Microsoft Azure Architect Design (AZ-304) Practice Test

What solution is inadequate for ensuring that archived data in Azure Storage cannot be deleted by administrators?

• A. Create a file share and use snapshots
• B. Create a file share and configure an access policy
• C. Create a blob storage container with a legal hold access policy
• D. Create a blob storage container without any policies

The correct answer is: Create a file share and configure an access policy

The choice to create a file share and configure an access policy is inadequate for ensuring that archived data in Azure Storage cannot be deleted by administrators because access policies primarily focus on permissions and access controls rather than providing a comprehensive protection mechanism against deletion. While access policies can restrict who can access or modify the data, they do not prevent all administrators from having the ability to delete data if they possess the necessary permissions. In contrast, utilizing a blob storage container with a legal hold access policy is a more effective solution. A legal hold effectively prevents the deletion of data until the hold is lifted, regardless of the permissions granted to an administrator. This mechanism is specifically designed for compliance and regulatory needs, ensuring that critical data is retained as required by law or policy. Creating a file share with snapshots allows for backup and recovery but does not inherently protect against deletion actions taken by users with the right permissions. Finally, a blob storage container without any policies offers minimal management controls and does not ensure the safety of the archived data, as there would be no restrictions on deletion or modification.