Azure Storage Accounts and Management Policies

Questions and Answers

PDF Questions PDF Answers

Which type of storage account is required to support Data Lake Storage?

Premium File Storage

Cool Blob Storage

Standard General-purpose v1

Standard general-purpose v2 (correct)

What is a key requirement when using a lifecycle management rule for blobs?

Access tracking must be enabled (correct)

Lifecycle policies must be static

Monitoring of service health must be enabled

Access tracking must be disabled

Which of the following options applies to deletion locks?

Can be applied to Resource Groups (correct)

Can be applied to Microsoft 365 groups

Cannot be applied to subscriptions

Can only be applied at the management group level

What must be included in the metadata for specifying a custom recommendation in Azure Policies?

RemediationDescription

Which statement accurately describes the User Access Administrator role in Microsoft Entra?

Grants permissions to manage resource locks

Which of the following attributes is NOT mandatory for license assignment in Microsoft Entra?

User type

To enable POSIX-compliant access control, which feature must be activated on a storage account?

Hierarchical namespace

Which role in Microsoft Entra is specifically designed to manage support tickets?

User Administrator

What is the maximum number of instances available in a Standard App Service Plan?

10 instances

Which command would you use to check the NBT cache on a server?

nbtstat -c

What must be created before enabling log analytics on a load balancer?

A log analytics resource

What is the default backup duration for Azure virtual machines?

30 days

Which of the following statements about Azure VM management is false?

VMs can be easily moved to another VNET without deletion.

Which feature of Azure Monitor analyzes configuration and usage metrics but does not provide time-lapsed data?

Azure Advisor

To connect a VM from one VNET to another VNET, what is required?

Delete and recreate the VM

Which of the following options is necessary to receive alerts via email?

Action group and alert rule

What happens to a duplicate file on a file share and the file server in Azure File Sync?

The file on the server is renamed with the server's name appended.

Which of the following benefits are provided by using Bastion for RDP/SSH connections?

Supports multi-factor authentication.

What is one requirement for enabling user access to an SMB file share from on-premise servers?

Storage accounts must be joined to Azure AD Domain Services.

What is the primary purpose of Azure Application Insights funnels?

To monitor how users are navigating through the application.

What must be done to onboard customer tenants to Azure Lighthouse?

Publish managed services offers that include delegation definitions.

What is required to successfully record network requests in Azure?

Enable azure network watcher flow logs

Which Azure VM series is best suited for memory-intensive enterprise applications?

E-series

To restrict access to an Azure Blob Storage container, what must be established?

Virtual network service endpoints

What must be done to ensure Azure VMs achieve high availability of 99.95%?

Define an availability set alongside a scale set

Which authentication type is NOT associated with Azure Active Directory?

Two-step verification

What enables Azure AD Access Reviews to automate the access review process?

Collecting reviewer input and automatic actions

What is a prerequisite for storing logs with a severity level of Warning or higher?

Enable Application Logging (Blob) and set severity to Warning

What happens to an Azure account when the Fraud feature is enabled?

The account is blocked for 90 days unless an admin intervenes

Which method is NOT a recognized way to migrate an on-premises identity provider to Azure AD?

Impersonation migration

Which of the following provides the most granular and secure way to restrict network access to an Azure storage account?

Azure Service Endpoints

Which of these Azure Backup policy components defines the duration for which backups are stored?

Retention range

In a hub-and-spoke model, what is the primary function of the hub VNET?

To act as the central point of connectivity for shared services

What is a requirement for setting up alert rate limiting in Azure?

Establishing a log analytics workspace

Which type of managed identity in Azure is tied directly to the lifecycle of the resource?

System-assigned identity

Which statement about moving storage resources is true?

Public IPs are not movable between regions

Which method is appropriate for connecting two VNETs that are located in different subscriptions?

Virtual Network Gateway

Study Notes

Storage Accounts

• Supports Data Lake Storage through blob storage, available in standard general-purpose v2 and premium block blobs.
• Immutability policy can include time-based retention or legal hold, preventing deletion of data.
• Lifecycle policies apply to blobs or containers to define actions post a specific time period.
• Access tracking is necessary for lifecycle management rules affecting blob movement or deletion.
• Hierarchical namespace must be enabled for POSIX-compliant access control lists.
• Microsoft Entra Kerberos can be utilized for identity-based access to file storage.

Deletion Locks

• Applicable to Resource Groups, Subscriptions, and VMs but not to management groups.

Azure Policies

• Use the RemediationDescription field for custom recommendations within policy metadata.

Microsoft Entra Roles

• User Administrator: Manages users and groups plus monitors service health.
• Billing Administrator: Focused on managing financial aspects.
• Service Administrator: Full Azure service access but excluding user and group management.
• User Access Administrator: Manages resource lock permissions.

License Assignments

• License assignments depend on specifying a user’s Usage location.
• Not all Microsoft 365 services are globally available.

Deployments

• Utilize various templates (TemplateUri, TemplateFile, TemplateSpecId) for resource deployment within Azure.

App Service Plans

• Free Plan: Limited to 0 instances and 1GB storage.
• Basic Plan: Offers 10GB storage and 3 instances.
• Standard Plan: Includes 50GB storage and can scale to 10 instances.
• Premium Plan: Provides 250GB storage and supports up to 30 instances.

Useful Commands

• netstat -an: Lists server listening ports.
• Test-NetConnection: Executes ping/ICMP tests.
• Get-AzVirtualNetwork: Retrieves virtual networks within a resource group.

Azure Monitoring and Metrics

• Log Analytics workspace aggregates log data from Azure Monitor and services.
• Activity logs are used for proactive issue detection.
• Azure Advisor analyzes configurations but lacks time-lapsed data tracking.
• Azure VM Insights monitor the health and performance of virtual machines.

VM Management

• Backups of VMs are retained for 30 days by default.
• Azure Custom Script Extension aids in post-deployment configurations.
• Desired State Configuration (DSC) enables configuration as code management.
• Azure VMAccess extension allows console access for maintenance tasks.

Alerts

• Email alerts require both an alert rule and an action group setup.

DNS Management

• Azure DNS Private Resolver proxies DNS queries between on-premises and Azure environments.
• Virtual Network Links integrate virtual networks with private DNS zones.

Virtual Machine Series

• A-series: Best for entry-level workloads.
• D-series: Balanced for production workloads.
• E-series: Optimized for memory-intensive applications.
• F-series: High CPU-to-memory ratio.
• M-series: Tailored for memory-hungry applications.

Network Security Groups (NSG)

• Can be associated with network interfaces and subnets for traffic control.

Access Restrictions

• Virtual network service endpoints are necessary to restrict access to Azure Blob Storage.

Azure Import/Export

• Facilitates large data transfer to Azure Storage Accounts, only containers can be exported.

Azure Password Security

• Different reset policy for administrators, not requiring security questions.
• Fraud features can block accounts for 90 days if enabled.

SLA Requirements

• High availability (99.95%) requires the definition of an availability set alongside a scale set.

Azure AD and Governance

• Azure AD Join adds security principals to the local administrators group.
• Access reviews automate the review process for user access management.

Azure File Sync

• Duplicate files on the server are renamed with server identification.

Application Insights

• Funnels, Load times, Retention, and User flows assess app performance and user behavior.
• Availability Tests simulate user traffic to measure responsiveness from various regions.

Connectivity Options

• Point-to-Site (P2S) for connections from users to a virtual network.
• Site-to-Site facilitates connections across multiple networks.

Backup and Restore in App Service

• Available under Standard, Premium, Isolated, and App Service Linux plans.

SMB Access

• Requires Azure AD Domain Services and storage account joining for on-premises access.

Azure Bastion

• Provides secure RDP/SSH access without public IP requirements and supports MFA.

Azure Lighthouse

• Enables central management of Azure resources across multiple customer tenants through managed offers.

Identity Migration

• Migration to Azure AD can utilize Azure AD Connect cloud sync, password hash sync, or pass-through authentication.

Web Application Firewall (WAF)

• Custom WAF rules protect applications from specific web attack patterns.

Disaster Recovery

• Geographic redundancy achieved through GRS, RA-GRS, and ZRS for Azure Storage enhances business continuity.

Hub and Spoke Architecture

• Centralized hub VNET interconnects multiple spoke VNETs for scalable architecture.

Service Endpoints

• Provides granular network access restrictions to a storage account from specific VNETs.

Managed Identities

• Two types: system-assigned (resource tied) and user-assigned (independent).

Azure Backup Policy

• Retention ranges for backups must be defined within the backup policy.

Azure Resource Graph

• Allows querying resource data across subscriptions via KQL, REST API, PowerShell, and Azure CLI.

Azure Security

• Azure Sentinel is utilized for analyzing security threats and anomalies.

Alert Rate Limiting

• Different thresholds apply for various alert communication methods, ensuring controlled notifications.

Resource Movement

• Storage can be moved irrespective of location, but NICs attached to VMs cannot be moved.

Virtual Networks

• Virtual Network Gateways are necessary for connecting VNETs across different subscriptions.

Description

Test your knowledge on Azure Storage Accounts, including features like Data Lake Storage, immutability policies, and Azure policies. Explore roles such as User Administrator and Billing Administrator, as well as key concepts like deletion locks and access tracking. This quiz will help you understand essential Azure management capabilities.