ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 4 question 11 discussion

Actual exam question from Microsoft's AZ-304
Question #: 11
Topic #: 4
[All AZ-304 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Use an Azure Blob storage container, but use a time-based retention policy instead of a legal hold.
Note:
Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the data non-erasable and non-modifiable for a user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available for general-purpose v2 and Blob storage accounts in all Azure regions.
Note: Set retention policies and legal holds
1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general- purpose v2 or Blob storage account.
2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
3. Either
✑ To enable legal holds, select Add Policy. Select Legal hold from the drop-down menu, or
✑ To enable time-based retention, select Time-based retention from the drop-down menu.
4. Enter the retention interval in days (acceptable values are 1 to 146000 days).
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage
by speedminer at Sept. 6, 2020, 3:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BoxMan
Highly Voted 4 years, 6 months ago
No is correct. The question clearly states that even Admins can't delete the data. With a legal hold the tags can be removed and therefore the data can be modified/deleted. With a time-based policy the data is immutable. FAQs on this pose the question with clear responses: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage#faq "Can I remove a locked time-based retention policy or legal hold? Only unlocked time-based retention policies can be removed from a container. Once a time-based retention policy is locked, it cannot be removed; only effective retention period extensions are allowed. Legal hold tags can be deleted. When all legal tags are deleted, the legal hold is removed."
upvoted 32 times
nesith
4 years, 5 months ago
however, once the retention period is over , you can delete the blob but can't edit it
upvoted 1 times
17Master
3 years, 2 months ago
no is correct
upvoted 1 times
...
...
...
Vippsy
Highly Voted 4 years, 7 months ago
The answer is No. Legal Hold will do the job, but Microsoft best practice says that if you know the time period then create a Time Based Retention Policy. If you dont know how long the data needs to be kept without being able to modify or delete then create a Legal Hold.
upvoted 11 times
pentium75
3 years, 9 months ago
Legal Hold will NOT do the job, as the requirement is that we must "prevent administrators from deleting the data". Administrators can remove the Legal Hold policy.
upvoted 8 times
...
...
Dawn7
Most Recent 3 years, 2 months ago
Selected Answer: B
I would choose NO
upvoted 1 times
...
SATPro
3 years, 6 months ago
No is correct answer.
upvoted 1 times
...
syu31svc
3 years, 7 months ago
Answer is No Use time based retention policy instead https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage
upvoted 2 times
...
malyaban
4 years, 1 month ago
Legal Hold is wrong try it. This is only about preventing deletion over a time period. Retention Policy is the only option
upvoted 1 times
...
AKumar
4 years, 2 months ago
Time-Based retention policy- When time is known. Legal Hold- When the time is unknown. As the question clearly states 5year time, the Answer is no.
upvoted 5 times
...
Firedragon
4 years, 3 months ago
B. No https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage Immutable storage supports the following features: Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten. Legal hold policy support: If the retention interval is not known, users can set legal holds to store immutable data until the legal hold is cleared. When a legal hold policy is set, blobs can be created and read, but not modified or deleted. Each legal hold is associated with a user-defined alphanumeric tag (such as a case ID, event name, etc.) that is used as an identifier string.
upvoted 2 times
...
glam
4 years, 3 months ago
B. No Time-based retention policy support is required
upvoted 3 times
...
Blaaa
4 years, 4 months ago
Correct
upvoted 2 times
...
mchint01
4 years, 7 months ago
If time interval is specified - go for time based rentention policy else go for legal hold. Since time is specified here, answer would be yes.. Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten. Legal hold policy support: If the retention interval is not known, users can set legal holds to store immutable data until the legal hold is cleared. When a legal hold policy is set, blobs can be created and read, but not modified or deleted. Each legal hold is associated with a user-defined alphanumeric tag (such as a case ID, event name, etc.) that is used as an identifier string. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage#:~:text=Time%2Dbased%20retention%20policy%20support,but%20not%20modified%20or%20deleted.&text=When%20a%20legal%20hold%20policy,but%20not%20modified%20or%20deleted.
upvoted 6 times
certmonster
4 years, 7 months ago
So it should be NO, right, because time is specified?
upvoted 2 times
pentum7
4 years, 6 months ago
correct
upvoted 1 times
...
...
...
speedminer
4 years, 8 months ago
Seems like the very next question/answer seems to say this is correct.
upvoted 1 times
speedminer
4 years, 8 months ago
Well...I guess the steps indicate that you would first create a time based retention policy, then a legal hold....so I'm unsure if this step assumes you'd make the time based retention policy first like the steps in https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage?tabs=azure-portal or just make a legal hold.
upvoted 1 times
speedminer
4 years, 8 months ago
Legal hold: Immutable storage for Azure Blob storage enables users to store sensitive information that is critical to litigation or business use in a tamper-proof state for the desired duration until the hold is removed. This feature is not limited only to legal use cases but can also be thought of as an event-based hold or an enterprise lock, where the need to protect data based on event triggers or corporate policy is required. Legal hold policy support: If the retention interval is not known, users can set legal holds to store immutable data until the legal hold is cleared. When a legal hold policy is set, blobs can be created and read, but not modified or deleted. Each legal hold is associated with a user-defined alphanumeric tag (such as a case ID, event name, etc.) that is used as an identifier string. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage
upvoted 2 times
speedminer
4 years, 8 months ago
Based on that info, it does seem that turning on a legal hold would prevent the data from being deleted until the legal hold policy was removed, even without the time retention policy.
upvoted 1 times
speedminer
4 years, 8 months ago
This should accomplish the requirements. The legal hold policy when applied to the data will both store it/preserve it from being deleted by anyone.
upvoted 1 times
Jonnerzzz
4 years, 7 months ago
Hi Speedminer. The requirement is to ensure data retention for 5 years. The legal hold can be applied and removed - so the data can then be deleted. As such, this approach does not meet the requirement and therefore the answer is B: No
upvoted 6 times
...
...
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago