ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 8 question 2 discussion

Actual exam question from Microsoft's AZ-305
Question #: 2
Topic #: 8
[All AZ-305 Questions]

HOTSPOT -
You plan to migrate App1 to Azure.
You need to recommend a storage solution for App1 that meets the security and compliance requirements.
Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Standard general-purpose v2
Standard general-purpose v2 supports Blob Storage.
Azure Storage provides data protection for Blob Storage and Azure Data Lake Storage Gen2.
Scenario:
Litware identifies the following security and compliance requirements:
✑ Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
✑ On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
✑ Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

✑ App1 must NOT share physical hardware with other workloads.

Box 2: Hierarchical namespace -
Scenario: Plan: Migrate App1 to Azure virtual machines.
Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs).
Data Lake Storage Gen2 and the Network File System (NFS) 3.0 protocol both require a storage account with a hierarchical namespace enabled.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-protection-overview https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview
by WickedMJ at Oct. 10, 2022, 7:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WickedMJ
Highly Voted 2 years, 4 months ago
> Storage account type: " Standard general-purpose v2 " > Configuration: " Hierarchical namespace "
upvoted 39 times
yuhji
2 years ago
Using only hierarchical namespaces does not support ACLs. Therefore, NFS must be used. Azure BLOB storage now supports the new NFS v3.0. https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support-how-to
upvoted 4 times
...
...
techrat
Highly Voted 1 year, 10 months ago
I think the given answer is correct. I had this question on my exam today, I passed exam with 979. my answer to this question is Standard general-purpose v2 Hierarchical namespace
upvoted 23 times
...
[Removed]
Most Recent 3 months, 2 weeks ago
CORRECT
upvoted 1 times
...
OscarFRItz
4 months ago
Hence no NFS. https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview Immutability policies aren't supported in accounts that have Network File System (NFS) 3.0 protocol or the SSH File Transfer Protocol (SFTP) enabled on them.
upvoted 1 times
...
globy118
2 years ago
Exam Question 02/15/2023
upvoted 6 times
...
RandomNickname
2 years, 1 month ago
Given answer looks good
upvoted 3 times
...
adamp54
2 years, 4 months ago
ACLs are not supported with NFSv3 according to: "The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them" https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support Enabling hierarchical namespace is the right answer : "Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs)." https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
upvoted 6 times
_punky_
4 months, 1 week ago
Still not supported: https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support#network-security
upvoted 1 times
...
...
MountainW
2 years, 4 months ago
If the request is to migrate the third party storage solution which support ACL to Azure, I think the answer is Premium file shares and NFSv3. Because the App is running on Linux, NFS makes more sense to me. Standard general purpose v2 does not support NFS.
upvoted 1 times
FabrityDev
2 years, 1 month ago
"Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs)" Data Lake means hierarchical namespace. Besides if you want to use NFSv3 you have to have hierarchical namespaces enabled anyway. So in any scenario hierarchical namespaces are correct. https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
upvoted 2 times
...
np2021
2 years ago
The data is not allowed to be on shared hardware tho, as per the requirements.
upvoted 1 times
...
...
boblina
2 years, 4 months ago
> Storage account type: " Standard general-purpose v2 " > Configuration: " NFSv3 " Source App1 are in a linux server
upvoted 2 times
FabrityDev
2 years, 1 month ago
"Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs)" Data Lake means hierarchical namespace. Besides if you want to use NFSv3 you have to have hierarchical namespaces enabled anyway. So in any scenario hierarchical namespaces are correct. https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
upvoted 6 times
...
MountainW
2 years, 4 months ago
1. Storage account type: " Standard general-purpose v2 " Standard general purpose v2 does not support NFS. So 2 is not NFSV3 https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago