Implement and manage storage Flashcards
1
Q
Each storage account service exposes its own endpoints used to manage the data in the storage service.
These service-specific endpoints are by default …
A) exposed through Azure Resource Manager
B) Internet facing endpoints
A
B) Internet facing endpoints
2
Q
…………… allows you to limit access to specific IP addresses or an IP address range.
It applies to all storage account services (blobs, tables, queues, and files).
A
The storage firewall
3
Q
…………… are used to give a specific subnet or Vnet access to the storage account.
A) Storage firewalls
B) Service endpoints
A
B) Service endpoints
4
Q
If a storage account is only accessed from within an Azure virtual network, it is desirable from a security standpoint to … ?
A
block all internet access to the storage account
5
Q
- Blocking internet access to a storage account
- Creating virtual network service endpoints and private service endpoints for the storage account
What are two benefits to this configuration ?
A
Improved security
Optimized routing
6
Q
What are the two steps to configuring a virtual network service endpoint for a storage account ?
A
- Choose the Vnet (and its subnet). Activate the storage account service endpoint
- Choose the storage account. Select the Vnet and its Subnet to whom it will grant access
7
Q
By default, no public read access is enabled for anonymous users to the storage accounts, and only users with rights granted through RBAC or with the storage account name and key will have access to the stored blobs.
To enable anonymous user access, you must change the container access level.
What are the three options for access level of a container ?
A
Private
Container
Blob
8
Q
True or false : By default, anonymous users have read access to blobs
A
False - By default, no public read access is granted for anonymous users
9
Q
By default, who can access stored Blobs ?
A
Only users with rights granted through RBAC or with the storage account name and key
10
Q
True or false : The access level is configured separately on each Blob container
A
True
11
Q
A(n) …………………………………………… is a URI query string parameter that grants access to specific containers, blobs, queues, and tables.
A
shared access signature token (SAS token)
12
Q
What should I use to grant access to a client that should not have access to the entire contents of the storage account (and therefore, should not have access to the storage account keys) but still requires secure authentication ?
A
A shared access signature token (SAS)
13
Q
What protocol is recommended for SAS token usage ?
A
HTTPS
14
Q
What are the three types of storage blobs ?
A
Block blobs
Append blobs
Page blobs
15
Q
True or false : The storage account name must be unique across all existing storage account names in Azure.
A
True
16
Q
What are the two performance tiers of a storage account ?
A
Standard
Premium
17
Q
General Purpose V2 General Purpose V1 Blob Storage Block Blob Storage File Storage
With a standard tier storage account, which account types may I choose ?
A
General Purpose V2
General Purpose V1
Blob Storage
18
Q
General Purpose V2 General Purpose V1 Blob Storage Block Blob Storage File Storage
With a premium tier storage account, which account types may I choose ?
A
General Purpose V2
General Purpose V1
Block Blob Storage
File Storage
19
Q
Makes three synchronous copies of your data within a single datacenter.
This replication option describes…
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
A
A) LRS
20
Q
Makes three synchronous copies to three separate availability zones within a single region.
This replication option describes…
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
A
B) ZRS
21
Q
This is the same as LRS (three local copies), plus three additional asynchronous copies to a second datacenter hundreds of miles away from the primary region.
This replication option describes…
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
A
C) GRS
22
Q
This has the same capabilities as GRS, plus you have read-only access to the data in the secondary datacenter.
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
A
D) RA-GRS
23
Q
What are the three access TIERS for Blob storage?
A
Hot
Cool
Archive
24
Q
What is the simplest way to manage your storage account ?
A
Access keys
25
The process of modifying an application to use the second access key instead of the first, and then regenerating the first access key, is called... ?
Key rolling
26
What is the advantage of key rolling ?
It allows you to reset the primary key with no downtime for applications that directly access storage using an access key
27
Rolling a storage account access key will invalidate any ................. that were generated using that key.
SAS tokens
28
.................. helps safeguard cryptographic keys and secrets used by cloud applications and services, such as authentication keys, storage account keys, data encryption keys, and certificate private keys.
Azure Key Vault
29
If an application is running from within an Azure entity such as an Azure VM, a virtual machine scale set, or an Azure Functions app, it can use a ........................................... to access blobs or queues.
managed service identity (MSI)
30
Azure Files provides managed file shares that are accessible over the .................. protocol.
SMB
31
Which two identity-based authentifications can Azure Files use ?
On Premises Active Directory Domaines Services (AD DS)
Azure Active Directory Domain Services (Azure AD DS)
32
What are the only ways to revoke an existing SAS token before it expires ?
Delete the blob
Roll over the storage account key used to generate the SAS token
Delete the stored access policy, change the stored access policy's name, or change its expiration time
33
True or false: Stored access policies allow the parameters for an SAS token to be decoupled from the token itself.
True
34
How can you change the parameters of a valid SAS token ?
Change the access policy
35
How do you create the SAS token URI ?
Append the SAS token to the full URI of the storage resource
The full URI to the blob in storage is
https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png
The combined URI with the generated SAS token is
https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png?
sv=2019-10-10&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-05-08T08:50:14Z&st=2020-05-08T00:
50:14Z&spr=https&sig=65tNhZtj2lu0tih8HQtK7aEL9YCIpGGprZocXjiQ%2Fko%3D
36
A(n) ............................ blob is specifically optimized for operations where we need to keep adding data to a blob in chunks without modifying the already existing content.
append blob
37
What is the Azure Import / Export service ?
When you physically ship disks to get data in or out of an Azure data center
38
Azure Import/Export is only used with .................... and .....................
Blob Storage
| Azure Files
39
A(n) .................... allows you to export large volumes of data from Azure Storage to your on-premises environment by shipping you the data on disk.
export job
40
A(n) ................... allows you to import large volumes of data to Azure by shipping the data on disk to Microsoft.
import job
41
True or false : Import jobs support both azure files and blob storage
True
42
True or false : Export jobs support both blob storage and azure files
False - Export jobs only support blob storage
43
What is the max number of drive per import / export job ?
10 drives per job max
44
What are the three steps when you do an export job ?
1. Create the export job in the azure portal
2. Microsoft ships you the disks
3. Download the bitlocker keys from azure portal to open the disks
45
What are the three steps to an import job ?
1. Download the WAimportexport tool
2. Copy the data to the disk, inputing the right parameters to the WAimportexport tool
3. Create an import job through Azure portal
46
What are three parameters used by the WAimportexport tool ?
Destination storage account key
Bitlocker key
Log directory
47
............................ is a cross-platform application designed to help you quickly manage one or more Azure Storage accounts.
Azure Storage Explorer
48
What are two ways to install the Storage Explorer ?
Download and install from azure.microsoft.com
Storage explorer Preview from Azure Portal
49
The options for connecting to Storage Explorer are the following :
- Add an Azure Account with the right RBAC role
- Using a connection string
- Using a SAS token
- Using a Storage account name & Key
- Attach to a Local Emulator (Azure SDK)
Which of these is good for managing multiple storage accounts ?
Add an Azure Account : This option allows you to sign in using a work or Microsoft account and access all storage accounts via RBAC
50
The options for connecting to Storage Explorer are the following :
- Add an Azure Account with the right RBAC role
- Using a connection string
- Using a SAS token
- Using a Storage account name & Key
- Attach to a Local Emulator (Azure SDK)
Which of these methods requires an access key for the storage account ?
Using a connection string
Using a storage account name and key
51
The options for connecting to Storage Explorer are the following :
- Add an Azure Account with the right RBAC role
- Using a connection string
- Using a SAS token
- Using a Storage account name & Key
- Attach to a Local Emulator (Azure SDK)
Which of these methods allows access to a storage account without requiring an account key to be shared ?
Using a SAS token
52
Storage explorer allows you to easily cost and paste blobs between...
A) Containers
B) Storage accounts
C) both
C) both
53
............................. is a command-line utility that you can use to perform large-scale bulk transfer of data to and from Azure Storage.
AzCopy
54
AzCopy is ................, so if the operation is interrupted for some reason, it can resume from where it left off once the issue is resolved.
fault-tolerant
55
What is the back end of Storage Explorer ?
AzCopy
56
What is the first thing that AzCopy needs in order to function ?
authentication to Azure Storage
57
What are the three principal actions you can do with AzCopy ?
Upload/Download
Async blob copy
Sync blob copy
58
What is the necessary condition for AzCopy to upload data ?
The storage account and container must already exist
59
True or false : The data in your Azure Storage accounts is always replicated for durability and high availability.
True
60
Strorage accounts can be moved freely between which of the following replication options ?
```
LRS
ZRS
GRS
RA-GRS
GZRS
RA-GZRS
```
LRS
GRS
RA-GRS
61
Which of the following replication options require copying data to a new storage account with the desired replication mode ?
```
LRS
ZRS
GRS
RA-GRS
GZRS
RA-GZRS
```
ZRS
GZRS
RA GZRS
62
What path in Azure Portal allows you to configure the replication mode for a storage account ?
First, open Storage account service
then click on configuration
then click on replication
63
What are the two necessary conditions for leveraging blob object replication ?
1. Versioning enabled for both source and target storage account
2. Change feed enabled for both source and target storage account
64
................. captures the state of a blob when it it modified or deleted, Azure storage creates a new version ID for a blob with each change.
Blob versioning
65
........................ provides all the changes with the blobs and its metadata in form of transactional logs.
The blob change feed
66
How does blob object replication allow you to reduce reading latency ?
You can read the data from the region closest to you
67
How does blob object replication allow more regional flexibility for compute workloads ?
You can process the same block blobs from different regions
68
Why is blob object replication advantageous for large data processing jobs ?
You can analyse the data in a single region, and then redistribute results using replication (saving processing time and compute ressources)
69
What is the easiest way to save costs when doing blob object replication ?
move replicated data to the archive tier
70
What are two crucial limitations with blob object replication that you should review before implementing ?
Destination containers become READ ONLY, no writable operations can be performed against them
Object replication doesn't work on the archive tier
71
What are the two major benefits of asynchronous replication ?
1. Asynchronous replication requires substantially less bandwidth than synchronous replication.
2. Since the replication process does not have to occur in real time, asynchronous replication can tolerate some degradation in connectivity. (important in the case of working over long distances)
72
............................ is a fully managed file share service that offers endpoints for the Server Message Block (SMB) protocol, also known as Common Internet File System or CIFS.
Azure Files
73
What protocol does Azure Files use ?
Server Message Block (SMB) protocol
74
What are three common use cases for Azure Files ?
1. Replace an existing file server
2. Sharing storage of files
3. Migration of existing applications into the cloud that require a file share for storage
75
What are the three levels of hierarchy in Azure Files ?
- Storage Account
- Folders
- Files
76
What is the best way to mount and connect to an Azure File Share from a Windows computer ?
Using the Windows File Explorer, use the Map Network Drive option
77
In the Azure Portal, what is the path to creating a new Azure File Share ?
Azure Portal / Storage Account / File Shares / + File Share
78
The object that defines the sync relationship between a cloud endpoint, or Azure file share, and a server endpoint.
What does this describe ?
An Azure Sync Group
79
What are the 4 key functionalities of Azure File Sync Service ?
1. Multi site access
2. Cloud tiering
3. Backup in the cloud
4. Fast disaster recovery
80
With an Azure File Sync service, where does the recently accessed data get stored ? And the rest ?
Recently accessed data is stored locally on prem.
The rest gets put in the Azure Storage Account
81
An Azure Sync Group dictates what three things?
1. The server endpoint
2. The cloud endpoint
3. The relationship between the server and cloud endpoint
82
What are the 4 steps in deploying the Azure File Sync Agent ?
1. Download and install Azure Powershell on the server
2. Download and install Azure File Sync Agent on the server
3. Sign in with your Azure credentials for your subscription
4. Register the server with the Storage Sync Service
83
True or false : each blob has a unique URL
True
84
True or false : it is possible to create a blob at the root of the storage account
True
Optionally, you can create a container at the root of the storage account, by specifying the special name $root for the container name.
85
Which type of blob is good for videos, images, or general purpose file storage ?
- Page blob
- Block blob
- Append blob
Block blob
86
Which type of blob is used for unmanaged disks ?
- Page blob
- Block blob
- Append blob
Page blobs
87
Which type of blob is good for random access read and write ?
- Page blob
- Block blob
- Append blob
Page blob
88
Which type of blob is good for append operations ?
- Page blob
- Block blob
- Append blob
Append blob
89
Can you change the blob type after it is created ?
No - the type of the blob is set at creation and cannot be changed after the fact.
90
Which type of blob used VHD files ?
- Page blob
- Block blob
- Append blob
Page blob
91
Virtual machines use VHD files for....
- Managed disks
- Unmanaged disks
Unmanaged disks
92
The default behavior of deleting a blob is that the blob is deleted and lost forever. ...................... is a feature that allows you to save and recover your data when blobs or blob snapshots are deleted even in the event of an overwrite.
Soft delete
93
What is the maximum retention period for a soft delete ?
365 days
94
True or false : The default behavior of Azure when deleting a blob is a soft delete
False
95
True or false: The default behavior of Azure when you delete a blob, is that the blob is deleted and lost forever
True
96
True or false : Blobs must have the same access tier within a single storage account
False - Blobs can have different tiers
97
What access tier does a blob assume if it is unassigned?
The blob takes the access tier setting from the storage account
98
To access a blob in a the archive tier, what must one do? How long does it take ?
Hydration is necessary. It can take 15 hours.
99
What is hydration ?
Moving a blob from archive to either cool or hot tier in order to be able to access it.
100
Blob life cycle management rules execute against what type of object ?
A storage account
101
When you define a blob life cycle management rule, and you want to limit the the scope to only certain blobs, what option should use configure ?
The blob index match option
102
True or false : Blob lifecycle rules can delete the data at the end of the life cycle
True
103
When defining a rule for configuring a blob lifecycle, what are the two options for "Blob type" ? What are the three options for "Blob subtype" ?
Blob type - block blob, append blob
| Blob subtype - base blobs, snapshots, versions
104
Azure storage accounts provide four separate services : ....................., ....................., ....................., ..................... .
Blob storage
Table storage
Queue storage
Azure Files
105
..................................... use magnetic drives and provide the lowest cost per GB. This type of account is best suited for applications that require bulk storage or where data is accessed infrequently.
- Standard storage accounts
- Premium storage accounts
Standard storage accounts
106
True or false : Access tiers apply only to blob storage and block blob storage
False, they do not apply to block blob storage
107
What are three types of SAS tokens ?
User delegation SAS tokens
Account SAS tokens
Service Level SAS tokens
108
What type of SAS token is for blobs and containers only ?
User delegation SAS tokens
109
What type of SAS tokens given access to the entire storage account ?
Account SAS tokens
110
What type of SAS tokens authenticate with Azure AD ?
User delegation SAS tokens
111
Why is it good practice to use SAS tokens with Stored Access policies ?
SAS tokens can not be revoked without rolling over the storage account key.
Stored Access policies can easily modified, thus modifying the parameters of the existing SAS tokens
112
A ........................................ container serves as a default container for your storage account. A storage account may have only one of these container.
root
113
What kind of blob is the foundation of Azure Disks ?
Page blobs
114
True or false : Page blobs can use the hot, cool, and archive access tier
False
115
True or false : Page blobs can only use the hot access tier
True
