Azure Storage Exam Tips

Primary service:

• Azure Storage
• This summary consolidates the most exam-relevant Azure Storage concepts, design principles, and architecture insights.

Official documentation hub:

1️⃣ Storage Account Fundamentals#

A storage account is a top-level Azure resource that hosts multiple storage services:

• Blob Storage
• Azure Files
• Queues
• Tables

It defines:

• Performance tier
• Redundancy model
• Security settings
• Networking rules
• Lifecycle configuration

2️⃣ Performance Tiers#

🔹 Standard (General Purpose v2 – Default)#

• Most common
• Cost-effective
• Supports all services
• Required for lifecycle management
• Recommended for most workloads

🔹 Premium#

• Low latency
• High IOPS
• SSD-backed

Used for:

• Premium Blob
• Premium Files
• High-performance scenarios

Docs:

3️⃣ Redundancy Options (Critical Exam Topic)#

Redundancy determines durability and availability.

🔹 LRS (Locally Redundant Storage)#

• 3 copies
• Same availability zone
• Cheapest option
• No zone or region protection

🔹 ZRS (Zone-Redundant Storage)#

Copies across availability zones

Survives zone failure

🔹 GRS (Geo-Redundant Storage)#

Replicates to secondary region

3 copies in primary + 3 in secondary

🔹 GZRS (Geo-Zone-Redundant Storage)#

• ZRS in primary region
• LRS in secondary region
• Highest durability

🔹 RA-GZRS (Read-Access GZRS)#

• Same as GZRS
• Secondary region readable

Docs:

4️⃣ Azure Blob Storage (Object Storage)#

Primary service:

• Azure Blob Storage

Structure:

• Storage Account → Blob Service → Container → Blob

Important:

• Flat namespace
• “Folders” = prefixes
• Object-based storage
• HTTP/HTTPS access

5️⃣ Object Replication (Blob Replication)#

Requirements:

• ✔ Versioning enabled on source & destination ✔ Change feed enabled on source ✔ Replication policy configured

Facts:

• Asynchronous
• Source can replicate to up to 2 destinations
• Can filter via prefix
• Cross-region, cross-subscription, cross-tenant supported

Docs:

6️⃣ Blob Lifecycle Management#

Requires:

• General Purpose v2 account

Supported blob types:

• Block blobs
• Append blobs
• Base blobs
• Snapshots
• Versions

Uses:

• IF–THEN logic

Supports:

• Move to Cool
• Move to Cold
• Move to Archive
• Delete

Filters:

• Prefix
• Blob index tags
• Last modified time
• Creation time
• Last access time

Docs:

7️⃣ Storage Security Model#

Security layers:

🔹 Encryption at Rest#

Default:

Storage Service Encryption (AES-256)

🔹 Management Plane vs Data Plane#

Management Plane#

Storage account configuration

Controlled by Azure RBAC

Data Plane#

• Blobs
• Files
• Queues
• Tables

Controlled by:

• Access Keys
• SAS
• Entra ID

🔹 Access Keys#

• Full control
• Two keys (rotation model)
• Not least privilege

🔹 Shared Access Signature (SAS)#

• Scoped access
• Time-limited
• IP restricted
• Protocol restricted

🔹 Microsoft Entra Authentication#

• Role-based access control
• More secure
• Recommended over keys

Docs:

8️⃣ Azure Files Overview#

Primary service:

• Azure Files

Key characteristics:

• ✔ Managed SMB/NFS file share ✔ True hierarchical file system ✔ Supports Windows, Linux, macOS ✔ Can mount as network drive

Unlike Blob:

• Real file system
• NTFS permissions
• POSIX (NFS) support

Docs:

9️⃣ Azure Files Protection#

🔹 Snapshots#

• Entire share
• Read-only
• Incremental
• Restore individual files or full share

🔹 Soft Delete#

• Protects deleted shares
• Retention: 1–365 days
• Does NOT protect individual file deletions

Docs:

🔟 Identity-Based Authentication (Azure Files)#

Options:

• AD DS
• Entra Domain Services
• Entra Kerberos

Important:

• ✔ Controls share-level access ❗ Does NOT replace NTFS ACL

Two layers:

• Share-level RBAC
• File-level NTFS permissions

Docs:

1️⃣1️⃣ Storage Utilities#

🔹 Azure Storage Explorer (GUI)#

• Azure Storage Explorer
• Visual interface
• Uses AzCopy under the hood
• Manage containers, shares, snapshots

🔹 AzCopy (CLI)#

• AzCopy
• High-performance data transfer
• Scriptable
• Entra authentication supported
• Used for automation and migration

Difference:

• Storage Explorer = GUI AzCopy = Automation & scripting

Docs:

1️⃣2️⃣ Common Exam Pitfalls#

🚩 Soft delete protects individual files → False 🚩 Snapshots are full copies → False 🚩 Blob folders are real directories → False 🚩 Lifecycle works on all storage types → False (Blob only) 🚩 Identity-based auth replaces NTFS → False 🚩 Access keys provide least privilege → False

1️⃣3️⃣ High-Yield Design Patterns for Exam#

Cost Optimization Pattern#

• GPv2 account
• Lifecycle policies
• Cool → Archive movement

High Availability Pattern#

RA-GZRS

Cross-region read access

Secure Enterprise Pattern#

• Entra ID authentication
• RBAC
• Disable key access
• Private endpoints

Hybrid File Server Pattern#

• Azure Files + AD DS
• NTFS ACLs
• Snapshots + Soft Delete

1️⃣4️⃣ Mental Model for Exam#

Think in layers:

• Storage Account → Performance → Redundancy → Security → Lifecycle → Data Protection → Identity → Utilities
• Each exam question typically touches 2–3 of these layers simultaneously.

Final Takeaway#

For exam success, master:

• ✔ Storage account architecture ✔ Redundancy models ✔ Blob lifecycle + replication ✔ Management vs data plane security ✔ Azure Files authentication & protection ✔ Storage Explorer vs AzCopy differences

Azure Storage questions often test:

• Design decisions, not just definitions.

If you'd like next:

• 🧠 40 Azure Storage scenario-based exam questions
• 📊 Redundancy decision tree cheat sheet
• 🔐 Storage security comparison table
• 🏗 Real-world architecture diagrams
• 💰 Cost optimization deep dive
• Tell me your goal (AZ-104, AZ-204, or architecture mastery).