Storage Flashcards
What does the storage firewall in Azure allow you to do?
Limit access to specific IP addresses or an IP address range for all storage account services.
How can you restrict access to specific subnets within an Azure VNet using the storage firewall?
By using service endpoints.
What option in the storage firewall allows access for Azure Backup, Azure Site Recovery, and Azure Networking?
Allow Trusted Microsoft Services To Access This Account.
What are the three access levels for Azure Blob Storage?
Private, Blob, Container.
What does the ‘Private’ access level in Azure Blob Storage mean?
Only the storage account owner can access the container and its blobs.
What is the purpose of a Shared Access Signature (SAS) token in Azure?
To grant access to specific containers, blobs, queues, and tables for a specified period of time with specified permissions.
What protocol must be used when dealing with SAS tokens in Azure?
HTTPS.
What are the five separate storage services provided by Azure?
Blobs, Tables, Queues, Files, Disks.
What are the two storage performance tiers in Azure?
Standard and Premium.
What replication options does the Premium tier support for general-purpose storage accounts?
LRS.
What are the supported services for General-Purpose v2 storage accounts in Azure?
Blob, File, Queue, Table.
What is the maximum size for a Block Blob in Azure?
Slightly more than 4.75 TB.
What replication option in Azure Storage makes three synchronous copies of data within a single data center?
Locally redundant storage (LRS).
What replication option in Azure Storage makes three synchronous copies across multiple availability zones?
Zone redundant storage (ZRS).
What is required for a storage account to use Azure AD authorization?
The storage account must be created with the Azure Resource Manager deployment model.
What are the three RBAC roles for blobs in Azure?
Storage Blob Data Owner, Storage Blob Data Contributor, Storage Blob Data Reader.
What are the three RBAC roles for queues in Azure?
Storage Queue Data Contributor, Storage Queue Data Reader, Storage Queue Data Message Processor.
What command registers a storage account with your active directory environment using PowerShell?
Join-AzStorageAccountForAuth.
What command in AzCopy performs large-scale bulk transfer of data to and from Azure Storage?
azcopy copy.
What command in AzCopy synchronizes the contents of a destination container with a source container?
azcopy sync.
What are the limitations of blob object replication in Azure?
Doesn’t work with the Archive tier, snapshots, immutable snapshots, and accounts with a hierarchical namespace.
What are the three types of blobs in Azure Blob Storage?
Block Blobs, Page Blobs, Append Blobs.
What is the maximum size of a Page Blob in Azure?
8 TB.
What access tiers are supported by Blob Storage in Azure?
Hot, Cool, Archive.
What are the three kinds of storage accounts in Azure?
General-Purpose v1, General-Purpose v2, Blob Storage.
What Azure tool is used to transition data to lower-access tiers based on preconfigured rules?
Azure Storage lifecycle-management.
What is required for object replication in Azure Blob Storage?
Blob versioning and blob change feed must be enabled for both source and destination storage accounts.
What does a CanNotDelete resource lock in Azure do?
Prevents the deletion of a resource but allows modification.
What does a ReadOnly resource lock in Azure do?
Prevents modification or deletion of a resource but allows read access.
What is the maximum number of custom roles per directory in Azure AD?
5,000 custom roles.
What role is required to create a custom role in Azure AD?
Microsoft.Authorization/roleDefinitions/write permission on all AssignableScopes.
What happens to resources during a move operation in Azure?
They are locked, blocking write and delete operations, but the underlying service continues to function.