Technical Lab: Configure backup for an App Service
Questionsβ
Question 1 β Multiple Choiceβ
An operations team needs to configure automatic backup for an App Service that uses a linked SQL database. When trying to enable the backup functionality, the button appears disabled in the Azure portal.
What is the most likely cause of this behavior?
A) The App Service is in a region that doesn't support automatic backup.
B) The App Service is on a Free or Shared plan, which don't support backups.
C) There is no Managed Identity configured for the App Service.
D) The destination Storage Account is in a different region from the App Service.
Question 2 β Technical Scenarioβ
An administrator configured automatic backup for an App Service with the following definition:
Retention: 30 days
Frequency: every 4 hours
Start time: 00:00 UTC
Keep at least one backup: enabled
After 35 days, the administrator verifies that backups older than 30 days still exist in the Storage Account. What is the correct explanation for this behavior?
A) The retention period was ignored because the backup frequency is less than 24 hours.
B) The "keep at least one backup" option ensures that the oldest backup will not be deleted even after the retention period.
C) Database-linked backups are never automatically deleted, regardless of retention configuration.
D) The Storage Account has soft delete enabled, preventing deletion of backup blobs.
Question 3 β True or Falseβ
An App Service backup generated by Azure's native backup feature automatically captures all File System content of the application, application settings (App Settings) and Connection Strings, without any additional configuration.
Question 4 β Technical Scenarioβ
An administrator needs to restore an App Service from an existing backup in the Storage Account. During the restoration process in the Azure portal, they select the option to restore to the same App Service (overwrite). What behavior should be expected during the operation?
A) The restoration automatically fails if the App Service is receiving active traffic at the time.
B) The App Service is temporarily placed in offline mode during restoration, and the current content is replaced by the backup content.
C) The App Service continues running normally throughout the entire restoration; the content is atomically swapped at the end.
D) The restoration creates a temporary deployment slot for validation before replacing the production slot.
Question 5 β Multiple Choiceβ
When configuring backup for an App Service, the administrator needs to define a valid SAS URL pointing to a container in the Storage Account. Which alternative correctly describes the minimum permission requirements this SAS must have for backups to function properly?
A) Only read permission, as Azure manages writing internally.
B) Read and write permissions on the container.
C) Read, write and delete permissions on the container.
D) Full control permission over the Storage Account, not just the container.
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
The App Service automatic backup feature requires the application to be on a Basic, Standard, Premium or Isolated plan. Free and Shared plans don't provide this functionality, and the portal simply disables the configuration interface in these cases. The absence of Managed Identity (alternative C) doesn't block backup, which uses SAS URL. The Storage Account region (alternative D) may affect latency but doesn't prevent configuration. Regional restrictions on native backup (alternative A) don't exist as a cause for interface blocking.
Answer Key β Question 2β
Answer: B
When the "keep at least one backup" option is enabled, Azure ensures that the oldest backup is never deleted, even if it exceeds the configured retention period. This behavior is intentional to prevent the retention policy from resulting in total absence of backups during critical windows. Alternative D is plausible, as blob soft delete can retain deleted data, but the scenario describes a visibly present backup, not a blob in pending deletion state. Alternatives A and C describe behaviors that don't exist in the platform.
Answer Key β Question 3β
Answer: False
The App Service native backup automatically captures the application's File System content. However, App Settings and Connection Strings are not included in the backup by default: they are captured only if the corresponding option is explicitly marked during configuration. Additionally, linked databases (SQL Database, MySQL) also need to be manually added to the backup configuration. Assuming everything is automatically captured is a common misconception that can result in incomplete restorations.
Answer Key β Question 4β
Answer: B
When restoring a backup to the same App Service, Azure temporarily stops the application, replaces the File System content with the backup content, and restarts the service at the end. There is no atomic swap without downtime (alternative C), and no temporary deployment slot is automatically created by the restoration process (alternative D). Alternative A is incorrect as Azure doesn't check for active traffic presence to block the operation; the responsibility for planning the maintenance window belongs to the administrator.
Answer Key β Question 5β
Answer: C
The SAS URL used by App Service backup needs read, write and delete permissions on the container. Delete permission is necessary because the retention management process needs to remove old backups that exceed the configured period. A SAS with only read and write (alternative B) would allow creating new backups but would silently fail in cleaning up expired backups. Full control over the Storage Account (alternative D) represents excessive permission granting and goes against the principle of least privilege.