Implement and manage storage

Question 1

Each storage account service exposes its own endpoints used to manage the data in the storage service.

These service-specific endpoints are by default …

A) exposed through Azure Resource Manager
B) Internet facing endpoints

Answer 1

B) Internet facing endpoints

Question 2

…………… allows you to limit access to specific IP addresses or an IP address range.

It applies to all storage account services (blobs, tables, queues, and files).

Answer 2

The storage firewall

Question 3

…………… are used to give a specific subnet or Vnet access to the storage account.

A) Storage firewalls
B) Service endpoints

Answer 3

B) Service endpoints

Question 4

If a storage account is only accessed from within an Azure virtual network, it is desirable from a security standpoint to … ?

Answer 4

block all internet access to the storage account

Question 5

• Blocking internet access to a storage account
• Creating virtual network service endpoints and private service endpoints for the storage account

What are two benefits to this configuration ?

Answer 5

Improved security

Optimized routing

Question 6

What are the two steps to configuring a virtual network service endpoint for a storage account ?

Answer 6

1. Choose the Vnet (and its subnet). Activate the storage account service endpoint
2. Choose the storage account. Select the Vnet and its Subnet to whom it will grant access

Question 7

By default, no public read access is enabled for anonymous users to the storage accounts, and only users with rights granted through RBAC or with the storage account name and key will have access to the stored blobs.

To enable anonymous user access, you must change the container access level.

What are the three options for access level of a container ?

Answer 7

Private
Container
Blob

Question 8

True or false : By default, anonymous users have read access to blobs

Answer 8

False - By default, no public read access is granted for anonymous users

Question 9

By default, who can access stored Blobs ?

Answer 9

Only users with rights granted through RBAC or with the storage account name and key

Question 10

True or false : The access level is configured separately on each Blob container

Answer 10

True

Question 11

A(n) …………………………………………… is a URI query string parameter that grants access to specific containers, blobs, queues, and tables.

Answer 11

shared access signature token (SAS token)

Question 12

What should I use to grant access to a client that should not have access to the entire contents of the storage account (and therefore, should not have access to the storage account keys) but still requires secure authentication ?

Answer 12

A shared access signature token (SAS)

Question 13

What protocol is recommended for SAS token usage ?

Answer 13

HTTPS

Question 14

What are the three types of storage blobs ?

Answer 14

Block blobs
Append blobs
Page blobs

Question 15

True or false : The storage account name must be unique across all existing storage account names in Azure.

Answer 15

True

Question 16

What are the two performance tiers of a storage account ?

Answer 16

Standard

Premium

Question 17

General Purpose V2
General Purpose V1
Blob Storage
Block Blob Storage
File Storage

With a standard tier storage account, which account types may I choose ?

Answer 17

General Purpose V2
General Purpose V1
Blob Storage

Question 18

General Purpose V2
General Purpose V1
Blob Storage
Block Blob Storage
File Storage

With a premium tier storage account, which account types may I choose ?

Answer 18

General Purpose V2
General Purpose V1
Block Blob Storage
File Storage

Question 19

Makes three synchronous copies of your data within a single datacenter.

This replication option describes…

A) LRS
B) ZRS
C) GRS
D) RA-GRS
E) GZRS
E) RA-GZRS

Answer 19

A) LRS

Question 20

Makes three synchronous copies to three separate availability zones within a single region.

This replication option describes…

A) LRS
B) ZRS
C) GRS
D) RA-GRS
E) GZRS
E) RA-GZRS

Answer 20

B) ZRS

Question 21

This is the same as LRS (three local copies), plus three additional asynchronous copies to a second datacenter hundreds of miles away from the primary region.

This replication option describes…

A) LRS
B) ZRS
C) GRS
D) RA-GRS
E) GZRS
E) RA-GZRS

Answer 21

C) GRS

Question 22

This has the same capabilities as GRS, plus you have read-only access to the data in the secondary datacenter.

A) LRS
B) ZRS
C) GRS
D) RA-GRS
E) GZRS
E) RA-GZRS

Answer 22

D) RA-GRS

Question 23

What are the three access TIERS for Blob storage?

Answer 23

Hot
Cool
Archive

Question 24

What is the simplest way to manage your storage account ?

Answer 24

Access keys

Question 25

The process of modifying an application to use the second access key instead of the first, and then regenerating the first access key, is called… ?

Answer 25

Key rolling

Question 26

What is the advantage of key rolling ?

Answer 26

It allows you to reset the primary key with no downtime for applications that directly access storage using an access key

Question 27

Rolling a storage account access key will invalidate any …………….. that were generated using that key.

Answer 27

SAS tokens

Question 28

……………… helps safeguard cryptographic keys and secrets used by cloud applications and services, such as authentication keys, storage account keys, data encryption keys, and certificate private keys.

Answer 28

Azure Key Vault

Question 29

If an application is running from within an Azure entity such as an Azure VM, a virtual machine scale set, or an Azure Functions app, it can use a ……………………………………. to access blobs or queues.

Answer 29

managed service identity (MSI)

Question 30

Azure Files provides managed file shares that are accessible over the ……………… protocol.

Answer 30

SMB

Question 31

Which two identity-based authentifications can Azure Files use ?

Answer 31

On Premises Active Directory Domaines Services (AD DS)

Azure Active Directory Domain Services (Azure AD DS)

Question 32

What are the only ways to revoke an existing SAS token before it expires ?

Answer 32

Delete the blob

Roll over the storage account key used to generate the SAS token

Delete the stored access policy, change the stored access policy’s name, or change its expiration time

Question 33

True or false: Stored access policies allow the parameters for an SAS token to be decoupled from the token itself.

Answer 33

True

Question 34

How can you change the parameters of a valid SAS token ?

Answer 34

Change the access policy

Question 35

How do you create the SAS token URI ?

Answer 35

Append the SAS token to the full URI of the storage resource

The full URI to the blob in storage is

https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png

The combined URI with the generated SAS token is

https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png?
sv=2019-10-10&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-05-08T08:50:14Z&st=2020-05-08T00:
50:14Z&spr=https&sig=65tNhZtj2lu0tih8HQtK7aEL9YCIpGGprZocXjiQ%2Fko%3D

Question 36

A(n) ………………………. blob is specifically optimized for operations where we need to keep adding data to a blob in chunks without modifying the already existing content.

Answer 36

append blob

Question 37

What is the Azure Import / Export service ?

Answer 37

When you physically ship disks to get data in or out of an Azure data center

Question 38

Azure Import/Export is only used with ……………….. and …………………

Answer 38

Blob Storage

Azure Files

Question 39

A(n) ……………….. allows you to export large volumes of data from Azure Storage to your on-premises environment by shipping you the data on disk.

Answer 39

export job

Question 40

A(n) ………………. allows you to import large volumes of data to Azure by shipping the data on disk to Microsoft.

Answer 40

import job

Question 41

True or false : Import jobs support both azure files and blob storage

Answer 41

True

Question 42

True or false : Export jobs support both blob storage and azure files

Answer 42

False - Export jobs only support blob storage

Question 43

What is the max number of drive per import / export job ?

Answer 43

10 drives per job max

Question 44

What are the three steps when you do an export job ?

Answer 44

1. Create the export job in the azure portal
2. Microsoft ships you the disks
3. Download the bitlocker keys from azure portal to open the disks

Question 45

What are the three steps to an import job ?

Answer 45

1. Download the WAimportexport tool
2. Copy the data to the disk, inputing the right parameters to the WAimportexport tool
3. Create an import job through Azure portal

Question 46

What are three parameters used by the WAimportexport tool ?

Answer 46

Destination storage account key

Bitlocker key

Log directory

Question 47

………………………. is a cross-platform application designed to help you quickly manage one or more Azure Storage accounts.

Answer 47

Azure Storage Explorer

Question 48

What are two ways to install the Storage Explorer ?

Answer 48

Download and install from azure.microsoft.com

Storage explorer Preview from Azure Portal

Question 49

The options for connecting to Storage Explorer are the following :

• Add an Azure Account with the right RBAC role
• Using a connection string
• Using a SAS token
• Using a Storage account name & Key
• Attach to a Local Emulator (Azure SDK)

Which of these is good for managing multiple storage accounts ?

Answer 49

Add an Azure Account : This option allows you to sign in using a work or Microsoft account and access all storage accounts via RBAC

Question 50

The options for connecting to Storage Explorer are the following :

• Add an Azure Account with the right RBAC role
• Using a connection string
• Using a SAS token
• Using a Storage account name & Key
• Attach to a Local Emulator (Azure SDK)

Which of these methods requires an access key for the storage account ?

Answer 50

Using a connection string

Using a storage account name and key

Question 51

The options for connecting to Storage Explorer are the following :

• Add an Azure Account with the right RBAC role
• Using a connection string
• Using a SAS token
• Using a Storage account name & Key
• Attach to a Local Emulator (Azure SDK)

Which of these methods allows access to a storage account without requiring an account key to be shared ?

Answer 51

Using a SAS token

Question 52

Storage explorer allows you to easily cost and paste blobs between…

A) Containers
B) Storage accounts
C) both

Answer 52

C) both

Question 53

……………………….. is a command-line utility that you can use to perform large-scale bulk transfer of data to and from Azure Storage.

Answer 53

AzCopy

Question 54

AzCopy is ……………., so if the operation is interrupted for some reason, it can resume from where it left off once the issue is resolved.

Answer 54

fault-tolerant

Question 55

What is the back end of Storage Explorer ?

Answer 55

AzCopy

Question 56

What is the first thing that AzCopy needs in order to function ?

Answer 56

authentication to Azure Storage

Question 57

What are the three principal actions you can do with AzCopy ?

Answer 57

Upload/Download

Async blob copy

Sync blob copy

Question 58

What is the necessary condition for AzCopy to upload data ?

Answer 58

The storage account and container must already exist

Question 59

True or false : The data in your Azure Storage accounts is always replicated for durability and high availability.

Answer 59

True

Question 60

Strorage accounts can be moved freely between which of the following replication options ?

LRS
ZRS
GRS
RA-GRS
GZRS
RA-GZRS

Answer 60

LRS
GRS
RA-GRS

Question 61

Which of the following replication options require copying data to a new storage account with the desired replication mode ?

LRS
ZRS
GRS
RA-GRS
GZRS
RA-GZRS

Answer 61

ZRS
GZRS
RA GZRS

Question 62

What path in Azure Portal allows you to configure the replication mode for a storage account ?

Answer 62

First, open Storage account service
then click on configuration
then click on replication

Question 63

What are the two necessary conditions for leveraging blob object replication ?

Answer 63

1. Versioning enabled for both source and target storage account
2. Change feed enabled for both source and target storage account

Question 64

…………….. captures the state of a blob when it it modified or deleted, Azure storage creates a new version ID for a blob with each change.

Answer 64

Blob versioning

Question 65

…………………… provides all the changes with the blobs and its metadata in form of transactional logs.

Answer 65

The blob change feed

Question 66

How does blob object replication allow you to reduce reading latency ?

Answer 66

You can read the data from the region closest to you

Question 67

How does blob object replication allow more regional flexibility for compute workloads ?

Answer 67

You can process the same block blobs from different regions

Question 68

Why is blob object replication advantageous for large data processing jobs ?

Answer 68

You can analyse the data in a single region, and then redistribute results using replication (saving processing time and compute ressources)

Question 69

What is the easiest way to save costs when doing blob object replication ?

Answer 69

move replicated data to the archive tier

Question 70

What are two crucial limitations with blob object replication that you should review before implementing ?

Answer 70

Destination containers become READ ONLY, no writable operations can be performed against them

Object replication doesn’t work on the archive tier

Question 71

What are the two major benefits of asynchronous replication ?

Answer 71

1. Asynchronous replication requires substantially less bandwidth than synchronous replication.
2. Since the replication process does not have to occur in real time, asynchronous replication can tolerate some degradation in connectivity. (important in the case of working over long distances)

Question 72

………………………. is a fully managed file share service that offers endpoints for the Server Message Block (SMB) protocol, also known as Common Internet File System or CIFS.

Answer 72

Azure Files

Question 73

What protocol does Azure Files use ?

Answer 73

Server Message Block (SMB) protocol

Question 74

What are three common use cases for Azure Files ?

Answer 74

1. Replace an existing file server
2. Sharing storage of files
3. Migration of existing applications into the cloud that require a file share for storage

Question 75

What are the three levels of hierarchy in Azure Files ?

Answer 75

• Storage Account
• Folders
• Files

Question 76

What is the best way to mount and connect to an Azure File Share from a Windows computer ?

Answer 76

Using the Windows File Explorer, use the Map Network Drive option

Question 77

In the Azure Portal, what is the path to creating a new Azure File Share ?

Answer 77

Azure Portal / Storage Account / File Shares / + File Share

Question 78

The object that defines the sync relationship between a cloud endpoint, or Azure file share, and a server endpoint.

What does this describe ?

Answer 78

An Azure Sync Group

Question 79

What are the 4 key functionalities of Azure File Sync Service ?

Answer 79

1. Multi site access
2. Cloud tiering
3. Backup in the cloud
4. Fast disaster recovery

Question 80

With an Azure File Sync service, where does the recently accessed data get stored ? And the rest ?

Answer 80

Recently accessed data is stored locally on prem.

The rest gets put in the Azure Storage Account

Question 81

An Azure Sync Group dictates what three things?

Answer 81

1. The server endpoint
2. The cloud endpoint
3. The relationship between the server and cloud endpoint

Question 82

What are the 4 steps in deploying the Azure File Sync Agent ?

Answer 82

1. Download and install Azure Powershell on the server
2. Download and install Azure File Sync Agent on the server
3. Sign in with your Azure credentials for your subscription
4. Register the server with the Storage Sync Service

Question 83

True or false : each blob has a unique URL

Answer 83

True

Question 84

True or false : it is possible to create a blob at the root of the storage account

Answer 84

True

Optionally, you can create a container at the root of the storage account, by specifying the special name $root for the container name.

Question 85

Which type of blob is good for videos, images, or general purpose file storage ?

• Page blob
• Block blob
• Append blob

Answer 85

Block blob

Question 86

Which type of blob is used for unmanaged disks ?

• Page blob
• Block blob
• Append blob

Answer 86

Page blobs

Question 87

Which type of blob is good for random access read and write ?

• Page blob
• Block blob
• Append blob

Answer 87

Page blob

Question 88

Which type of blob is good for append operations ?

• Page blob
• Block blob
• Append blob

Answer 88

Append blob

Question 89

Can you change the blob type after it is created ?

Answer 89

No - the type of the blob is set at creation and cannot be changed after the fact.

Question 90

Which type of blob used VHD files ?

• Page blob
• Block blob
• Append blob

Answer 90

Page blob

Question 91

Virtual machines use VHD files for….

• Managed disks
• Unmanaged disks

Answer 91

Unmanaged disks

Question 92

The default behavior of deleting a blob is that the blob is deleted and lost forever. …………………. is a feature that allows you to save and recover your data when blobs or blob snapshots are deleted even in the event of an overwrite.

Answer 92

Soft delete

Question 93

What is the maximum retention period for a soft delete ?

Answer 93

365 days

Question 94

True or false : The default behavior of Azure when deleting a blob is a soft delete

Answer 94

False

Question 95

True or false: The default behavior of Azure when you delete a blob, is that the blob is deleted and lost forever

Answer 95

True

Question 96

True or false : Blobs must have the same access tier within a single storage account

Answer 96

False - Blobs can have different tiers

Question 97

What access tier does a blob assume if it is unassigned?

Answer 97

The blob takes the access tier setting from the storage account

Question 98

To access a blob in a the archive tier, what must one do? How long does it take ?

Answer 98

Hydration is necessary. It can take 15 hours.

Question 99

What is hydration ?

Answer 99

Moving a blob from archive to either cool or hot tier in order to be able to access it.

Question 100

Blob life cycle management rules execute against what type of object ?

Answer 100

A storage account

Question 101

When you define a blob life cycle management rule, and you want to limit the the scope to only certain blobs, what option should use configure ?

Answer 101

The blob index match option

Question 102

True or false : Blob lifecycle rules can delete the data at the end of the life cycle

Answer 102

True

Question 103

When defining a rule for configuring a blob lifecycle, what are the two options for “Blob type” ? What are the three options for “Blob subtype” ?

Answer 103

Blob type - block blob, append blob

Blob subtype - base blobs, snapshots, versions

Question 104

Azure storage accounts provide four separate services : …………………, …………………, …………………, ………………… .

Answer 104

Blob storage
Table storage
Queue storage
Azure Files

Question 105

………………………………. use magnetic drives and provide the lowest cost per GB. This type of account is best suited for applications that require bulk storage or where data is accessed infrequently.

• Standard storage accounts
• Premium storage accounts

Answer 105

Standard storage accounts

Question 106

True or false : Access tiers apply only to blob storage and block blob storage

Answer 106

False, they do not apply to block blob storage

Question 107

What are three types of SAS tokens ?

Answer 107

User delegation SAS tokens
Account SAS tokens
Service Level SAS tokens

Question 108

What type of SAS token is for blobs and containers only ?

Answer 108

User delegation SAS tokens

Question 109

What type of SAS tokens given access to the entire storage account ?

Answer 109

Account SAS tokens

Question 110

What type of SAS tokens authenticate with Azure AD ?

Answer 110

User delegation SAS tokens

Question 111

Why is it good practice to use SAS tokens with Stored Access policies ?

Answer 111

SAS tokens can not be revoked without rolling over the storage account key.
Stored Access policies can easily modified, thus modifying the parameters of the existing SAS tokens

Question 112

A …………………………………. container serves as a default container for your storage account. A storage account may have only one of these container.

Answer 112

root

Question 113

What kind of blob is the foundation of Azure Disks ?

Answer 113

Page blobs

Question 114

True or false : Page blobs can use the hot, cool, and archive access tier

Answer 114

False

Question 115

True or false : Page blobs can only use the hot access tier

Answer 115

True