You need to identify which storage account to use for the flow logging of IP traffic from VM5. The solution must meet the retention requirements. Which storage account should you identify?
For at least two reasons, storage2 is the only candidate:
- Location: The storage account used must be in the same region as the NSG.
- Retention is available only if you use General Purpose v2 Storage accounts (GPv2).
Reference:
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
Correct Answer is: B (Storage 2)
Network Watcher 'Flow Logs' tool is used to log information about Azure IP traffic and stores the data in Azure storage. You can log IP traffic using either of the two following tools:
i. NSG Flow Logs (log information about IP traffic flowing through a network security group) or
ii. VNET Flow Logs (log information about IP traffic flowing through a virtual network)
It is to be noted that NSG flow logs have a retention feature that allows deleting the logs automatically up to a year after their creation. Retention is available only if you use general-purpose v2 storage accounts.
So, despite the fact that there is no mention of NSG for VM5, in order to make use of retention feature, NSG flow must be implemented which would need GPv2 storage account. Also, VNET Flow logs is currently in Preview and is not recommended for Production workloads.
Ref:
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
I agree that the answer is B. Documentation clearly states only General Purpose V2 Storage supports retention. It also states that the storage must be in the same location as the nsg. That much I get. But can someone explain to me how the NSG being in the same region as the storage applies to this question? I only see mention of 2 NSGs in the example and neither are applied to VNET 4 where VM 5 is. As far as I can tell, only the storage type is relevant to this question. I’m open to being wrong if someone can explain it. Thanks.
This scenario was my first set of questions yesterday 7th July 2023. Thanks to all the knowledgeable contributors and those to did lab tests to help confirm the right answers.
I successfully aced it with 896 score. Going for the 305 now.
I tried it in my lab. With storage account v2 retentiuon policy - no issues.
When tried with V2 then message comes up - "Retention is only available with v2 Storage accounts.Learn more about retention policy."
Answer B is correct
Blob Storage accounts in Azure do not support flow logging for 365 days. Flow logging for Blob Storage accounts has a retention period of 30 days. This means that the flow log data is retained for only 30 days before being automatically deleted.
If you need to retain flow log data for a longer period and that is what we need 8 months, you may consider using General Purpose v2 (GPv2) storage accounts instead, which support flow logging with a retention period of up to 365 days.
C is correct answer
Location: The storage account used must be in the same region as the network security group.
Performance tier: Currently, only standard-tier storage accounts are supported.
we dont need GPv2 account because it not supported yet
The correct answer is B. Storage2. Storage2 is a General Purpose v2 storage account, which supports the retention of logs for up to 365 days. Storage1 is a General Purpose v1 storage account, which supports the retention of logs for up to 30 days. Storage3 is a Blob storage account, which does not support flow logging. Storage4 is a File storage account, which does not support flow logging either.
Answer is B
Retention is available only if you use General purpose v2 Storage accounts (GPv2).
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#how-logging-works:~:text=Retention%20is%20available%20only%20if%20you%20use%20General%20purpose%20v2%20Storage%20accounts%20(GPv2).
Correct Answer is: B
"Retention is available only if you use General purpose v2 Storage accounts (GPv2)"
Reference: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#how-logging-works
"Retention is available only if you use General purpose v2 Storage accounts (GPv2)"
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#how-logging-works
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
alirasouli
Highly Voted 1 year, 10 months agogo4adil
7 months, 1 week agoPanapi
1 year, 6 months agoBobbyMc3030
1 year, 2 months agomacinpune9
1 year, 1 month agoKoyegunle
Highly Voted 1 year, 1 month agotashakori
Most Recent 5 months, 3 weeks agovroh
11 months, 1 week agooopspruu
1 year agoprofesorklaus
1 year agoJanal
1 year, 1 month agoPakawat
1 year, 2 months agoabdelmim
1 year, 4 months agokmsalman
1 year, 4 months agozzreflexzz
1 year, 4 months agoCyberKelev
1 year, 6 months agoSumanSaurabh
1 year, 8 months agowolf13
1 year, 9 months agoMev4953
1 year, 11 months agoEleChie
1 year, 11 months agolebowski
1 year, 12 months ago