Technical Lab: Perform Backup and Restore Operations by Using Azure Backup
Questionsβ
Question 1 β Multiple Choiceβ
An operations team needs to ensure that virtual machines in different Azure regions are protected by Azure Backup, with backup data stored in the same region as the VMs to meet data sovereignty compliance requirements.
What type of replication should be configured in the Recovery Services Vault?
A) Geo-Redundant Storage (GRS), as it automatically replicates data to a paired region, ensuring high availability.
B) Locally Redundant Storage (LRS), as it keeps backup data within the same region as the protected VMs.
C) Zone-Redundant Storage (ZRS), as it distributes data across availability zones without replicating to another region.
D) Read-Access Geo-Redundant Storage (RA-GRS), as it allows reading data in the secondary region without violating compliance.
Question 2 β Technical Scenarioβ
An administrator configured Azure Backup to protect a database server on a Windows VM. After 30 days, they notice that the oldest recovery points are being automatically deleted before the expected timeframe defined by the retention policy.
The policy configured in the portal is as follows:
Backup frequency: Daily at 23:00 UTC
Daily recovery point retention: 90 days
Weekly recovery point retention: Not configured
Monthly recovery point retention: Not configured
After investigation, the administrator discovers that the VM is associated with two backup items in different vaults, and the effectively applied policy is from another vault with 30-day retention.
What is the root cause of the observed behavior?
A) Azure Backup automatically applies the most restrictive policy when a VM is registered in more than one vault.
B) The VM is being protected by the vault with the 30-day policy, and the vault with the 90-day policy is not effectively backing up this VM.
C) Azure Backup merges the retention policies from both vaults and applies the average between the configured periods.
D) The 90-day retention only takes effect after configuring weekly and monthly points in the policy.
Question 3 β True or Falseβ
Azure Backup's Soft Delete, when enabled in a Recovery Services Vault, protects backup data even after deleting the protected item, retaining data for an additional 14 days without storage costs during this period.
Question 4 β Technical Scenarioβ
An organization performs daily backups of 20 VMs using Azure Backup. During a disaster recovery exercise, the infrastructure team attempts to restore a VM to a different virtual network from the original, in a distinct subscription, but within the same region.
When starting the operation in the portal, the administrator receives an error indicating that the operation cannot be completed with current permissions.
Error: The client does not have authorization to perform action
'Microsoft.Compute/virtualMachines/write' on the target subscription.
What is the most likely cause and appropriate correction?
A) Azure Backup does not support restoration between different subscriptions; it's necessary to manually export the disk via portal.
B) The administrator needs the Backup Operator role in the target subscription for cross-subscription restoration to be authorized.
C) The administrator has permissions in the source vault but does not have the appropriate role in the resource group or target subscription where the VM will be created.
D) Restoration to a different virtual network requires the target vault to be configured with GRS replication enabled.
Question 5 β Multiple Choiceβ
An administrator needs to ensure that individual files can be recovered from a Linux VM protected by Azure Backup, without restoring the entire disk. Which functionality should be used and what is its main limitation in this context?
A) Restore Disk: allows recovering individual files by mounting the restored disk on another VM, but requires the target VM to be in the same region as the vault.
B) File Recovery (Item-Level Recovery): allows mounting the recovery point as a volume on the original VM or another VM, but the mounting script is valid for 12 hours.
C) Instant Restore: allows immediate access to individual files directly from the snapshot without needing scripts, with no access time limitation.
D) Cross-Region Restore: allows recovering files in any region by mounting the recovery point as a temporary volume on the target VM.
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
The central requirement is data sovereignty, which prohibits backup data from being replicated outside the source region. LRS stores three copies of data within a single datacenter in the same region, satisfying this requirement.
GRS and RA-GRS automatically replicate to a paired region, which violates the requirement that data remain in the same region. ZRS distributes across availability zones in the same region and would technically be compatible with sovereignty, but Recovery Services Vault doesn't offer ZRS as a backup storage replication option in all regions; additionally, the question requires evaluating the option that precisely ensures regional confinement, with LRS being the most direct for this purpose.
The common error here is associating GRS with "more secure" without considering that geographic security may conflict with regulatory compliance.
Answer Key β Question 2β
Answer: B
In Azure Backup, each vault independently manages the policy applied to items registered in it. When a VM appears as a backup item in two vaults, only the vault that is actively running backups applies its policy. The vault with the 90-day policy may have the item registered, but if backups are not being executed by it, its retention parameters have no practical effect.
Alternative A is false: Azure Backup does not have conflict resolution logic between policies from different vaults. Alternative C is false: there is no policy merging. Alternative D is false: daily retention is independent of weekly or monthly retention configuration.
The real consequence of not identifying this scenario is believing data is protected for 90 days when, in practice, it's being discarded in 30.
Answer Key β Question 3β
Answer: False
The statement contains a specific error: Soft Delete retains data for 14 additional days, which is correct, but storage during this period is charged normally. Microsoft does not exempt storage costs for data in soft delete state.
This is an important operational misconception: administrators who assume the soft delete retention period is free may have billing surprises, especially in environments with large volumes of deleted items awaiting expiration.
Answer Key β Question 4β
Answer: C
Azure Backup supports cross-subscription restoration as long as the principal performing the operation has necessary permissions both in the source vault and in the target resource group or subscription. The error Microsoft.Compute/virtualMachines/write explicitly indicates lack of write permission at the destination, not a functionality limitation per se.
Alternative A is false: cross-subscription restoration is supported. Alternative B is imprecise: the Backup Operator role has scope over backup operations in the vault, not over compute resource creation in the target subscription. Alternative D is false: vault replication configuration is not a requirement for restoration to a different virtual network.
The distinction between permissions in the source vault and permissions in the target resource is frequently overlooked in cross-subscription restoration scenarios.
Answer Key β Question 5β
Answer: B
Azure Backup's File Recovery functionality allows mounting a recovery point as an iSCSI volume on the VM, enabling individual file recovery without restoring the complete disk. The main documented limitation is that the generated mounting script is valid for 12 hours, after which access to the volume is automatically terminated.
Alternative A incorrectly describes Restore Disk, which is not the individual file recovery mechanism and doesn't have this mounting behavior. Alternative C is incorrect: Instant Restore accelerates restoration using local snapshots but doesn't eliminate the need for mounting scripts to access individual files. Alternative D confuses Cross-Region Restore with File Recovery; Cross-Region Restore is a complete restoration modality to a secondary region, not a file access mechanism.