Implement and manage storage in Azure Flashcards
1
Q
What is Microsoft’s Cloud Storage solution?
A
Azure Storage
2
Q
What types of objects can be stored in Azure storage?
A
Files, messages, tables, and other types of information.
3
Q
What are the 3 data structures that Azure Storage supports?
A
Structured data, unstructured data, and virtual machine data.
4
Q
Define ‘Virtual machine data’
A
Disks and files.
5
Q
Describe how a VM uses a virtual disk
A
Persistent block storage for Azure IaaS virtual machines; Store data like database files, website static content, or custom application code.
6
Q
Describe how Virtual machine data files are managed
A
Fully managed file shares in the cloud.
7
Q
Describe the format of ‘Unstructured data’
A
The format of unstructured data is referred to as nonrelational.
8
Q
What two Azure Storage services are used to store unstructured data?
A
Azure Blob Storage and Azure Data Lake Storage.
9
Q
Describe ‘Structured data’
A
Stored in a relational format; Often contained in a database table with rows, columns, and keys.
10
Q
What are the 3 Azure storage services that store structured data?
A
Azure Table Storage, Azure Cosmos DB, and Azure SQL Database.
11
Q
Define ‘Azure Cosmos DB’
A
Globally distributed database service.
12
Q
Define ‘Azure SQL Database’
A
Fully managed database-as-a-service built on SQL.
13
Q
What are the two tiers of general purpose Azure Storage?
A
Standard and Premium.
14
Q
Describe the standard tier of general purpose azure storage
A
Data is stored on HDDs; A standard storage account provides the lowest cost per GB.
15
Q
Describe the premium tier azure storage
A
Data is stored on SSDs; Offers consistent low-latency performance.
16
Q
How can resiliency be ensured with Azure storage?
A
Configuring data replication across datacenters or geographical regions for protection.
17
Q
Does Azure storage encrypt all data?
A
Yes.
18
Q
What are the four data services offered by Azure Storage?
A
- Azure Blob Storage (containers)
- Azure Files
- Azure Queue Storage
- Azure Table Storage
19
Q
A
20
Q
Describe the purpose of ‘Azure Blob Storage (containers)’
A
For storing large amounts of unstructured/nonrelational data.
21
Q
What is blob storage ideal for?
A
Serving content to a web app; Storing data for backup/analysis; Videos/Text/Images/Installers.
22
Q
How can Azure blob storage be accessed?
A
Via HTTP(s)/Azure Shell; Shared access signature (SAS); API; Shared key
23
Q
Describe Azure Files and how it can be accessed
A
Enables highly available network file shares; Shares can be accessed via SMB and NFS protocol.
24
Q
What is Azure Files ideal for?
A
Applications (containers) and their data; Storing config files accessed by VMs; Logs; Migrating data.
25
Describe the purpose of 'Azure Queue Storage'
Used to store and retrieve messages.
26
What typeof data is stored with 'Azure Table Storage'?
Stores non-relational structured data (NoSQL).
27
List the four Azure storage account options/SKUs
1. Standard/premium general-purpose v2
2. Premium block blobs
3. Premium file shares
4. Premium page blobs
27
What types of data can be stored with the 'General-purpose v2' Azure storage account type/SKU
Can be used for most scenarios; blobs, file shares, queues, tables, and disks (page blobs).
28
What types of data is stored with 'Premium block blobs' Azure storage account type/SKU?
Block blobs and append blobs only; Recommended for applications with high transaction rates.
29
Describe the 'Premium file shares' Azure storage account type
For file shares only; Recommended for enterprise or high-performance scale applications.
30
What types of data can be stored with 'Premium page blobs' Azure storage account type/SKU?
Page blobs only; Operating systems, data disks for virtual machines, and databases.
31
What are the four replication services offered by Azure Storage?
1. Locally redundant storage (LRS)
2. Zone redundant storage (ZRS)
3. Geo-redundant storage (GRS)
4. Geo-zone-redundant storage (GZRS)
32
Describe 'Locally redundant storage (LRS)'
Replicates data within the same datacenter; Lowest-cost replication option and offers the least durability compared to others.
33
What are best use cases for Locally redundant storage (LRS)?
Data replication is restricted within a country/region due to data governance requirements; Storing frequently changed data.
34
Describe 'Zone redundant storage (ZRS)'
Synchronously replicates your data across three availability zones in a single region.
35
Describe 'Geo-redundant storage (GRS)'
Replicates your data to a secondary region to offer redundancy during a region outage.
36
What is the guaranteed SLA of Geo-redundant storage (GRS)?
99.99999999999999% (16 9's) durability.
37
What are the two forms of Geo-redundant storage (GRS)?
1. GRS
2. Read-access geo-redundant storage (RA-GRS)
38
How does Geo-redundant storage (GRS) function in the event of failover?
Data is available to be read only if Microsoft initiates a failover from the primary to secondary region.
39
How does Read-access geo-redundant storage storage (RA-GRS) function in the event of failover?
Replicates data to another data center in a secondary region.
40
Can data be accessed without a triggered failover from Microsoft with user Read-access geo-redundant storage storage (RA-GRS)?
Yes; Can read from the secondary region regardless of whether Microsoft initiates a failover from the primary to the secondary.
41
How does Geo-redundant storage (GRS) and Read-access geo-redundant storage storage (RA-GRS) replicate data between regions?
Data is first replicated with LRS; Then replicated asynchronously to the secondary region by using GRS.
42
With Geo-redundant storage (GRS) and Read-access geo-redundant storage storage (RA-GRS), how does the secondary region replicate data?
The secondary region provides LRS.
43
Describe 'Geo-zone-redundant storage (GZRS)'
Data is replicated across three Azure availability zones in the primary region, and also replicated to a secondary geographic region.
44
What is the guaranteed SLA of Geo-zone-redundant storage (GZRS)?
99.99999999999999% (16 9's) durability.
45
What two Azure storage replication services will provide read-only access during region wide outage?
1. RA-GRS
2. RA-GZRS
46
What four Azure storage replication services provide data access in a region wide outage?
1. RA-GRS
2. RA-GZRS
3. GRS
4. GZRS
47
What Azure storage replication service will not provide data access if an entire data center becomes unavailable?
LRS.
48
What two components does the name of an Azure Storage account consist of?
1. Storage account name
2. Service domain
49
What is the default endpoint name of a blob (container) service account?
*StorageAccountName*.blob.core.windows.net
50
What is the default endpoint name of a table service account?
*StorageAccountName*.table.core.windows.net
51
What is the default endpoint name of a queue service account?
*StorageAccountName*.queue.core.windows.net
52
What is the default endpoint name of a file service account?
*StorageAccountName*.file.core.windows.net
53
How is data in a storage account accessed by URL?
By appending the objects location in the endpoint URL.
54
How can storage accounts leverage custom URL domain?
Implement an Azure Content Delivery Network (CDN) to access blobs by using custom domains over HTTPS.
55
What are the two ways of configuring a custom domain for a subdomain to an Azure storage account?
1. Direct mapping
2. Intermediary domain mapping
56
Describe how subdomain 'Direct mapping' is configured
Create a CNAME record that points from the subdomain to the Azure storage account.
57
Describe subdomain 'Intermediary domain mapping'
Adds a keyword to a subdomain CNAME that's already in use within Azure.
58
Describe how Intermediary domain mapping is configured
Prepend the keyword 'asverify' to the subdomain in Azure DNS
59
Where are service endpoints configured for a storage account?
In the storage account.
60
What is the purpose for configuring a service endpoint for a storage account?
Restrict access to your storage account from specific subnets on virtual networks or public IPs.
61
Where must the storage account and virtual network be to configure a service endpoint for a storage account?
Subnets and virtual networks must exist in the same Azure region or region pair as the storage account.
62
Define a 'Blob'
Blob stands for Binary Large Object.
63
Where/how is a blob stored?
Stored/Uploaded in a container resource to group a set of blobs; A blob can't exist by itself in Blob Storage.
64
What is the maximum amount of blobs that can be stored in a container?
Unlimited.
65
What is the maximum amount of containers that can be stored in an Azure storage account?
Unlimited.
66
Can there be duplicate names for a container in a single Azure storage account?
No; The name must be unique within the Azure storage account.
67
Describe an 'access tier' and its purpose
Each access tier for blob storage is optimized to support a particular pattern of data usage.
68
What are the 4 blob storage access tiers?
1. Hot
2. Cool
3. Cold
4. Archive
69
Describe the 'Hot' blob storage access tier
Optimized for frequent reads and writes of objects in the Azure storage account.
70
What is the best use case for the hot access tier?
For data that is actively being processed.
71
Describe the overall cost of the hot access tier
Has the lowest access costs, but higher storage costs than the Cool and Archive tiers.
72
What tier are new Azure storage account placed in by default?
Hot.
73
Describe the 'Cool' blob storage access tier
Optimized for storing large amounts of data that's infrequently accessed.
74
What is the best use case for the cool access tier?
For data that remains untouched for at least 30 days; Hot-term backup and disaster recovery datasets and older media content.
75
Describe the overall cost of the cool access tier
Most cost effective although it has the 2nd highest access costs.
76
Describe the 'Cold' blob storage access tier
This tier is intended for larger amounts of data that can remain un-accessed for at least 90 days.
77
How long must data in the 'Archive' blob storage access tier remain untouched?
Data must remain in the Archive tier for at least 180 days or be subject to an early deletion charge.
78
What is the best use case for the archive access tier?
Secondary backups, original raw data, and legally required compliance information.
79
What access tier is the most cost-effective for storing data?
Archive
80
What access tier is the least cost-effective for accessing data?
Archive
81
What access tier offers the highest SLA reliability?
Hot access tier
82
What Blob storage mechanism can be used to help manage data lifecycle?
Lifecycle management rules to determine what tier data should be placed in, and expiration for the data.
83
What types of storage accounts can use lifecycle management?
GPv2 and Blob Storage accounts.
84
Can lifecycle management be applied to a container?
Yes.
85
How can data be automatically moved to a different access tier over its lifecycle?
By creating a lifecycle management rule that can move the data to a different tier based on when it what created or last modified.
86
Describe 'blob object replication'
Object replication copies blobs in a container asynchronously according to policy rules that you configure.
87
List the contents that are copied from the source to the destination during blob object replication
- The blob contents
- The blob metadata and properties
- Any versions of data associated with the blob
88
What must be enabled on source and destination blob storage accounts/containers to perform blob object replication?
blob versioning.
89
What type of data is not supported in blob object replication?
VM Snapshots.
90
What access tiers support blob object replication
Hot, Cool, or Cold tier.
91
Can source and destination blob storage accounts be in different access tiers when performing blob object replication?
Yes.
92
What does a blob object replication policy consist of?
One or more rules that specify a source container and a destination container as well as the blobs in the source container to replicate.
93
List the 3 types of Azure Storage Blobs
1. Block blobs
2. Append blobs
3. Page blobs
94
Describe a 'Block blob'
Ideal for storing text and binary data in the cloud, like files, images, and videos.
95
Describe an 'Append blob'
Useful for logging scenarios, where the amount of data can increase as the logging operation continues.
96
What is the max size of a 'Page blob'?
Can be up to 8TB in size
97
What is the default blob type for a new blob?
Block blob.
98
Define 'AzCopy'
Cloud shell command that copies data to/from blob storage/containers/accounts.
99
Describe 'Azure Data Box Disk '
A service for transferring large amounts of on-premises data to Blob Storage using Microsoft provided SSDs.
100
Describe 'Azure Import/Export'
Export/import data by sending Microsoft hard drives with data and they will send them back.
101
Describe 'Blob versioning'
Automatically maintain previous versions of an object; Access earlier versions of a blob to recover your data if it's modified or deleted.
102
Between what two access tiers will data automatically change when it accessed/inaccessed?
Hot tier to cool tier.
103
What access control mechanisms are used to secure Azure Storage?
Microsoft Entra ID and role-based access control (RBAC)
104
How can data be secure in transit when using Azure storage?
By using Client-Side Encryption, HTTPS, or SMB 3.0.
105
How does Azure storage leverage zero trust?
Every request made against a secured resource must be authorized.
106
Describe a 'shared access signature (SAS)'
A uniform resource identifier (URI) that grants restricted access rights to Azure Storage resources.
107
What is the purpose of implementing a shared access signature (SAS)?
A secure way to share storage resources with unauthorized users without compromising your account keys.
108
Can a shared access signature (SAS) be time based?
Yes; Specify the time interval for which a SAS is valid.
109
What are the two types of shared access signature (SAS)?
1. Account-level
2. Service-level
110
Describe an 'Account-level' shared access signature (SAS)
SAS delegates access to resources in one or more Azure Storage services.
111
Describe an 'Service-level' shared access signature (SAS)
Service-level SAS delegates access to a resource in only one Azure Storage service.
112
Can shared access signature (SAS) specify a range of IPs to accept shared access signature (SAS) from?
Yes.
113
What does a shared access signature (SAS) uniform resource identifier (URI) consist of?
The Azure Storage resource URI and the SAS token.
114
How is data encrypted/decrypted in Azure storage?
Encryption and decryption processes happen automatically.
115
How is data in Azure storage encrypted?
All data written to Azure Storage is encrypted through AES-265 encryption.
116
How can encryption keys be managed in Azure Storage?
Microsoft managed or customer (self) managed.
117
What service is used to manage and generate encryption keys?
Azure key vault.
118
What is the security risk of shared access signature (SAS)?
If a SAS is compromised, it can be used by anyone who obtains it, including a malicious user.
119
What is best practice for securing shared access signature (SAS)?
Always use HTTPS for creation and distribution.
120
Define a 'stored access policy'
Revoke permissions without having to regenerate the Azure storage account keys by setting key expiration date.
121
How can clients ensure access to keys if the service providing shared access signature (SAS) is unavailable?
Require clients automatically renew the SAS.
122
What is best practice for configuring a shared access signature (SAS) start time?
Set the start time to at least 15 minutes in the past. Or, don't set a specific start time, which causes the SAS to be valid immediately
123
How can the amount of data uploaded/downloaded using shared access signature (SAS) be restricted?
Near-term expiration times can limit the amount of data that can be written to a blob by limiting the time available to upload to it.
124
How does implementing a shared access signature (SAS) effect cost?
There are additional charges for upload/download ingress/egress.
125
What solution is the easiest way to implement secure storage for a company's media files?
Create stored access policies for each container to enable revocation of access or change of duration.
126
How/Where are files accessed using Azure Files stored?
Allows you to cache several Azure Files shares on an on-premises Windows Server or cloud virtual machine.
127
How do VMs or other cloud services access data in Azure Files?
By mounting an Azure File share.
128
How many VMs or services can mount/access an Azure File share?
Unlimited simultaneous connections to on-prem or cloud.
129
What are the two supported protocols for mounting an Azure file share?
NFS and SMB.
130
Can the same file Azure file share use SMB and NFS at the same time?
No; One or the other.
131
What are the two types of Azure file shares?
1. premium
2. Standard
132
Describe a premium azure file share
Stores data on SSDs; can be used to APIs; can't go back to standard tier.
133
Describe a standard azure file share
Stores data on HDDs; Can only use SMB and NFS.
134
What is a networking consideration when deploring an Azure SMB file share?
Open port 445.
135
What is the function of an Azure file snapshot?
Capture a point-in-time, read-only copy of your data.
136
Are snapshots incremental?
Yes.
137
Can a snapshot of an individual snapshot be taken?
Yes.
138
Define 'soft delete for Server Message Block (SMB) file shares'
Lets you recover deleted files and file shares or 'softly' delete files.
139
How are files softly deleted with soft delete for Azure files?
A retention period is set and defines the amount of time that soft deleted files are stored and available for recovery.
140
What is the retention period range Azure allows for soft delete?
Between 1 and 365 days.
141
How is soft delete enabled?
Enabled at the storage account level; can be enabled on either new or existing file shares.
142
Define 'Azure Storage Explorer'
Standalone GUI application for accessing multiple storage accounts and subscriptions, to manage Storage content.
143
What are the requirements to implement Azure Storage explorer?
Requires Azure Resource Manager and Role-based access control along with Azure AD (Entra ID).
144
Can an external storage account be connect to Azure Storage explorer?
Yes.
145
Define a storage access key
Access keys provide access to the entire storage account.
146
How many access/account keys are provided to the tenant when a storage account is created?
2
147
Describe 'Azure File Sync'
Enables you to cache several Azure Files shares on an on-premises Windows Server or cloud virtual machine.
148
Define 'Cloud tiering'
Optional feature of Azure File Sync; Frequently accessed files are cached locally on the server while all other files are tiered to Azure Files based on policy settings.
149
How is a file stored with Azure File Sync cloud tiering?
Initially stored on-prem, once inactivity policy is reached, File Sync replaces the file with a pointer URL (reparse point) to the file in Azure files.
150
How is a file accessed with cloud tiering?
Azure File Sync recalls the file data from Azure Files.
151
How are cloud tiered files represented?
Greyed icons with an offline O file attribute.
152
What are the best scenarios for Azure File Sync?
Migration; Support for Branch offices; Backup/recovery.
153
Define a 'storage account'
An Azure resource; A Container that groups a set of Azure Storage services together.
154
What Azure storage services can be stored in a storage account?
Azure Blobs, Azure Files, Azure Queues, and Azure Tables.
155
What is the benefit of combining multiple azure storage services under a single storage account or resouce group?
Enables you to manage them as a group.
156
What is the affect of deleting a storage account?
Deletes all of the data stored inside it.
157
What Azure data services can't be included in a storage account, and are managed independently by Azure?
Azure SQL and Azure Cosmos DB.
158
What are the two deployment models Azure offers for a storage acount?
Resource Manager and Classic.
159
What is the recommended deployment model for a storage account?
Resource manager.
160
When choosing a name for a storage account, what must be required?
The name must be globally unique.
161
What are two ways to limit public access to blob storage?
1. Via the Storage Account
2. Via the Container
162
What parameter is configured at the storage account level to allow public access?
Set the AllowBlobPublicAccess property to true or false.
163
What are the two ways public access is granted at the storage account level?
1. Public read access for blobs
2. public read access for a container and its blobs
164
In order to allow public access to blob storage, what two things must be configred?
1. Storage account set to public access
2. Container settings set to public access.
165
What are the 3 types of Shared access signatures (SASs)?
1. User delegation SAS
2. Service SAS
3. Account SAS
166
How is 'User delegation shared access signature (SAS)' secured?
Secured with Microsoft Entra credentials; Can only be used for blob storage.
167
How is a 'Service shared access signature (SAS)' secured?
secured using a storage account key to only once of four Azure Storage services.
168
How is a 'Account shared access signature (SAS)' secured?
Secured with a storage account key; Can also control access to service-level operations.
169
How many shared access signatures (SASs) can a single stored access policy be associated with?
Up to five active SASs.
170
How is a shared access signature (SAS) encrypted?
The signature is signed with your storage account key when you create a service or account shared access signature or with a user delegation shared access signature in Entra ID.
171
What is the most secure implementation of shared access signature (SAS)?
User delegation via Entra ID.
172
What 4 Azure storage resources can a stored access policy be applied to?
1. Blob containers
2. File shares
3. Queues
4. Tables
173
What Azure storage resources/services can be accesses by Azure Storage explorer?
Blobs; Tables; Queues; Azure Files; Azure Data Lake.
174
What is the purpose of a local emulator?
Emulates storage resources to a local computer to reduce cost.
175
Describe the purpose/function of Azure Data Lake Storage
Used for storing and analyzing large data sets.
