Archive Data and Prevent Deletion
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
Instead of a file share, an immutable Blob storage is required.
Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.
Note: Set retention policies and legal holds
1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general- purpose v2 or Blob storage account.
2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
3. To enable time-based retention, select Time-based retention from the drop-down menu.
4. Enter the retention interval in days (acceptable values are 1 to 146000 days).
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manageThe solution described in the question does not meet the stated goal.
Creating a file share and configuring an access policy does not ensure that the archived data cannot be deleted for five years or prevent administrators from deleting the data. Access policies control the permissions for accessing a file share or directory, but they do not prevent data deletion.
To meet the stated goal, you can use the Azure Blob Storage Lifecycle Management feature. This feature allows you to define rules for transitioning blobs between different storage tiers based on their age or other criteria. You can use a combination of tiering and retention policies to meet the requirements.
Specifically, you can use the following steps to meet the requirements:
- Enable blob versioning on the storage account to ensure that previous versions of blobs are not overwritten or deleted.
- Create a blob container for the archived data.
- Set the default access tier for the container to Archive.
- Create a retention policy on the container with a duration of five years. This ensures that the archived data cannot be deleted or modified for the specified duration.
- Use role-based access control (RBAC) to assign permissions to users and groups for managing the storage account and containers. Ensure that only authorized users have the necessary permissions to manage the storage account and containers.
By using the above approach, you can ensure that the archived data is stored in the Archive tier, which is optimized for infrequent access and provides the lowest storage costs. The retention policy ensures that the data cannot be deleted or modified for the specified duration, and the RBAC ensures that only authorized users have the necessary permissions to manage the storage account and containers.
