Version 2 is for Azure Files

Answer 78

A

Win 7, Win Svr 08 R2 or later OS required
.NET Framework 4.5.1 or later and BitLocker
All storage account types are supported (General-Purpose V1, General-Purpose V2, and Blob Storage)
Block, Page, and Append Blobs are supported for both import and export
Azure Files service is only supported for import jobs but not export jobs

Answer 79

A

10 HDDs and SDDs and a mix of HDDs and SDDs of any size

Answer 80

A

enter parameters such as destination storage account key, the BitLocker key, and the log directory
a journal file is created to contain the information necessary to restore the files on the drive to Azure Storage account (mapping a folder or file to a container)
Each drive used in the import job will have a unique journal file that is created by the tool
to add a single file to the drive and journal file, use the /srcfile parameter rather than the /srcdir parameter

Answer 81

A

import data using the WAImportExport tool
prepare your drives using the WAImportExport tool and copy the data to transfer to the drives
create an import job through the Azure portal
physically ship the disks to MS using a supported courier service with a tracking number for your package. The drives will be returned using the same package

Answer 82

A

a cross-platform application designed to help you quickly manage one or more Azure Storage accounts

it can be used with all storage services and supports Cosmos DB and Azure Data Lake Storage services

Answer 83

A

After Storage Explorer is installed you can connect to Azure Storage in one of five different ways

Add an Azure account
Use a connection string - the connection string is obtained by opening the stoerage account blade in the Azure portal and clicking Access Keys
Use a shared access signature URI
Use a storage account name and key
Attach to a local imulator

Answer 84

A

you can manage each of the storage services, Blob Storage, Azure Tables, Queue Storage, and Azure Files

Answer 85

A

To copy between storage accounts:

Navigate to source account, select one or more files, click the Copy button in the toolbar
Navigate to the destination storage account, expand the container that you want to copy to, and click Paste from the toolbar

Answer 86

A

a command line utility used to perform large scale bulk transfers of data to and from Azure Storage
performs all the operations asynchronously and can run simultaneously
fault-tolerant, if the operation is interrupted, it can resume from where it left off
can be used to copy between storage accounts
Storage Explorer is a graphical user interface which uses AzCopy to perform all its data transfer operations in the backend

Answer 87

A

it needs authentication to Azure Storage before it runs any operations
run the azcopy login command and sign in
also supports service principal, SAS token, access key, managed identity

Answer 88

A

an identity within an app that allows the app to access or modify resources
roles can be assigned to the service principal like a user
use service principals with automated tools rather than allowing them to log in with a user identity

Answer 89

A

upload data to Azure Blob Storage
the storage account and destination container should already exist
the CreateUserTemplate.csv file is copied to the destcontainer

azcopy copy “CreateUserTemplate.csv” “https://examref.blob.core.windows.net/destcontainer/”

Answer 90

A

download data from Azure Blob Storage using AzCopy
the CreateUserTemplate.csv will be downloaded from the srccontainer

Answer 91

A

copy between storage accounts using a SAS token

AzCopy copy “https://examref.blob.core.windows.net/ srccontainer/ [blob-path]?

Answer 92

A

-azcopy sync command does a sychronized copy between two blob containers

synchronizes the contents of a destination container with a source container by copying blobs if the last modified time a blob in the destination is earlier than that of the corresponding blob in the source

Answer 93

A

delete blobs in the destination container that don’t exist in the source
–delete-destination flag with azcopy sync command
can be set to true, false, or prompt
*prompt will prompt you for deletions to make it safer

Answer 94

A

storage accounts can be moved freely between LRS, GRS, and RA-GRS application modes
for ZRS, GZRS, and RA-GZRS you should copy the data to a new storage account with the desired replication mode using a tool like AzCopy
*there may be application downtime
*you can request a live data migration via Azure Support

Answer 95

A

provides asynchronous replication of block blobs from one storage account to another
blobs are replicated based on the defined replication rules

Answer 96

A

blob versioning captures the state of a blob when it is modified or deleted
Azure storage creates a new version ID for a blob with each change
object replication can be used only when blob versioning is enabled for both the source and destination storage accounts

Answer 97

A

provides all the changes with the blobs and its metadata in the from of transactional logs
object replication can only used if blob change feed is enabled for the source storage account

Answer 98

A

for large processing jobs, you can analyze the data in a single region and you can distribute results to additional regions as needed. saves processing time
users can read data from the replicated region as well, reduce latency
compute workloads can now process the same sets of block blobs in different regions
reduced costs by moving replicated data to the archive tier using Lifecycle Management policies

Answer 99

A

object replication doesn’t work with the Archive tier
Blob snapshot and immutable snapshots are not supported
OR doesn’t working with accounts with a hierarchical namespace (Azure Data Lake Storage Gen2)
since block blob data is replicated asynchronously, there is no SLA on when accounts are in sync, however you can check the status of the blob
the source account can only have a max of 2 destination accounts
once you create a replication policy, the destination container is read-only, and you can no longer perform write operations against it

Answer 100

A

migration of existing applications that require a file share for storage
shared storage of files such as web content, log files, application configuration files, or even installation media
replace an existing fileserver

Answer 101

A

since Azure Files supports for SMB 3.0 it’s possible to connect directly to an Azure file share from a computer running outside of Azure
* open outbound TCP port 445
* you can leverage VPNs or ExpressRoute where port 445 can’t be unblocked
Win 7 and Wind Server 2008 R2 doesn’t support SMB 3.0

Answer 102

A

extends Azure Files to allow on-premises files services to be extended to Azure while maintaining performance and compatibility
multi site access: the ability to write files across Windows and Azure Files
cloud tiering: storage only recently accessed data on local servers, the rest gets tiered to Azure in a storage account
azure backup integration: backup in the cloud
fast disaster recovery: restore file metadata immediately and recall as needed

Answer 103

A

defnes the topology for how your file synchronization will take place
add server endpoints, which are file servers and paths within the file server you want the sync group to sync with each other
to add endpoints to the sync group Internet Explorer Enhanced Security configuration must be disabled before installing the agent

Answer 104

A

decreases the amount of local storage required while keeping the performance of an on-premises file server
stores frequently accessed (hot) files on your local server, infrequently accessed (cool) files are split into namespace (file and folder structure) and file content

Answer 105

A

a health indicator is displayed by each of the server endpoints
- green is healthy
you can see stats such as the number of files remaining, size, and any resulting errors

Answer 106

A

Azure Blob Storage is used for large-scale storage of arbitrary data objects, such as media files, log files, and so on

Answer 107

A

each storage account can have one or more blob containers and all blobs must be stored within a container
containers are like hard drives in that they provide a storage space for data in your storage account
you put blobs in a container as you would store files on a hard drive
blobs can be placed at the root of the container or organized into a folder hierarchy

Answer 108

A

each blob has a unique URL
format: https://[account name].blob.core.windows.net/[container name]/[blob path and name].

Answer 109

A

you can create a container at the root of the storage account by specifying the special name $root for the container name
allows you to store blobs in the root of the storage account and reference them with URLs such as: https://[account name].blob.core.windows.net/fileinroot.txt

Answer 110

A

Page Blobs
Block Blobs
Append Blobs

blobs of all 3 types can share a single container
the type of blob is set at creation and cannot be changed after the fact
ex. if a .vhd file was accidently uploaded as a Block Blob instead of a Page Blob then the blob must be deleted and reuploaded as a Page Blob before it can be mounted as an OS or data disk to an Azure VM

Answer 111

A

optimized for random-access read and write operations
used to store virtual disk (VHD) files which using unmanaged disks with Azure virtual machines
max Pagle Blob size is 8TB
most commonly used for log files

Answer 112

A

optimized for efficient uploads and downloads, for video, images, and other general-purpose file storage
max size is slightly more than 4.75 TB

Answer 113

A

optimized for append operations
updating or deleting existing blocks in the blob is not supported
50,000 blocks can be added to each append blob
each block can be 4MB in size
max size 195GB

Answer 114

A

a feature that allows you to save and recover you data when blobs or blob snapshots are deleted even in the event of an overwrite
usually the default behavior of deleting a blob is that the blob is deleted and lost forever

-feature must be enabled in the Azure storage account and a retention period must be set for how long the deleted data is available

the max retention period for soft delete is 365 days

Answer 115

A

hot, cool, archive
storage account blobs can coexist between three tiers within the same account
if any blob doesn’t have an assigned tier, it infers the access tier from the account access tier setting by default
the access tier’s Inferred blob property is set to true
changing the account access tier applies to all access tier-inferred objects stored in the account that don’t have an explicit tier set
change the access tier in the Configuration blade or using the Lifecycle Management feature

Answer 116

A

can be assigned with the desired access tier while you upload them to the container
you can change the access tier among the Hot, Cool, or Archive tiers without having to move data between the accounts
all requests to change tiers will take place immediately between Hot and Cool tiers
data in the Archive storage tier is stored offline and must be rehydrated to the Cool or Hot tier before it can be accessed, this process can take up to 15 hours
Use the Change Tier option to change the tier

Answer 117

A

changing the account access tier will result in tier changes for any tier-inferred blobs stored in the account that does not have an explicit tier set

Answer 118

A

the lifecycle-management capability can be used to transition data to lower-access tiers automatically based on pre-configured rules
you can delete the data at the end of its lifecycle
these rules can be executed against the storage account once per day
specific blobs and containers can be targeted using filter sets
up to 100 rules can be defined

Answer 119

A

Base Blob
Version
Snapshot

Answer 120

A

the policy can take up to 24 hours to go into effect and then the action can take an additional 24 hours to run
it can take up to 48 hours for policy actions to complete once you set up Lifecycle Management

Brainscape's Knowledge GenomeTM

Ch. 2 Implement and manage storage. Flashcards

Brainscape's Knowledge Genome^TM