Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 8 question 2 discussion

Actual exam question from Microsoft's AZ-305

Question #: 2
Topic #: 8

HOTSPOT -
You plan to migrate App1 to Azure.
You need to recommend a storage solution for App1 that meets the security and compliance requirements.
Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer

Suggested Answer:

Box 1: Standard general-purpose v2
Standard general-purpose v2 supports Blob Storage.
Azure Storage provides data protection for Blob Storage and Azure Data Lake Storage Gen2.
Scenario:
Litware identifies the following security and compliance requirements:
✑ Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
✑ On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
✑ Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

✑ App1 must NOT share physical hardware with other workloads.

Box 2: Hierarchical namespace -
Scenario: Plan: Migrate App1 to Azure virtual machines.
Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs).
Data Lake Storage Gen2 and the Network File System (NFS) 3.0 protocol both require a storage account with a hierarchical namespace enabled.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-protection-overview https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview

by WickedMJ at Oct. 10, 2022, 7:01 a.m.

Comments

Submit Cancel

WickedMJ

Highly Voted 2 years, 1 month ago

> Storage account type: " Standard general-purpose v2 " > Configuration: " Hierarchical namespace "

upvoted 39 times

yuhji

1 year, 10 months ago

Using only hierarchical namespaces does not support ACLs. Therefore, NFS must be used. Azure BLOB storage now supports the new NFS v3.0. https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support-how-to

upvoted 4 times

...

techrat

Highly Voted 1 year, 7 months ago

I think the given answer is correct. I had this question on my exam today, I passed exam with 979. my answer to this question is Standard general-purpose v2 Hierarchical namespace

upvoted 22 times

...

SeMo0o0o0o

Most Recent 2 weeks, 6 days ago

CORRECT

upvoted 1 times

...

OscarFRItz

1 month ago

Hence no NFS. https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview Immutability policies aren't supported in accounts that have Network File System (NFS) 3.0 protocol or the SSH File Transfer Protocol (SFTP) enabled on them.

upvoted 1 times

...

globy118

1 year, 9 months ago

Exam Question 02/15/2023

upvoted 6 times

...

RandomNickname

1 year, 10 months ago

Given answer looks good

upvoted 3 times

...

adamp54

2 years, 1 month ago

ACLs are not supported with NFSv3 according to: "The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them" https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support Enabling hierarchical namespace is the right answer : "Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs)." https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

upvoted 6 times

_punky_

1 month, 1 week ago

Still not supported: https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support#network-security

upvoted 1 times

...

MountainW

2 years, 1 month ago

If the request is to migrate the third party storage solution which support ACL to Azure, I think the answer is Premium file shares and NFSv3. Because the App is running on Linux, NFS makes more sense to me. Standard general purpose v2 does not support NFS.

upvoted 1 times

FabrityDev

1 year, 10 months ago

"Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs)" Data Lake means hierarchical namespace. Besides if you want to use NFSv3 you have to have hierarchical namespaces enabled anyway. So in any scenario hierarchical namespaces are correct. https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

upvoted 2 times

...

np2021

1 year, 9 months ago

The data is not allowed to be on shared hardware tho, as per the requirements.

upvoted 1 times

...

boblina

2 years, 1 month ago

> Storage account type: " Standard general-purpose v2 " > Configuration: " NFSv3 " Source App1 are in a linux server

upvoted 2 times

FabrityDev

1 year, 10 months ago

upvoted 6 times

...

MountainW

2 years, 1 month ago

1. Storage account type: " Standard general-purpose v2 " Standard general purpose v2 does not support NFS. So 2 is not NFSV3 https://learn.microsoft.com/en-us/azure/storage/blobs/network-file-system-protocol-support.

upvoted 2 times

...