Azure AZ-900 Fundamentals Exam
Start here! Get your feet wet with the Microsoft cloud and begin your journey to earning your Microsoft Certified: Azure Fundamentals certification!
Practice Test
Practice Test
Describe storage account options and storage types
Analyze Security and Management Features
Azure provides a variety of storage account options and types, each with unique features and use cases. Understanding these options is crucial for selecting the right storage solution for your needs.
Azure File Storage is one such option, allowing you to create file shares accessible via the SMB protocol. You can connect to Azure Files using a connection string, which can be securely stored in Azure Key Vault. This ensures that sensitive information, like account keys, is protected and managed efficiently.
Shared Access Signatures (SAS) offer a way to delegate access to resources in your storage account. By using SAS, you can grant limited permissions to clients for a specified time, enhancing security by minimizing exposure. SAS tokens can also be stored in Azure Key Vault, enabling auto-rotation and further securing your storage account. Azure File share backup is a native, cloud-based solution that integrates with Azure Backup and Azure File Sync. This service provides zero infrastructure deployment, customized retention policies, and instant restore capabilities. It protects against accidental deletions by enabling the soft delete feature, which retains deleted file shares and snapshots for a configurable period, ensuring data recovery without loss. Azure Policy helps enforce organizational standards and assess compliance at scale. It provides a compliance dashboard to evaluate the overall state of your environment and supports bulk remediation for existing resources. Azure Policy can enforce governance actions like ensuring resources are deployed only to allowed regions and requiring diagnostic logs to be sent to a Log Analytics workspace.
Azure Firewall Manager centralizes security policy and route management for cloud-based security perimeters. It allows Enterprise IT teams to define network and application-level rules across multiple Azure Firewall instances, providing a unified approach to traffic filtering and protection. DevOps teams can create local firewall policies derived from organization-mandated base policies, ensuring agility and compliance.
By leveraging these security and management features, you can maintain data integrity, optimize storage costs, and ensure compliance with organizational standards. Understanding and utilizing these tools effectively will help you manage your Azure storage accounts securely and efficiently.
Identify Azure Storage Account Types
Azure offers several types of storage accounts, each designed to meet different needs and use cases. General-purpose v1 and General-purpose v2 storage accounts support a wide range of Azure storage services, including blobs, file shares, queues, and tables. General-purpose v2 is recommended for most scenarios as it provides the latest features and enhancements at a lower cost. Blob storage accounts are specialized for storing unstructured data like text and binary data. They are optimized for scenarios such as serving images or documents directly to a browser, streaming video and audio, and storing data for backup and restore, disaster recovery, and archiving. Blob storage accounts support different performance tiers, including Standard and Premium. Premium block blob storage accounts are ideal for workloads requiring low latency and high transaction rates. Azure Data Lake Storage Gen2 builds on Azure Blob Storage and is designed for big data analytics. It offers a hierarchical file system, low-cost tiered storage, high availability, and strong consistency. Data Lake Storage Gen2 is suitable for scenarios that require massive scalability and high-performance data access, such as big data analytics and machine learning. Each storage account type provides different features and performance options. For example, Standard performance tier is suitable for most general-purpose storage needs, while Premium performance tier is designed for high-performance workloads. Understanding the specific use cases and features of each storage account type helps in selecting the right storage solution for your needs.
Differentiate Between Storage Tiers
Azure offers various storage tiers to help manage costs and performance based on how frequently data is accessed.
Hot tier is designed for data that is accessed or modified frequently. It has the highest storage costs but the lowest access costs, making it ideal for data that needs to be readily available.
The Cool tier is for data that is infrequently accessed or modified. It requires data to be stored for a minimum of 30 days. This tier has lower storage costs compared to the Hot tier but higher access costs, making it suitable for data that doesn't need to be accessed often but should still be available quickly when needed.
The Cold tier is similar to the Cool tier but requires data to be stored for a minimum of 90 days. It offers even lower storage costs and higher access costs than the Cool tier, making it ideal for data that is rarely accessed but still needs to be kept online.
Lastly, the Archive tier is for data that is rarely accessed and can tolerate retrieval times on the order of hours. Data in this tier must be stored for at least 180 days. It has the lowest storage costs but the highest access costs and requires rehydration to an online tier before it can be accessed or modified. Understanding these tiers and their cost implications, performance characteristics, and appropriate use cases is crucial for managing data efficiently in Azure. By selecting the right tier for your data, you can optimize costs while ensuring that your data is available when needed.
Evaluate Data Redundancy Options
Azure offers several data redundancy options to ensure the durability and availability of your data.
Locally Redundant Storage (LRS) replicates your data three times within a single data center in the primary region. This option protects against server rack and drive failures, ensuring that your data remains safe within the same data center.
Geo-Redundant Storage (GRS) provides a higher level of protection by replicating your data to a secondary region. This means that even if an entire region experiences an outage, your data is still accessible from another region. GRS is ideal for scenarios where you need to safeguard against region-wide failures.
Zone-Redundant Storage (ZRS) replicates your data across multiple availability zones within the same region. Availability zones are physically separate data centers within an Azure region, each with independent power, cooling, and networking. ZRS ensures that your data remains available even if one of the zones experiences a failure.
For even greater redundancy, Read-Access Geo-Redundant Storage (RA-GRS) allows read access to the data in the secondary region. This means that in addition to the benefits of GRS, you can also read your data from the secondary region, providing an extra layer of availability. Azure Backup leverages these redundancy options to store your backup data securely.
By choosing the appropriate redundancy option, you can ensure that your backup data is protected against various types of failures, from local hardware issues to regional disasters. Understanding these options helps you make informed decisions about how to best protect your data in the cloud.
Examine Azure Storage Services
Azure Storage Services offer a variety of storage options to meet different needs. Azure Table Storage is a NoSQL datastore that stores large amounts of structured, non-relational data. It is ideal for applications that require quick access to data without the need for complex queries. Table Storage is cost-effective and scalable, making it suitable for storing user data, device information, and other metadata. It uses a key/attribute store with a schemaless design, allowing for flexible data management. Azure Queue Storage is designed for storing large numbers of messages that can be accessed from anywhere in the world via authenticated HTTP or HTTPS calls. Each message can be up to 64 KB in size, and queues can hold millions of messages. This service is commonly used to create a backlog of work to process asynchronously, which is useful in scenarios like the Web-Queue-Worker architectural style. Queue Storage ensures reliable message delivery and supports various programming languages for integration. Azure Blob Storage is used for storing unstructured data such as text or binary data. It is optimized for storing massive amounts of data and is ideal for serving images or documents directly to a browser, storing files for distributed access, streaming video and audio, and writing to log files. Blob Storage offers different tiers of storage to balance cost and performance, including hot, cool, and archive tiers. Azure File Storage provides fully managed file shares in the cloud that are accessible via the Server Message Block (SMB) protocol. This service is useful for scenarios where applications need to share files across multiple virtual machines. Azure File Storage supports both standard and premium performance tiers, allowing users to choose the appropriate level of performance based on their needs.
In summary, Azure Storage Services provide a range of options to store and manage data efficiently. Each service is designed to handle specific types of data and use cases, offering flexibility, scalability, and cost-effectiveness. Understanding these services and their functionalities helps in selecting the right storage solution for different cloud-based scenarios.
Evaluate Data Redundancy Options
Examine Azure Storage Services
Analyze Security and Management Features
Identify Azure Storage Account Types
Differentiate Between Storage Tiers