Implement and manage storage Flashcards
Each storage account service exposes its own endpoints used to manage the data in the storage service.
These service-specific endpoints are by default …
A) exposed through Azure Resource Manager
B) Internet facing endpoints
B) Internet facing endpoints
…………… allows you to limit access to specific IP addresses or an IP address range.
It applies to all storage account services (blobs, tables, queues, and files).
The storage firewall
…………… are used to give a specific subnet or Vnet access to the storage account.
A) Storage firewalls
B) Service endpoints
B) Service endpoints
If a storage account is only accessed from within an Azure virtual network, it is desirable from a security standpoint to … ?
block all internet access to the storage account
- Blocking internet access to a storage account
- Creating virtual network service endpoints and private service endpoints for the storage account
What are two benefits to this configuration ?
Improved security
Optimized routing
What are the two steps to configuring a virtual network service endpoint for a storage account ?
- Choose the Vnet (and its subnet). Activate the storage account service endpoint
- Choose the storage account. Select the Vnet and its Subnet to whom it will grant access
By default, no public read access is enabled for anonymous users to the storage accounts, and only users with rights granted through RBAC or with the storage account name and key will have access to the stored blobs.
To enable anonymous user access, you must change the container access level.
What are the three options for access level of a container ?
Private
Container
Blob
True or false : By default, anonymous users have read access to blobs
False - By default, no public read access is granted for anonymous users
By default, who can access stored Blobs ?
Only users with rights granted through RBAC or with the storage account name and key
True or false : The access level is configured separately on each Blob container
True
A(n) …………………………………………… is a URI query string parameter that grants access to specific containers, blobs, queues, and tables.
shared access signature token (SAS token)
What should I use to grant access to a client that should not have access to the entire contents of the storage account (and therefore, should not have access to the storage account keys) but still requires secure authentication ?
A shared access signature token (SAS)
What protocol is recommended for SAS token usage ?
HTTPS
What are the three types of storage blobs ?
Block blobs
Append blobs
Page blobs
True or false : The storage account name must be unique across all existing storage account names in Azure.
True
What are the two performance tiers of a storage account ?
Standard
Premium
General Purpose V2 General Purpose V1 Blob Storage Block Blob Storage File Storage
With a standard tier storage account, which account types may I choose ?
General Purpose V2
General Purpose V1
Blob Storage
General Purpose V2 General Purpose V1 Blob Storage Block Blob Storage File Storage
With a premium tier storage account, which account types may I choose ?
General Purpose V2
General Purpose V1
Block Blob Storage
File Storage
Makes three synchronous copies of your data within a single datacenter.
This replication option describes…
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
A) LRS
Makes three synchronous copies to three separate availability zones within a single region.
This replication option describes…
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
B) ZRS
This is the same as LRS (three local copies), plus three additional asynchronous copies to a second datacenter hundreds of miles away from the primary region.
This replication option describes…
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
C) GRS
This has the same capabilities as GRS, plus you have read-only access to the data in the secondary datacenter.
A) LRS B) ZRS C) GRS D) RA-GRS E) GZRS E) RA-GZRS
D) RA-GRS
What are the three access TIERS for Blob storage?
Hot
Cool
Archive
What is the simplest way to manage your storage account ?
Access keys
The process of modifying an application to use the second access key instead of the first, and then regenerating the first access key, is called… ?
Key rolling
What is the advantage of key rolling ?
It allows you to reset the primary key with no downtime for applications that directly access storage using an access key
Rolling a storage account access key will invalidate any …………….. that were generated using that key.
SAS tokens
……………… helps safeguard cryptographic keys and secrets used by cloud applications and services, such as authentication keys, storage account keys, data encryption keys, and certificate private keys.
Azure Key Vault
If an application is running from within an Azure entity such as an Azure VM, a virtual machine scale set, or an Azure Functions app, it can use a ……………………………………. to access blobs or queues.
managed service identity (MSI)
Azure Files provides managed file shares that are accessible over the ……………… protocol.
SMB
Which two identity-based authentifications can Azure Files use ?
On Premises Active Directory Domaines Services (AD DS)
Azure Active Directory Domain Services (Azure AD DS)
What are the only ways to revoke an existing SAS token before it expires ?
Delete the blob
Roll over the storage account key used to generate the SAS token
Delete the stored access policy, change the stored access policy’s name, or change its expiration time
True or false: Stored access policies allow the parameters for an SAS token to be decoupled from the token itself.
True
How can you change the parameters of a valid SAS token ?
Change the access policy
How do you create the SAS token URI ?
Append the SAS token to the full URI of the storage resource
The full URI to the blob in storage is
https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png
The combined URI with the generated SAS token is
https://examrefstorage.blob.core.windows.net/examrefcontainer/sample-file.png?
sv=2019-10-10&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-05-08T08:50:14Z&st=2020-05-08T00:
50:14Z&spr=https&sig=65tNhZtj2lu0tih8HQtK7aEL9YCIpGGprZocXjiQ%2Fko%3D
A(n) ………………………. blob is specifically optimized for operations where we need to keep adding data to a blob in chunks without modifying the already existing content.
append blob
What is the Azure Import / Export service ?
When you physically ship disks to get data in or out of an Azure data center
Azure Import/Export is only used with ……………….. and …………………
Blob Storage
Azure Files
A(n) ……………….. allows you to export large volumes of data from Azure Storage to your on-premises environment by shipping you the data on disk.
export job
A(n) ………………. allows you to import large volumes of data to Azure by shipping the data on disk to Microsoft.
import job
True or false : Import jobs support both azure files and blob storage
True
True or false : Export jobs support both blob storage and azure files
False - Export jobs only support blob storage
What is the max number of drive per import / export job ?
10 drives per job max
What are the three steps when you do an export job ?
- Create the export job in the azure portal
- Microsoft ships you the disks
- Download the bitlocker keys from azure portal to open the disks
What are the three steps to an import job ?
- Download the WAimportexport tool
- Copy the data to the disk, inputing the right parameters to the WAimportexport tool
- Create an import job through Azure portal
What are three parameters used by the WAimportexport tool ?
Destination storage account key
Bitlocker key
Log directory
………………………. is a cross-platform application designed to help you quickly manage one or more Azure Storage accounts.
Azure Storage Explorer
What are two ways to install the Storage Explorer ?
Download and install from azure.microsoft.com
Storage explorer Preview from Azure Portal
The options for connecting to Storage Explorer are the following :
- Add an Azure Account with the right RBAC role
- Using a connection string
- Using a SAS token
- Using a Storage account name & Key
- Attach to a Local Emulator (Azure SDK)
Which of these is good for managing multiple storage accounts ?
Add an Azure Account : This option allows you to sign in using a work or Microsoft account and access all storage accounts via RBAC
The options for connecting to Storage Explorer are the following :
- Add an Azure Account with the right RBAC role
- Using a connection string
- Using a SAS token
- Using a Storage account name & Key
- Attach to a Local Emulator (Azure SDK)
Which of these methods requires an access key for the storage account ?
Using a connection string
Using a storage account name and key
The options for connecting to Storage Explorer are the following :
- Add an Azure Account with the right RBAC role
- Using a connection string
- Using a SAS token
- Using a Storage account name & Key
- Attach to a Local Emulator (Azure SDK)
Which of these methods allows access to a storage account without requiring an account key to be shared ?
Using a SAS token
Storage explorer allows you to easily cost and paste blobs between…
A) Containers
B) Storage accounts
C) both
C) both
……………………….. is a command-line utility that you can use to perform large-scale bulk transfer of data to and from Azure Storage.
AzCopy
AzCopy is ……………., so if the operation is interrupted for some reason, it can resume from where it left off once the issue is resolved.
fault-tolerant
What is the back end of Storage Explorer ?
AzCopy
What is the first thing that AzCopy needs in order to function ?
authentication to Azure Storage
What are the three principal actions you can do with AzCopy ?
Upload/Download
Async blob copy
Sync blob copy
What is the necessary condition for AzCopy to upload data ?
The storage account and container must already exist
True or false : The data in your Azure Storage accounts is always replicated for durability and high availability.
True
Strorage accounts can be moved freely between which of the following replication options ?
LRS ZRS GRS RA-GRS GZRS RA-GZRS
LRS
GRS
RA-GRS
Which of the following replication options require copying data to a new storage account with the desired replication mode ?
LRS ZRS GRS RA-GRS GZRS RA-GZRS
ZRS
GZRS
RA GZRS
What path in Azure Portal allows you to configure the replication mode for a storage account ?
First, open Storage account service
then click on configuration
then click on replication
What are the two necessary conditions for leveraging blob object replication ?
- Versioning enabled for both source and target storage account
- Change feed enabled for both source and target storage account
…………….. captures the state of a blob when it it modified or deleted, Azure storage creates a new version ID for a blob with each change.
Blob versioning
…………………… provides all the changes with the blobs and its metadata in form of transactional logs.
The blob change feed
How does blob object replication allow you to reduce reading latency ?
You can read the data from the region closest to you
How does blob object replication allow more regional flexibility for compute workloads ?
You can process the same block blobs from different regions
Why is blob object replication advantageous for large data processing jobs ?
You can analyse the data in a single region, and then redistribute results using replication (saving processing time and compute ressources)
What is the easiest way to save costs when doing blob object replication ?
move replicated data to the archive tier
What are two crucial limitations with blob object replication that you should review before implementing ?
Destination containers become READ ONLY, no writable operations can be performed against them
Object replication doesn’t work on the archive tier
What are the two major benefits of asynchronous replication ?
- Asynchronous replication requires substantially less bandwidth than synchronous replication.
- Since the replication process does not have to occur in real time, asynchronous replication can tolerate some degradation in connectivity. (important in the case of working over long distances)
………………………. is a fully managed file share service that offers endpoints for the Server Message Block (SMB) protocol, also known as Common Internet File System or CIFS.
Azure Files
What protocol does Azure Files use ?
Server Message Block (SMB) protocol
What are three common use cases for Azure Files ?
- Replace an existing file server
- Sharing storage of files
- Migration of existing applications into the cloud that require a file share for storage
What are the three levels of hierarchy in Azure Files ?
- Storage Account
- Folders
- Files
What is the best way to mount and connect to an Azure File Share from a Windows computer ?
Using the Windows File Explorer, use the Map Network Drive option
In the Azure Portal, what is the path to creating a new Azure File Share ?
Azure Portal / Storage Account / File Shares / + File Share
The object that defines the sync relationship between a cloud endpoint, or Azure file share, and a server endpoint.
What does this describe ?
An Azure Sync Group
What are the 4 key functionalities of Azure File Sync Service ?
- Multi site access
- Cloud tiering
- Backup in the cloud
- Fast disaster recovery
With an Azure File Sync service, where does the recently accessed data get stored ? And the rest ?
Recently accessed data is stored locally on prem.
The rest gets put in the Azure Storage Account
An Azure Sync Group dictates what three things?
- The server endpoint
- The cloud endpoint
- The relationship between the server and cloud endpoint
What are the 4 steps in deploying the Azure File Sync Agent ?
- Download and install Azure Powershell on the server
- Download and install Azure File Sync Agent on the server
- Sign in with your Azure credentials for your subscription
- Register the server with the Storage Sync Service
True or false : each blob has a unique URL
True
True or false : it is possible to create a blob at the root of the storage account
True
Optionally, you can create a container at the root of the storage account, by specifying the special name $root for the container name.
Which type of blob is good for videos, images, or general purpose file storage ?
- Page blob
- Block blob
- Append blob
Block blob
Which type of blob is used for unmanaged disks ?
- Page blob
- Block blob
- Append blob
Page blobs
Which type of blob is good for random access read and write ?
- Page blob
- Block blob
- Append blob
Page blob
Which type of blob is good for append operations ?
- Page blob
- Block blob
- Append blob
Append blob
Can you change the blob type after it is created ?
No - the type of the blob is set at creation and cannot be changed after the fact.
Which type of blob used VHD files ?
- Page blob
- Block blob
- Append blob
Page blob
Virtual machines use VHD files for….
- Managed disks
- Unmanaged disks
Unmanaged disks
The default behavior of deleting a blob is that the blob is deleted and lost forever. …………………. is a feature that allows you to save and recover your data when blobs or blob snapshots are deleted even in the event of an overwrite.
Soft delete
What is the maximum retention period for a soft delete ?
365 days
True or false : The default behavior of Azure when deleting a blob is a soft delete
False
True or false: The default behavior of Azure when you delete a blob, is that the blob is deleted and lost forever
True
True or false : Blobs must have the same access tier within a single storage account
False - Blobs can have different tiers
What access tier does a blob assume if it is unassigned?
The blob takes the access tier setting from the storage account
To access a blob in a the archive tier, what must one do? How long does it take ?
Hydration is necessary. It can take 15 hours.
What is hydration ?
Moving a blob from archive to either cool or hot tier in order to be able to access it.
Blob life cycle management rules execute against what type of object ?
A storage account
When you define a blob life cycle management rule, and you want to limit the the scope to only certain blobs, what option should use configure ?
The blob index match option
True or false : Blob lifecycle rules can delete the data at the end of the life cycle
True
When defining a rule for configuring a blob lifecycle, what are the two options for “Blob type” ? What are the three options for “Blob subtype” ?
Blob type - block blob, append blob
Blob subtype - base blobs, snapshots, versions
Azure storage accounts provide four separate services : …………………, …………………, …………………, ………………… .
Blob storage
Table storage
Queue storage
Azure Files
………………………………. use magnetic drives and provide the lowest cost per GB. This type of account is best suited for applications that require bulk storage or where data is accessed infrequently.
- Standard storage accounts
- Premium storage accounts
Standard storage accounts
True or false : Access tiers apply only to blob storage and block blob storage
False, they do not apply to block blob storage
What are three types of SAS tokens ?
User delegation SAS tokens
Account SAS tokens
Service Level SAS tokens
What type of SAS token is for blobs and containers only ?
User delegation SAS tokens
What type of SAS tokens given access to the entire storage account ?
Account SAS tokens
What type of SAS tokens authenticate with Azure AD ?
User delegation SAS tokens
Why is it good practice to use SAS tokens with Stored Access policies ?
SAS tokens can not be revoked without rolling over the storage account key.
Stored Access policies can easily modified, thus modifying the parameters of the existing SAS tokens
A …………………………………. container serves as a default container for your storage account. A storage account may have only one of these container.
root
What kind of blob is the foundation of Azure Disks ?
Page blobs
True or false : Page blobs can use the hot, cool, and archive access tier
False
True or false : Page blobs can only use the hot access tier
True
