Microsoft Azure Architect Design (AZ-304) Practice Test

If you need to ensure that archived data in Azure Storage cannot be deleted for five years, which action should you take?

• A. Create an Azure Blob storage container and set a legal hold
• B. Create a file share and take snapshots
• C. Create a file share and set an access policy
• D. Create an Azure Blob storage container and use a retention policy with a lock

The correct answer is: Create an Azure Blob storage container and use a retention policy with a lock

To ensure that archived data in Azure Storage cannot be deleted for five years, implementing a retention policy with a lock on an Azure Blob storage container is the most effective approach. This method allows you to define a retention period during which data cannot be modified or deleted, thus adhering to regulatory and compliance requirements. By using a retention policy with a lock, you can specify that the data is protected from being deleted or altered for a set duration—five years in this case. Once the policy is enacted, it enforces the immutability of the data, providing assurance that the information will remain intact and safe from any accidental or unauthorized deletion. In contrast, while a legal hold can prevent deletion, it is typically used in specific legal or compliance contexts and doesn't have the same assurance of long-term immutability as a retention policy with a lock. Taking snapshots of a file share can create point-in-time copies, but does not prevent the original data from being deleted. Setting an access policy on a file share would control permissions but not provide the same level of protection against deletion. Therefore, using a retention policy with a lock is the best choice for long-term data protection in this scenario.