Managing Storage Accounts Flashcards

1
Q

Define “Storage Account”

A

A storage account groups several Azure Storage services together in one place, so you can manage them as a group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three kinds of storage?

A
  • Storage V2
  • Storage (General purpose V1)
  • Blob Storage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain Storage V2

A

Storage V2 supports all storage types and all of the latest features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain Storage (General purpose V1)

A

Storage is a legacy storage account that supports al storage types by may not support all features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which storage option does Microsoft recommend be used for all new storage accounts?

A

Storage V2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False:
Solid state drives are used in both standard performance and premium performance storage solutions.

A

False
Solid state drives are only available to premium accounts. Standard accounts will use magnetic disk drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe Zone-redundant storage.

A

ZRS is your best redundancy option when it comes to single-region redundancy. ZRS replicates your data synchronously across three Azure availability zones in your primary region. Each availability zone is a data center with independent cooling, power, and networking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or False:
Subnets or virtual networks that you want to restrict access to must reside in the same Azure region or region pair as the storage account you are configuring access to.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the two routing options you are given under Network Routing in Network settings?

A
  • Microsoft network routing
  • Internet routing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Of the two storage account routing options, which one is recommended for most customers?

A

Microsoft network routing is recommended for most customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What service allows you to privately connect to a storage account via a network interface that uses a private IP address from your vNET?

A

Azure Private Link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe shared access signatures

A

SASs provide granular access (read-only/read write) to files in azure storage. They allow clients to access storage without having direct access to the storage account credentials. You can set an expiration time for storage access. The SAS should be protected like a key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Name the three types of Shared Access Signatures

A
  • User Delegation SAS
  • Service SAS
  • Account SAS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe User Delegation SAS

A

This can only be used for Blob storage and is secured with Azure AD credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe Service SAS

A

This delegates access to a resource in any ONE of the four Azure Storage services (Blob, queue, table, or file). Secured using a storage account key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe Account SAS

A

This delegates access to a resource in any ONE of the four Azure Storage services (Blob, queue, table, or file) and also controls access to service-level operations. Secured with a storage account key.

17
Q

What are the two components of an SAS?

A
  • URI: points to one or more storage resources.
  • Token: specifies how resources may be accessed.
18
Q

True or False:
When using a SAS, you should always use HTTPS.

A

True
This is Microsoft’s recommendation

19
Q

Why are there two storage account access keys?

A

If you need to change the access key to one of your storage accounts for any reason you will be able to rotate to the second key without breaking access to the account. While you are using key 2, you can regenerate key 1 and vice versa.

20
Q

What are storage account access keys?

A

Access keys are 512 bit keys used to authorize access to the data in your storage accounts.

21
Q

Why would you want a stored access policy?

A

The use of shared access signatures means that anyone who gets a hold of that signature can easily access data in your storage. You can associate shared access signatures with a stored access policy to help control who has access to your storage. This provides a level of control over and above service-level shared access signatures.

Stored access policies can be used with Blob containers, file shares, queues, and tables. They allow you to change the start time, expiry time, and permissions for a signature and can be used to revoke a signature after it has been issued.