Managing Storage Accounts Flashcards
Define “Storage Account”
A storage account groups several Azure Storage services together in one place, so you can manage them as a group.
What are the three kinds of storage?
- Storage V2
- Storage (General purpose V1)
- Blob Storage
Explain Storage V2
Storage V2 supports all storage types and all of the latest features.
Explain Storage (General purpose V1)
Storage is a legacy storage account that supports al storage types by may not support all features.
Which storage option does Microsoft recommend be used for all new storage accounts?
Storage V2
True or False:
Solid state drives are used in both standard performance and premium performance storage solutions.
False
Solid state drives are only available to premium accounts. Standard accounts will use magnetic disk drives.
Describe Zone-redundant storage.
ZRS is your best redundancy option when it comes to single-region redundancy. ZRS replicates your data synchronously across three Azure availability zones in your primary region. Each availability zone is a data center with independent cooling, power, and networking.
True or False:
Subnets or virtual networks that you want to restrict access to must reside in the same Azure region or region pair as the storage account you are configuring access to.
True
What are the two routing options you are given under Network Routing in Network settings?
- Microsoft network routing
- Internet routing
Of the two storage account routing options, which one is recommended for most customers?
Microsoft network routing is recommended for most customers.
What service allows you to privately connect to a storage account via a network interface that uses a private IP address from your vNET?
Azure Private Link
Describe shared access signatures
SASs provide granular access (read-only/read write) to files in azure storage. They allow clients to access storage without having direct access to the storage account credentials. You can set an expiration time for storage access. The SAS should be protected like a key.
Name the three types of Shared Access Signatures
- User Delegation SAS
- Service SAS
- Account SAS
Describe User Delegation SAS
This can only be used for Blob storage and is secured with Azure AD credentials.
Describe Service SAS
This delegates access to a resource in any ONE of the four Azure Storage services (Blob, queue, table, or file). Secured using a storage account key.
Describe Account SAS
This delegates access to a resource in any ONE of the four Azure Storage services (Blob, queue, table, or file) and also controls access to service-level operations. Secured with a storage account key.
What are the two components of an SAS?
- URI: points to one or more storage resources.
- Token: specifies how resources may be accessed.
True or False:
When using a SAS, you should always use HTTPS.
True
This is Microsoft’s recommendation
Why are there two storage account access keys?
If you need to change the access key to one of your storage accounts for any reason you will be able to rotate to the second key without breaking access to the account. While you are using key 2, you can regenerate key 1 and vice versa.
What are storage account access keys?
Access keys are 512 bit keys used to authorize access to the data in your storage accounts.
Why would you want a stored access policy?
The use of shared access signatures means that anyone who gets a hold of that signature can easily access data in your storage. You can associate shared access signatures with a stored access policy to help control who has access to your storage. This provides a level of control over and above service-level shared access signatures.
Stored access policies can be used with Blob containers, file shares, queues, and tables. They allow you to change the start time, expiry time, and permissions for a signature and can be used to revoke a signature after it has been issued.
