Implement and manage storage in Azure

Question 1

What is Microsoft’s Cloud Storage solution?

Answer 1

Azure Storage

Question 2

What types of objects can be stored in Azure storage?

Answer 2

Files, messages, tables, and other types of information.

Question 3

What are the 3 data structures that Azure Storage supports?

Answer 3

Structured data, unstructured data, and virtual machine data.

Question 4

Define ‘Virtual machine data’

Answer 4

Disks and files.

Question 5

Describe how a VM uses a virtual disk

Answer 5

Persistent block storage for Azure IaaS virtual machines; Store data like database files, website static content, or custom application code.

Question 6

Describe how Virtual machine data files are managed

Answer 6

Fully managed file shares in the cloud.

Question 7

Describe the format of ‘Unstructured data’

Answer 7

The format of unstructured data is referred to as nonrelational.

Question 8

What two Azure Storage services are used to store unstructured data?

Answer 8

Azure Blob Storage and Azure Data Lake Storage.

Question 9

Describe ‘Structured data’

Answer 9

Stored in a relational format; Often contained in a database table with rows, columns, and keys.

Question 10

What are the 3 Azure storage services that store structured data?

Answer 10

Azure Table Storage, Azure Cosmos DB, and Azure SQL Database.

Question 11

Define ‘Azure Cosmos DB’

Answer 11

Globally distributed database service.

Question 12

Define ‘Azure SQL Database’

Answer 12

Fully managed database-as-a-service built on SQL.

Question 13

What are the two tiers of general purpose Azure Storage?

Answer 13

Standard and Premium.

Question 14

Describe the standard tier of general purpose azure storage

Answer 14

Data is stored on HDDs; A standard storage account provides the lowest cost per GB.

Question 15

Describe the premium tier azure storage

Answer 15

Data is stored on SSDs; Offers consistent low-latency performance.

Question 16

How can resiliency be ensured with Azure storage?

Answer 16

Configuring data replication across datacenters or geographical regions for protection.

Question 17

Does Azure storage encrypt all data?

Answer 17

Yes.

Question 18

What are the four data services offered by Azure Storage?

Answer 18

1. Azure Blob Storage (containers)
2. Azure Files
3. Azure Queue Storage
4. Azure Table Storage

Question 20

Describe the purpose of ‘Azure Blob Storage (containers)’

Answer 20

For storing large amounts of unstructured/nonrelational data.

Question 21

What is blob storage ideal for?

Answer 21

Serving content to a web app; Storing data for backup/analysis; Videos/Text/Images/Installers.

Question 22

How can Azure blob storage be accessed?

Answer 22

Via HTTP(s)/Azure Shell; Shared access signature (SAS); API; Shared key

Question 23

Describe Azure Files and how it can be accessed

Answer 23

Enables highly available network file shares; Shares can be accessed via SMB and NFS protocol.

Question 24

What is Azure Files ideal for?

Answer 24

Applications (containers) and their data; Storing config files accessed by VMs; Logs; Migrating data.

Question 25

Describe the purpose of ‘Azure Queue Storage’

Answer 25

Used to store and retrieve messages.

Question 26

What typeof data is stored with ‘Azure Table Storage’?

Answer 26

Stores non-relational structured data (NoSQL).

Question 27

List the four Azure storage account options/SKUs

Answer 27

1. Standard/premium general-purpose v2
2. Premium block blobs
3. Premium file shares
4. Premium page blobs

Question 27

What types of data can be stored with the ‘General-purpose v2’ Azure storage account type/SKU

Answer 27

Can be used for most scenarios; blobs, file shares, queues, tables, and disks (page blobs).

Question 28

What types of data is stored with ‘Premium block blobs’ Azure storage account type/SKU?

Answer 28

Block blobs and append blobs only; Recommended for applications with high transaction rates.

Question 29

Describe the ‘Premium file shares’ Azure storage account type

Answer 29

For file shares only; Recommended for enterprise or high-performance scale applications.

Question 30

What types of data can be stored with ‘Premium page blobs’ Azure storage account type/SKU?

Answer 30

Page blobs only; Operating systems, data disks for virtual machines, and databases.

Question 31

What are the four replication services offered by Azure Storage?

Answer 31

1. Locally redundant storage (LRS)
2. Zone redundant storage (ZRS)
3. Geo-redundant storage (GRS)
4. Geo-zone-redundant storage (GZRS)

Question 32

Describe ‘Locally redundant storage (LRS)’

Answer 32

Replicates data within the same datacenter; Lowest-cost replication option and offers the least durability compared to others.

Question 33

What are best use cases for Locally redundant storage (LRS)?

Answer 33

Data replication is restricted within a country/region due to data governance requirements; Storing frequently changed data.

Question 34

Describe ‘Zone redundant storage (ZRS)’

Answer 34

Synchronously replicates your data across three availability zones in a single region.

Question 35

Describe ‘Geo-redundant storage (GRS)’

Answer 35

Replicates your data to a secondary region to offer redundancy during a region outage.

Question 36

What is the guaranteed SLA of Geo-redundant storage (GRS)?

Answer 36

99.99999999999999% (16 9’s) durability.

Question 37

What are the two forms of Geo-redundant storage (GRS)?

Answer 37

1. GRS
2. Read-access geo-redundant storage (RA-GRS)

Question 38

How does Geo-redundant storage (GRS) function in the event of failover?

Answer 38

Data is available to be read only if Microsoft initiates a failover from the primary to secondary region.

Question 39

How does Read-access geo-redundant storage storage (RA-GRS) function in the event of failover?

Answer 39

Replicates data to another data center in a secondary region.

Question 40

Can data be accessed without a triggered failover from Microsoft with user Read-access geo-redundant storage storage (RA-GRS)?

Answer 40

Yes; Can read from the secondary region regardless of whether Microsoft initiates a failover from the primary to the secondary.

Question 41

How does Geo-redundant storage (GRS) and Read-access geo-redundant storage storage (RA-GRS) replicate data between regions?

Answer 41

Data is first replicated with LRS; Then replicated asynchronously to the secondary region by using GRS.

Question 42

With Geo-redundant storage (GRS) and Read-access geo-redundant storage storage (RA-GRS), how does the secondary region replicate data?

Answer 42

The secondary region provides LRS.

Question 43

Describe ‘Geo-zone-redundant storage (GZRS)’

Answer 43

Data is replicated across three Azure availability zones in the primary region, and also replicated to a secondary geographic region.

Question 44

What is the guaranteed SLA of Geo-zone-redundant storage (GZRS)?

Answer 44

99.99999999999999% (16 9’s) durability.

Question 45

What two Azure storage replication services will provide read-only access during region wide outage?

Answer 45

1. RA-GRS
2. RA-GZRS

Question 46

What four Azure storage replication services provide data access in a region wide outage?

Answer 46

1. RA-GRS
2. RA-GZRS
3. GRS
4. GZRS

Question 47

What Azure storage replication service will not provide data access if an entire data center becomes unavailable?

Answer 47

LRS.

Question 48

What two components does the name of an Azure Storage account consist of?

Answer 48

1. Storage account name
2. Service domain

Question 49

What is the default endpoint name of a blob (container) service account?

Answer 49

StorageAccountName.blob.core.windows.net

Question 50

What is the default endpoint name of a table service account?

Answer 50

StorageAccountName.table.core.windows.net

Question 51

What is the default endpoint name of a queue service account?

Answer 51

StorageAccountName.queue.core.windows.net

Question 52

What is the default endpoint name of a file service account?

Answer 52

StorageAccountName.file.core.windows.net

Question 53

How is data in a storage account accessed by URL?

Answer 53

By appending the objects location in the endpoint URL.

Question 54

How can storage accounts leverage custom URL domain?

Answer 54

Implement an Azure Content Delivery Network (CDN) to access blobs by using custom domains over HTTPS.

Question 55

What are the two ways of configuring a custom domain for a subdomain to an Azure storage account?

Answer 55

1. Direct mapping
2. Intermediary domain mapping

Question 56

Describe how subdomain ‘Direct mapping’ is configured

Answer 56

Create a CNAME record that points from the subdomain to the Azure storage account.

Question 57

Describe subdomain ‘Intermediary domain mapping’

Answer 57

Adds a keyword to a subdomain CNAME that’s already in use within Azure.

Question 58

Describe how Intermediary domain mapping is configured

Answer 58

Prepend the keyword ‘asverify’ to the subdomain in Azure DNS

Question 59

Where are service endpoints configured for a storage account?

Answer 59

In the storage account.

Question 60

What is the purpose for configuring a service endpoint for a storage account?

Answer 60

Restrict access to your storage account from specific subnets on virtual networks or public IPs.

Question 61

Where must the storage account and virtual network be to configure a service endpoint for a storage account?

Answer 61

Subnets and virtual networks must exist in the same Azure region or region pair as the storage account.

Question 62

Define a ‘Blob’

Answer 62

Blob stands for Binary Large Object.

Question 63

Where/how is a blob stored?

Answer 63

Stored/Uploaded in a container resource to group a set of blobs; A blob can’t exist by itself in Blob Storage.

Question 64

What is the maximum amount of blobs that can be stored in a container?

Answer 64

Unlimited.

Question 65

What is the maximum amount of containers that can be stored in an Azure storage account?

Answer 65

Unlimited.

Question 66

Can there be duplicate names for a container in a single Azure storage account?

Answer 66

No; The name must be unique within the Azure storage account.

Question 67

Describe an ‘access tier’ and its purpose

Answer 67

Each access tier for blob storage is optimized to support a particular pattern of data usage.

Question 68

What are the 4 blob storage access tiers?

Answer 68

1. Hot
2. Cool
3. Cold
4. Archive

Question 69

Describe the ‘Hot’ blob storage access tier

Answer 69

Optimized for frequent reads and writes of objects in the Azure storage account.

Question 70

What is the best use case for the hot access tier?

Answer 70

For data that is actively being processed.

Question 71

Describe the overall cost of the hot access tier

Answer 71

Has the lowest access costs, but higher storage costs than the Cool and Archive tiers.

Question 72

What tier are new Azure storage account placed in by default?

Answer 72

Hot.

Question 73

Describe the ‘Cool’ blob storage access tier

Answer 73

Optimized for storing large amounts of data that’s infrequently accessed.

Question 74

What is the best use case for the cool access tier?

Answer 74

For data that remains untouched for at least 30 days; Hot-term backup and disaster recovery datasets and older media content.

Question 75

Describe the overall cost of the cool access tier

Answer 75

Most cost effective although it has the 2nd highest access costs.

Question 76

Describe the ‘Cold’ blob storage access tier

Answer 76

This tier is intended for larger amounts of data that can remain un-accessed for at least 90 days.

Question 77

How long must data in the ‘Archive’ blob storage access tier remain untouched?

Answer 77

Data must remain in the Archive tier for at least 180 days or be subject to an early deletion charge.

Question 78

What is the best use case for the archive access tier?

Answer 78

Secondary backups, original raw data, and legally required compliance information.

Question 79

What access tier is the most cost-effective for storing data?

Answer 79

Archive

Question 80

What access tier is the least cost-effective for accessing data?

Answer 80

Archive

Question 81

What access tier offers the highest SLA reliability?

Answer 81

Hot access tier

Question 82

What Blob storage mechanism can be used to help manage data lifecycle?

Answer 82

Lifecycle management rules to determine what tier data should be placed in, and expiration for the data.

Question 83

What types of storage accounts can use lifecycle management?

Answer 83

GPv2 and Blob Storage accounts.

Question 84

Can lifecycle management be applied to a container?

Answer 84

Yes.

Question 85

How can data be automatically moved to a different access tier over its lifecycle?

Answer 85

By creating a lifecycle management rule that can move the data to a different tier based on when it what created or last modified.

Question 86

Describe ‘blob object replication’

Answer 86

Object replication copies blobs in a container asynchronously according to policy rules that you configure.

Question 87

List the contents that are copied from the source to the destination during blob object replication

Answer 87

• The blob contents
• The blob metadata and properties
• Any versions of data associated with the blob

Question 88

What must be enabled on source and destination blob storage accounts/containers to perform blob object replication?

Answer 88

blob versioning.

Question 89

What type of data is not supported in blob object replication?

Answer 89

VM Snapshots.

Question 90

What access tiers support blob object replication

Answer 90

Hot, Cool, or Cold tier.

Question 91

Can source and destination blob storage accounts be in different access tiers when performing blob object replication?

Answer 91

Yes.

Question 92

What does a blob object replication policy consist of?

Answer 92

One or more rules that specify a source container and a destination container as well as the blobs in the source container to replicate.

Question 93

List the 3 types of Azure Storage Blobs

Answer 93

1. Block blobs
2. Append blobs
3. Page blobs

Question 94

Describe a ‘Block blob’

Answer 94

Ideal for storing text and binary data in the cloud, like files, images, and videos.

Question 95

Describe an ‘Append blob’

Answer 95

Useful for logging scenarios, where the amount of data can increase as the logging operation continues.

Question 96

What is the max size of a ‘Page blob’?

Answer 96

Can be up to 8TB in size

Question 97

What is the default blob type for a new blob?

Answer 97

Block blob.

Question 98

Define ‘AzCopy’

Answer 98

Cloud shell command that copies data to/from blob storage/containers/accounts.

Question 99

Describe ‘Azure Data Box Disk ‘

Answer 99

A service for transferring large amounts of on-premises data to Blob Storage using Microsoft provided SSDs.

Question 100

Describe ‘Azure Import/Export’

Answer 100

Export/import data by sending Microsoft hard drives with data and they will send them back.

Question 101

Describe ‘Blob versioning’

Answer 101

Automatically maintain previous versions of an object; Access earlier versions of a blob to recover your data if it’s modified or deleted.

Question 102

Between what two access tiers will data automatically change when it accessed/inaccessed?

Answer 102

Hot tier to cool tier.

Question 103

What access control mechanisms are used to secure Azure Storage?

Answer 103

Microsoft Entra ID and role-based access control (RBAC)

Question 104

How can data be secure in transit when using Azure storage?

Answer 104

By using Client-Side Encryption, HTTPS, or SMB 3.0.

Question 105

How does Azure storage leverage zero trust?

Answer 105

Every request made against a secured resource must be authorized.

Question 106

Describe a ‘shared access signature (SAS)’

Answer 106

A uniform resource identifier (URI) that grants restricted access rights to Azure Storage resources.

Question 107

What is the purpose of implementing a shared access signature (SAS)?

Answer 107

A secure way to share storage resources with unauthorized users without compromising your account keys.

Question 108

Can a shared access signature (SAS) be time based?

Answer 108

Yes; Specify the time interval for which a SAS is valid.

Question 109

What are the two types of shared access signature (SAS)?

Answer 109

1. Account-level
2. Service-level

Question 110

Describe an ‘Account-level’ shared access signature (SAS)

Answer 110

SAS delegates access to resources in one or more Azure Storage services.

Question 111

Describe an ‘Service-level’ shared access signature (SAS)

Answer 111

Service-level SAS delegates access to a resource in only one Azure Storage service.

Question 112

Can shared access signature (SAS) specify a range of IPs to accept shared access signature (SAS) from?

Answer 112

Yes.

Question 113

What does a shared access signature (SAS) uniform resource identifier (URI) consist of?

Answer 113

The Azure Storage resource URI and the SAS token.

Question 114

How is data encrypted/decrypted in Azure storage?

Answer 114

Encryption and decryption processes happen automatically.

Question 115

How is data in Azure storage encrypted?

Answer 115

All data written to Azure Storage is encrypted through AES-265 encryption.

Question 116

How can encryption keys be managed in Azure Storage?

Answer 116

Microsoft managed or customer (self) managed.

Question 117

What service is used to manage and generate encryption keys?

Answer 117

Azure key vault.

Question 118

What is the security risk of shared access signature (SAS)?

Answer 118

If a SAS is compromised, it can be used by anyone who obtains it, including a malicious user.

Question 119

What is best practice for securing shared access signature (SAS)?

Answer 119

Always use HTTPS for creation and distribution.

Question 120

Define a ‘stored access policy’

Answer 120

Revoke permissions without having to regenerate the Azure storage account keys by setting key expiration date.

Question 121

How can clients ensure access to keys if the service providing shared access signature (SAS) is unavailable?

Answer 121

Require clients automatically renew the SAS.

Question 122

What is best practice for configuring a shared access signature (SAS) start time?

Answer 122

Set the start time to at least 15 minutes in the past. Or, don’t set a specific start time, which causes the SAS to be valid immediately

Question 123

How can the amount of data uploaded/downloaded using shared access signature (SAS) be restricted?

Answer 123

Near-term expiration times can limit the amount of data that can be written to a blob by limiting the time available to upload to it.

Question 124

How does implementing a shared access signature (SAS) effect cost?

Answer 124

There are additional charges for upload/download ingress/egress.

Question 125

What solution is the easiest way to implement secure storage for a company’s media files?

Answer 125

Create stored access policies for each container to enable revocation of access or change of duration.

Question 126

How/Where are files accessed using Azure Files stored?

Answer 126

Allows you to cache several Azure Files shares on an on-premises Windows Server or cloud virtual machine.

Question 127

How do VMs or other cloud services access data in Azure Files?

Answer 127

By mounting an Azure File share.

Question 128

How many VMs or services can mount/access an Azure File share?

Answer 128

Unlimited simultaneous connections to on-prem or cloud.

Question 129

What are the two supported protocols for mounting an Azure file share?

Answer 129

NFS and SMB.

Question 130

Can the same file Azure file share use SMB and NFS at the same time?

Answer 130

No; One or the other.

Question 131

What are the two types of Azure file shares?

Answer 131

1. premium
2. Standard

Question 132

Describe a premium azure file share

Answer 132

Stores data on SSDs; can be used to APIs; can’t go back to standard tier.

Question 133

Describe a standard azure file share

Answer 133

Stores data on HDDs; Can only use SMB and NFS.

Question 134

What is a networking consideration when deploring an Azure SMB file share?

Answer 134

Open port 445.

Question 135

What is the function of an Azure file snapshot?

Answer 135

Capture a point-in-time, read-only copy of your data.

Question 136

Are snapshots incremental?

Answer 136

Yes.

Question 137

Can a snapshot of an individual snapshot be taken?

Answer 137

Yes.

Question 138

Define ‘soft delete for Server Message Block (SMB) file shares’

Answer 138

Lets you recover deleted files and file shares or ‘softly’ delete files.

Question 139

How are files softly deleted with soft delete for Azure files?

Answer 139

A retention period is set and defines the amount of time that soft deleted files are stored and available for recovery.

Question 140

What is the retention period range Azure allows for soft delete?

Answer 140

Between 1 and 365 days.

Question 141

How is soft delete enabled?

Answer 141

Enabled at the storage account level; can be enabled on either new or existing file shares.

Question 142

Define ‘Azure Storage Explorer’

Answer 142

Standalone GUI application for accessing multiple storage accounts and subscriptions, to manage Storage content.

Question 143

What are the requirements to implement Azure Storage explorer?

Answer 143

Requires Azure Resource Manager and Role-based access control along with Azure AD (Entra ID).

Question 144

Can an external storage account be connect to Azure Storage explorer?

Answer 144

Yes.

Question 145

Define a storage access key

Answer 145

Access keys provide access to the entire storage account.

Question 146

How many access/account keys are provided to the tenant when a storage account is created?

Answer 146

2

Question 147

Describe ‘Azure File Sync’

Answer 147

Enables you to cache several Azure Files shares on an on-premises Windows Server or cloud virtual machine.

Question 148

Define ‘Cloud tiering’

Answer 148

Optional feature of Azure File Sync; Frequently accessed files are cached locally on the server while all other files are tiered to Azure Files based on policy settings.

Question 149

How is a file stored with Azure File Sync cloud tiering?

Answer 149

Initially stored on-prem, once inactivity policy is reached, File Sync replaces the file with a pointer URL (reparse point) to the file in Azure files.

Question 150

How is a file accessed with cloud tiering?

Answer 150

Azure File Sync recalls the file data from Azure Files.

Question 151

How are cloud tiered files represented?

Answer 151

Greyed icons with an offline O file attribute.

Question 152

What are the best scenarios for Azure File Sync?

Answer 152

Migration; Support for Branch offices; Backup/recovery.

Question 153

Define a ‘storage account’

Answer 153

An Azure resource; A Container that groups a set of Azure Storage services together.

Question 154

What Azure storage services can be stored in a storage account?

Answer 154

Azure Blobs, Azure Files, Azure Queues, and Azure Tables.

Question 155

What is the benefit of combining multiple azure storage services under a single storage account or resouce group?

Answer 155

Enables you to manage them as a group.

Question 156

What is the affect of deleting a storage account?

Answer 156

Deletes all of the data stored inside it.

Question 157

What Azure data services can’t be included in a storage account, and are managed independently by Azure?

Answer 157

Azure SQL and Azure Cosmos DB.

Question 158

What are the two deployment models Azure offers for a storage acount?

Answer 158

Resource Manager and Classic.

Question 159

What is the recommended deployment model for a storage account?

Answer 159

Resource manager.

Question 160

When choosing a name for a storage account, what must be required?

Answer 160

The name must be globally unique.

Question 161

What are two ways to limit public access to blob storage?

Answer 161

1. Via the Storage Account
2. Via the Container

Question 162

What parameter is configured at the storage account level to allow public access?

Answer 162

Set the AllowBlobPublicAccess property to true or false.

Question 163

What are the two ways public access is granted at the storage account level?

Answer 163

1. Public read access for blobs
2. public read access for a container and its blobs

Question 164

In order to allow public access to blob storage, what two things must be configred?

Answer 164

1. Storage account set to public access
2. Container settings set to public access.

Question 165

What are the 3 types of Shared access signatures (SASs)?

Answer 165

1. User delegation SAS
2. Service SAS
3. Account SAS

Question 166

How is ‘User delegation shared access signature (SAS)’ secured?

Answer 166

Secured with Microsoft Entra credentials; Can only be used for blob storage.

Question 167

How is a ‘Service shared access signature (SAS)’ secured?

Answer 167

secured using a storage account key to only once of four Azure Storage services.

Question 168

How is a ‘Account shared access signature (SAS)’ secured?

Answer 168

Secured with a storage account key; Can also control access to service-level operations.

Question 169

How many shared access signatures (SASs) can a single stored access policy be associated with?

Answer 169

Up to five active SASs.

Question 170

How is a shared access signature (SAS) encrypted?

Answer 170

The signature is signed with your storage account key when you create a service or account shared access signature or with a user delegation shared access signature in Entra ID.

Question 171

What is the most secure implementation of shared access signature (SAS)?

Answer 171

User delegation via Entra ID.

Question 172

What 4 Azure storage resources can a stored access policy be applied to?

Answer 172

1. Blob containers
2. File shares
3. Queues
4. Tables

Question 173

What Azure storage resources/services can be accesses by Azure Storage explorer?

Answer 173

Blobs; Tables; Queues; Azure Files; Azure Data Lake.

Question 174

What is the purpose of a local emulator?

Answer 174

Emulates storage resources to a local computer to reduce cost.

Question 175

Describe the purpose/function of Azure Data Lake Storage

Answer 175

Used for storing and analyzing large data sets.