Exam AZ-305 topic 2 question 31 discussion

In terms of supporting immutable storage, both Azure Data Lake storage and Azure Blob storage are correct. But ACL is supported by Azure Data Lake storage, not supported by Azure Blob storage. See below link. https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-comparison-with-blob-storage So the correct answer is B.

Azure Data Lake Storage. "Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs)." https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control "Immutable storage for Azure Data Lake Storage is now generally available." https://azure.microsoft.com/en-us/updates/immutable-storage-for-azure-data-lake-storage-is-now-generally-available/

B is correct

In the context of storing data assets in an Azure Storage account, the need is to ensure that data is immutable, anonymous access is disabled, and that Azure AD-based access control is supported. The recommended solution to meet these requirements is Azure Blob Storage. This service lets you configure immutable storage policies, enforce security with mandatory authentication, and apply granular permissions using Azure AD ACLs. Alternatives such as Azure Files, Azure Data Lake Storage and Azure NetApp Files were considered, but they do not offer immutable access for example.

While Azure Blob Storage also meets these requirements, ADLS Gen2 is specifically designed for big data analytics, providing additional capabilities such as hierarchical namespace and optimized performance for large datasets.

Both Azure Data Lake Storage and Azure Blob Storage do support what stated in the request, and anonymous access is disabled by default in both types of storage. However, in my opinion, the question is missing a couple of important hints that could make us head towards a solution or the other one: 1) Cost-effective solution - in this case, the choice would be Azure Blob Storage; 2) Optimised for big data analytics workloads - that would hint for Azure Data Lake Storage. Maybe the question in the real exam is different, so an assumption must be made: minimise costs - which means that the only viable choice is D. Azure Blob Storage.

You should include Azure Blob Storage in the recommendation. Here’s why: Immutable Storage: Azure Blob Storage supports immutable storage through features like Blob Immutability Policies, which allow you to set policies to make data immutable for a specified period. Disables Anonymous Access: Azure Blob Storage allows you to configure access settings to disable anonymous access to the storage account. ACL-Based Azure AD Permissions: Azure Blob Storage supports ACL-based permissions with Azure AD, allowing fine-grained access control to blobs and containers. Therefore, the correcT is D

I believe the answer B is correct as ADLS provides all features required Golden rule if you see choice between ADLS and ABS, 9 out of 10 you are safe to choose ADSL as it is Gen 2 and it is the future going forward as ABS v2 will see the same faith as ABS v1

Azure Data Lake Storage.

For your Azure Storage account that needs to support immutable storage, disable anonymous access, and support ACL-based Azure AD permissions, I recommend using Azure Data Lake Storage Gen2. Here’s why: Immutable Storage: Azure Data Lake Storage Gen2 supports immutable storage, which is essential for scenarios requiring write-once-read-many (WORM) policies1. Disabling Anonymous Access: It allows you to disable anonymous access to the storage account, ensuring that data access is restricted to authenticated and authorized users only1. ACL-based Azure AD Permissions: Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs), which are crucial for fine-grained access control1. This solution aligns with your requirements and provides a robust and secure environment for storing your data assets. https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

B azure blob storage does not support ACL

The recommended solution that meets the provided requirements is Azure Blob Storage. Here's why: Supports Immutable Storage: Azure Blob Storage supports the "Immutable Blob" feature, which allows you to store data in a WORM (Write Once, Read Many) state. Once data is written to an immutable blob, it cannot be modified or deleted for a specified retention period, making it suitable for compliance and regulatory requirements. Disables Anonymous Access: Azure Blob Storage allows you to disable anonymous access to the storage account, ensuring that only authorized users or applications can access the stored data. This enhances security by preventing unauthorized access to your data assets. Supports ACL-based Azure AD Permissions: Azure Blob Storage supports access control lists (ACLs) for managing permissions on blobs and containers. You can grant access to users and groups in Azure Active Directory (Azure AD) and define granular permissions using ACLs, providing fine-grained control over who can access the data stored in the storage account.

this disables anonymous access: https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent?tabs=portal blob supports immutable storage: https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview

This discussion makes feel that this question is an overkill requiring very sowcific knowledge. After getting through discussion and searching internet I still don't know if blob supports posix ACL, only blob, only adls or both?

I'm inclined to agree with Houzer. Azure Data Lake seems overkill for the required solution. I also did ask the question to Co-pilot and the answer was D, based on Blob hitting all requirements at a lower transactional cost. Not a great question, as Gen2 for ADL is not specified either. ACL is supported by both Azure Blob Storage and Azure Data Lake Storage Gen2, but with some differences. Azure Blob Storage supports container-level ACLs, which apply to all the blobs in the container. Azure Data Lake Storage Gen2 supports file-level and directory-level ACLs, which are more granular and flexible.

I think I'll have to go with D on this one - Azure Bob Storage. Azure Data Lake Storage could also be a viable option for storing data assets, especially for big data analytics workloads. However, there are a few reasons why Azure Blob Storage might be more suitable for your specific requirements: - Both Azure Data Lake Storage and Azure Blob Storage support immutable storage1. However, Azure Blob Storage provides more flexibility with time-based retention policies. - Azure Blob Storage does not permit anonymous access by default, which aligns with the requirement to disable anonymous access.

Blob supports ACL, is cheaper than Data Lake