Design and Implement a Storage Strategy (20-25%) Flashcards
What are the 2 types of SAS keys?
- Service SAS - delegate to resource in one of the storage services
- Account SAS - delegate to resources in one or more storage services
What is a Shared access signature (SAS)?
A shared access signature is a signed URI that points to one or more storage resources and includes a token that contains a special set of query parameters. The token indicates how the resources may be accessed by the client.
What are the 2 forms of SAS keys?
- Ad hoc SAS
2. SAS with stored access policy
True/False: A shared access signature URI is associated with the account key used to create the signature, and the associated stored access policy (if any). If no stored access policy is specified, the only way to revoke a shared access signature is to change the account key.
True
What are Stored Access Polices?
Stored access policies give you the option to revoke permissions without having to regenerate the storage account keys. Set the expiration on these very far in the future (or infinite) and make sure it’s regularly updated to move it farther into the future.
What is the max characters allowed in a Stored Access Policy for the Unique Signed Identifier?
64 characters
What is the max number of access policies (Stored Access Policy) allowed on a container ?
5
True/False: To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.
True
What is the max number of days for a Retention Policy?
356 Days
What value do you use if you dont want a retention policy and want to be responsible for deleting the monitoring data when you see fit?
0
How are metrics stored in Azure?
in Table Storage of an Azure storage account
What is the name of the blob container for diagnostic logs?
$logs
Max Size of Storage Analytics?
20TB
What is the process to update a Storage Access Key(s)?
- Update connection sting in app code to reference the second access key.
- Regenerate Primary Access key for the storage account
- Update connection strings in code for primary keys
- regenerate Secondary keys in the same manner.
3 Azure CDN Offerings?
Standard Akamai, Standard Verizon, Premium Verizon
Default Cache time on CDN?
7 days
Default CDN url?
.azureedge.net
Why can you Not use SSL if you use a Custom Domain with CDN?
If you use a CNAME, you cannot use SSL because the CDN uses its own single SSL certificate, and this certificate will not match your custom domain/subdomain names.
What are the 3 types of Query String Caching for CDN and what do they do?
- Ignore Query Strings - This is the default mode. The CDN edge node will pass the query string from the requestor to the origin on the first request and cache the asset. All subsequent requests for that asset that are served from the edge node will ignore the query string until the cached asset expires.
- Bypass caching for URL with query strings - In this mode, requests with query strings are not cached at the CDN edge node. The edge node retrieves the asset directly from the origin and passes it to the requestor with each request.
- Cache every unique URL - This mode treats each request with a query string as a unique asset with its own cache. For example, the response from the origin for a request for foo.ashx?q=bar would be cached at the edge node and returned for subsequent caches with that same query string. A request for foo.ashx?q=somethingelse would be cached as a separate asset with its own time to live.
How is Token Authentication used for Azure CDN?
Allows you to prevent Azure CDN from serving assets to unauthorized clients. This is typically done to prevent “hotlinking” of content, where a different website, often a message board, uses your assets without permission.
It verifies requests are generated by a trusted site by requiring requests to contain a token value containing encoded information about the requester. Content will only be served to requester when the encoded information meet the requirements, otherwise requests will be denied.
How long can it take for Azure Verizon CDN options to propagate?
up to 90 minutes
What is the CNAME subdomain you need for intermediary verification of your CDN Endpoint?
cdnverify.www or cdnverify.cdn.
How can you purge the CDN?
Using the Purge Button in either the CDN endpoint blade or the CDN profile Blade
What are the 2 options for Compression with the CDN?
- Enable compression on your origin server, in which case the CDN will pass through the compressed files and deliver compressed files to clients that request them.
- Enable compression directly on CDN edge servers, in which case the CDN will compress the files and serve it to end users, even if they are not compressed by the origin server
Which feature restricts Azure CDN content by country?
Geo-Filtering
How is Geo-Filtering used in Azure CDN?
Set the path of a file/folder to be blocked or allowed based on a Country Code.
Default URL for Azure SQL db?
.database.windows.net
CLI: Create SQL DB Logical Server
az sql server create
CLI: Create SQL DB
az sql db create
PS: Create SQL DB Logical Server
New-AzureRmSqlServer
PS: Create SQL DB
New-AzureRmSqlDatabase
What type of file is used to import/export data and schema into Azure SQL?
.bacpac
What type of file is used to import/export schema info Azure SQL or Visual Studio?
.dac
What is Active Geo-Replication for Azure SQL?
A database can have up to four readable secondary databases in the regions of your choice. These secondary databases are kept synchronized with the primary database using an asynchronous replication mechanism. This feature is used to protect against business disruption if a data center outage occurs or during an application upgrade. Active geo-replication can also be used to provide better query performance for read-only queries to geographically dispersed users.
What is Point-in-Time restore for Azure SQL?
Uses the automated backups function to recover a copy of the database to a known good point in time within your retention period.
PS: Restore SQL DB
Restore-AzureRmSqlDatabase
What are the 2 Storage options for Azure Backup?
- Locally redundant storage (LRS) replicates your data three times (it creates three copies of your data) in a paired datacenter in the same region. LRS is a low-cost option for protecting your data from local hardware failures.
- Geo-redundant storage (GRS) replicates your data to a secondary region (hundreds of miles away from the primary location of the source data). GRS costs more than LRS, but GRS provides a higher level of durability for your data, even if there is a regional outage.
What is a Recover Services Vault?
A Recovery Services vault is an online storage entity in Azure used to hold data such as backup copies, recovery points, and backup policies. You can use Recovery Services vaults to hold backup data for Azure services and on-premises servers and workstations.
What is Azure Site Recovery?
Azure Site Recovery coordinates virtual-machine and physical-server replication, failover, and failback. It keeps your workloads available (Site Recovery) when outages occur.
