Az-900 Guide

June 2025 —
Azure, AZ-900, Certification, Exam, Quiz, Fundamentals, IT, Sysadmin

Skills measured as of January 23, 2024

Audience profile

As a candidate for this exam, you’re a technology professional who wants to demonstrate foundational knowledge of cloud concepts in general and Microsoft Azure in particular. This exam is a common starting point in a journey towards a career in Azure.

You can describe Azure architectural components and Azure services, such as:

Compute
Networking
Storage

You can also describe features and tools to secure, govern, and administer Azure.

You should have skills and experience working with an area of IT, such as:

Infrastructure management
Database management
Software development

Skills at a glance

Describe cloud concepts (25–30%)
Describe Azure architecture and services (35–40%)
Describe Azure management and governance (30–35%)

Describe cloud concepts (25–30%)

Describe cloud computing

Define cloud computing: On-demand delivery of IT resources over the internet with pay-as-you-go pricing.
Describe the shared responsibility model: Cloud providers secure infrastructure; users secure data, OS, and apps based on service type.
Define cloud models, including public, private, and hybrid:
- Public: shared infra.
- Private: exclusive infra.
- Hybrid: mix of both for flexibility.
Identify appropriate use cases for each cloud model:
- Public: scalable apps.
- Private: sensitive data.
- Hybrid: compliance or diverse workloads.
Describe the consumption-based model: Pay only for what you use; no upfront costs or overprovisioning.
Compare cloud pricing models:
- Pay-as-you-go: flexible.
- Reserved Instances: cheaper for fixed terms.
- Spot Instances: low-cost unused capacity.
Describe serverless: Cloud runs code automatically, scaling as needed; no server management.

Describe the benefits of using cloud services

Describe the benefits of high availability and scalability in the cloud: Ensures uptime, handles demand spikes seamlessly, and reduces downtime.
Describe the benefits of reliability and predictability in the cloud: Redundant systems ensure consistency; predictable costs with usage-based pricing.
Describe the benefits of security and governance in the cloud: Built-in compliance tools, advanced threat protection, and access controls.
Describe the benefits of manageability in the cloud: Centralized management with automated updates, monitoring, and resource optimization.

Describe cloud service types

Describe infrastructure as a service (IaaS): Provides virtualized computing resources like VMs, storage, and networks; user manages OS and apps.
Describe platform as a service (PaaS): Provides a managed platform for app development, with tools, runtime, and hosting; no server management.
Describe software as a service (SaaS): Fully managed software delivered over the internet; users access apps without managing infrastructure.
Identify appropriate use cases for each cloud service type (IaaS, PaaS, and SaaS):
- IaaS: Hosting VMs, backup storage.
- PaaS: App development, testing.
- SaaS: Email, collaboration tools like Office 365.

Here’s how Contoso Electronics could leverage each cloud service type to migrate their old Testing/QA Server 2012 R2 to Azure, with examples:

IaaS: Contoso could create a virtual machine (VM) in Azure running Windows Server. They manage the OS, apps, and updates.

Example: Azure Virtual Machines
Analogy: OpenStack or Proxmox. These provide virtualized infrastructure where you manage VMs, storage, and networking.

PaaS: If the testing/QA workload involves a specific app, Contoso could migrate the app to an Azure App Service or Azure DevTest Labs, removing the need to manage the underlying OS.

Example: Azure App Service
Analogy: Red Hat OpenShift or Heroku (Linux-based environments). These platforms let you deploy and manage applications with containerization or built-in frameworks.

SaaS: For simpler QA/testing needs, Contoso could use SaaS-based testing tools (e.g., Azure DevOps Test Plans) without managing infrastructure or platforms.

Example: Azure DevOps
Analogy: Nextcloud or GitLab hosted (when using a managed service). These are end-user applications delivered as fully managed services, just like Office 365 or Google Workspace.

Each analogy aligns with control levels:

IaaS = Full control (like your own virtualized datacenter).
PaaS = App-first focus (abstracts infrastructure).
SaaS = Just consume the service.

Describe Azure architecture and services (35–40%)

Describe the core architectural components of Azure

Describe Azure regions, region pairs, and sovereign regions:
- Regions: Geographical areas with datacenters.
- Region pairs: Linked regions for disaster recovery.
- Sovereign regions: Comply with local laws (e.g., China, Germany).
Describe availability zones: Physically separate datacenters within a region, offering high availability and fault tolerance.
Describe Azure datacenters: Secure facilities housing servers and infrastructure, powering Azure services globally.
Describe Azure resources and resource groups:
- Resources: Azure services like VMs or storage.
- Resource groups: Logical containers to manage related resources.
Describe subscriptions: Units of billing, resource organization, and access management in Azure.
Describe management groups: Containers to organize multiple subscriptions, applying governance and policies at scale.
Describe the hierarchy of resource groups, subscriptions, and management groups:
- Management groups
- Subscriptions
  - Resource groups
  - Resources; defines control and organization levels.

Describe Azure compute and networking services

Compare compute types, including containers, virtual machines, and functions:
- VMs: Full control, customizable OS.
- Containers: Lightweight, portable app environments.
- Functions: Event-driven, serverless compute.
Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop:
- Azure VMs: Customizable virtual servers.
- Scale Sets: Autoscaling for multiple VMs.
- Availability Sets: Group VMs for high availability.
- Azure Virtual Desktop: Cloud-hosted desktops.
Describe the resources required for virtual machines: VMs need CPU, memory, storage, OS image, and networking components (e.g., NICs, IPs).
Describe application hosting options, including web apps, containers, and virtual machines:
- Web Apps: PaaS for hosting websites.
- Containers: Portable, efficient app hosting.
- VMs: Full-stack app hosting with more control.
Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute:
- Virtual Networks: Private Azure network.
- Subnets: Subdivisions of networks.
- Peering: Connects virtual networks.
- Azure DNS: Domain name services.
- VPN Gateway: Secure on-premises to cloud connections.
- ExpressRoute: Dedicated high-speed connectivity to Azure.
Define public and private endpoints:
- Public endpoints: Expose services to the internet.
- Private endpoints: Securely access Azure services via private IPs.

Describe Azure storage services

Compare Azure Storage services:
- Blob: Unstructured data.
- File: Shared network file storage.
- Queue: Message queuing for apps.
- Table: NoSQL key-value storage.
Describe storage tiers:
- Hot: Frequent access.
- Cool: Infrequent access, lower cost.
- Archive: Rare access, cheapest, slower retrieval.
Describe redundancy options:
- LRS (Locally Redundant Storage):
- Use case: Best for data that doesn't need to be replicated outside the region (e.g., backups for compliance in a single location).
- Example: Storing daily backups of a local office application server.
ZRS (Zone-Redundant Storage):
- Use case: Critical data requiring high availability within a single Azure region, protected against datacenter failures.
- Example: Hosting a website's static assets, ensuring uptime in case one datacenter fails.
GRS (Geo-Redundant Storage):
- Use case: Ensures disaster recovery for critical workloads, replicating data to a secondary region.
- Example: Storing financial transaction logs for a global e-commerce site.
RA-GRS (Read-Access Geo-Redundant Storage):
- Use case: Same as GRS but allows read access to the secondary region, improving performance for global reads.
- Example: A news website serving cached articles to readers worldwide during a primary region outage.
Describe storage account options and storage types:
Storage accounts: General-purpose (v1/v2) or Blob-specific.
Types: Standard (HDD), Premium (SSD).
Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync:
- AzCopy: CLI for bulk file transfers.
- Storage Explorer: GUI for managing Azure Storage.
- File Sync: Sync on-premises files with Azure.
Describe migration options, including Azure Migrate and Azure Data Box:
- Azure Migrate: Assess and migrate workloads to Azure.
- Data Box: Physical appliance for large data transfers.

Describe Azure identity, access, and security

Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services:
- Microsoft Entra ID: Azure's identity management platform for SSO, MFA, and user authentication.
- Entra Domain Services: Managed Active Directory-compatible domain services in Azure.
Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless:
- SSO: One login for multiple apps.
- MFA: Verifies identity using multiple factors (e.g., password + SMS).
- Passwordless: Authenticates via biometrics or device-based methods.
Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C):
- B2B: Securely collaborate with external partners using Entra ID.
- B2C: Manage customer identities with self-service sign-up and authentication.
Describe Microsoft Entra Conditional Access:
- Policies to enforce access control based on conditions like location, device, or risk.
Describe Azure role-based access control (RBAC): Manage access by assigning roles to users, groups, or apps at a granular level (e.g., Reader, Contributor).
Describe the concept of Zero Trust: Trust nothing, verify everything: enforce strict identity, device, and access verification.
Describe the purpose of the defense-in-depth model: Multi-layered security approach, protecting resources at all levels (e.g., network, identity, application).
Describe the purpose of Microsoft Defender for Cloud: Monitors and secures cloud resources, detects threats, and enforces security best practices.

Describe Azure management and governance (30–35%)

Describe cost management in Azure

Describe factors that can affect costs in Azure: Factors include resource type, region, storage/compute tiers, bandwidth, reserved instances, and usage patterns.
Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator:
- Pricing Calculator: Estimates costs for specific Azure resources.
- TCO Calculator: Compares on-premises vs. Azure costs to determine long-term savings.
Describe cost management capabilities in Azure: Tools to track, analyse, and optimize spending, including budgets, alerts, and recommendations.
Describe the purpose of tags: Tags categorize resources for cost tracking, organization, and governance (e.g., by department or project).

Tags in Azure are key-value pairs that users create to organize and manage their resources. They're flexible and customizable, making them useful for filtering, reporting, and governance. Here are some examples of commonly used tags:

Role-Based Tags

Key: Role, Value: QA Database
Key: Environment, Value: Production
Key: Function, Value: Web Server

Cost and Budget Management Tags

Key: CostCenter, Value: 12345
Key: Project, Value: Migration2024
Key: BillingOwner, Value: JohnDoe

Resource Ownership and Accountability Tags

Key: Owner, Value: AliceSmith
Key: Team, Value: DevOps
Key: Department, Value: IT

Location and IP Address Tags

Key: Location, Value: East US
Key: IP Address, Value: 12.34.56.78

Purpose and Lifecycle Tags

Key: Purpose, Value: Backup
Key: Lifecycle, Value: Decommission Q3
Key: Status, Value: Active

Security and Compliance Tags

Key: Compliance, Value: GDPR
Key: Confidentiality, Value: High

Tags are useful for querying resources quickly via the Azure portal, CLI, or API, enabling you to group resources logically, even if they're scattered across subscriptions or regions.

Describe features and tools in Azure for governance and compliance

Describe the purpose of Microsoft Purview in Azure: A data governance solution to manage, discover, and classify data for compliance and insights.
Describe the purpose of Azure Policy: Enforces rules and compliance standards across resources, ensuring consistent configurations.
Describe the purpose of resource locks: Prevent accidental modifications or deletions with ReadOnly or Delete locks on resources.

Describe features and tools for managing and deploying Azure resources

Describe the Azure portal: Web-based UI to manage, monitor, and configure Azure resources visually.
Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell:
- Azure CLI: Command-line tool for managing Azure across platforms.
- Azure PowerShell: Scripting tool for automating Azure management tasks.
- Cloud Shell: A browser-based shell with CLI and PowerShell tools pre-installed.
Describe the purpose of Azure Arc: Manage and govern on-premises, multi-cloud, and edge resources with Azure tools.
Describe infrastructure as code (IaC): Automates provisioning and managing infrastructure via code, ensuring repeatability.
Describe Azure Resource Manager (ARM) and ARM templates:
- ARM: Manages and deploys Azure resources via declarative templates.
- ARM templates: JSON files defining resource configurations for repeatable deployments.

Describe monitoring tools in Azure

Describe the purpose of Azure Advisor: A recommendation engine that suggests ways to optimize costs, security, performance, and reliability of Azure resources.
Describe Azure Service Health: A personalized dashboard that shows service issues, planned maintenance, and health advisories affecting your Azure resources.
Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights:
- Azure Monitor: Collects and analyzes metrics/logs to monitor Azure resources and applications.
- Log Analytics: Queries and analyzes log data from multiple sources for troubleshooting.
- Azure Monitor Alerts: Creates notifications or automated actions based on performance or log conditions.
- Application Insights: Monitors application performance, availability, and usage with telemetry and diagnostics.

Summary

A: Handling Subscription Limits in Azure

Contact Azure Support for resource limit increases (e.g., vCPU).
Avoid creating multiple subscriptions to resolve limit issues.

B: Azure Subscription Types

Azure for Students: Free credits and 12 months of free services.
Pay-As-You-Go: Pay only for used resources; no upfront costs.
Free Trial: Limited-time free access to Azure resources; one per account.

C: Management Group Limitations

Single parent per management group or subscription.
Max six levels in hierarchy.
Limited total number of management groups.

D: Using Management Groups in Azure

Apply policies and governance across subscriptions.
Restrictions in a management group affect resource creation in subscriptions.

E: Understanding Containers

Containers are self-contained packages with everything an app needs to run.
Deployable across various environments.
Must match the host OS (Linux/Windows).

F: Azure Container Options

Azure Container Instances (ACI): Easy setup with minimal configuration.
Azure Kubernetes Service (AKS): Advanced container orchestration.
DNS label or image changes require re-creating the instance.

G: Azure Functions and Microservices

Azure Functions: Run based on microservices architecture; pay per execution time.
App Service Plan: Logical container for running VMs.

H: Load Balancing in Azure

Azure Scale Sets: Layer 4 traffic with load balancers; Layer 7 traffic with Application Gateway.
Azure App Services: Staging environments, SSL, custom domains, and CLI tools.

I: Memory-Optimized Virtual Machines (VMs)

High memory-to-CPU ratio.
Best for in-memory analytics, relational databases, and memory-intensive workloads.

J: Azure App Service Tiers

Standard Tier: 99.95% uptime, 50 GB storage, unlimited apps.
Six tiers tailored to specific workloads and performance needs.

K: Azure Container Registry (ACR)

Stores and manages container images for ACI and AKS.
Ensures secure image access using Azure identity and security features.

L: Monitoring and Insights Tools

Azure Monitor: Performance and operational insights.
Azure Advisor: Recommendations to optimize Azure resources.
Azure Sentinel: Cloud-native security and incident management.

M: Scaling and Storage in AKS

Cluster Autoscaler: Adjusts nodes based on demand.
Persistent storage with support for static and dynamic volumes.

N: Azure Virtual Desktop Load Balancing

Breadth Mode: Users distributed sequentially across VMs for performance.
Depth Mode: Assign users to one VM at a time to reduce costs.
Automatic provisioning of VMs during high demand.

O: Global Scalability and Disaster Recovery

Global Scalability: Enables worldwide service delivery by dynamically increasing resources like computing power, bandwidth, and storage based on demand.
Disaster Recovery: Redundant sites can become operational within hours of disruptions like power outages or natural disasters. Regular data replication across multiple data centers ensures availability even if one location fails.

P: Azure Hybrid Cloud and Connectivity Options

Hybrid Cloud Connectivity:
Azure Hybrid Cloud: Links on-premises networks with Azure Cloud.
Virtual Network and Express Routes: Facilitate secure hybrid connections.
Application Integration Tools:
Service Bus: Transfers messages between applications.
Custom Connectors and External Databases: Enable seamless integration.

Q: Azure Stack and Private Cloud Deployment

Azure Stack:
A comprehensive solution for hybrid cloud deployment, combining software and validated hardware.
Allows running Azure services on-premises, simplifying the transition to cloud environments.
Private Cloud:
Can be hosted on-premises or in a third-party data center.
Infrastructure is dedicated to a single organization, offering high levels of privacy and security.

R: Core Cloud Features

Reliability: Logical placement of resources ensures consistent application performance during peak traffic.
High Availability: Maintains a 99.999% uptime through redundancy and proactive management.
Manageability: Alerts and application insights aid in monitoring and optimizing resource performance.

S: Scaling in Cloud Environments

Horizontal Scaling (Scaling Out): Adds more VMs with identical configurations to share increased workloads.
Vertical Scaling (Scaling Up): Migrates applications to more robust VMs with enhanced features like SSDs or increased memory.
Elasticity: Automatic scaling based on metrics like CPU and memory usage adapts dynamically to workload changes.

T: Cloud Models and Security Levels

Private Cloud: Fully dedicated infrastructure, offering the highest security.
Public Cloud: Shared multi-tenant environment with robust but less exclusive security.
Hybrid Cloud: Combines elements of both, balancing flexibility and control.
Government Cloud: Exclusive environments like Azure USA and Azure China, tailored for governmental use with maximum security.

U: Cloud Service Models

IaaS: Requires installing and configuring software like PHP and database connections.
PaaS: Simplifies deployment by managing the infrastructure for you.
SaaS: Fully managed software ready for immediate use, ideal for reducing IT overhead.
XaaS: Extends to any service, providing customizable bare-bone solutions for specific needs.

V: Agility in Cloud Development

Cloud Agility: Facilitates rapid development, testing, and deployment of applications.
Benefits: Accelerates response to market changes and customer demands, enhancing organizational competitiveness.

W: Azure Availability Strategies

Availability Zones: Provide redundancy within an Azure region by distributing resources across multiple data centers.
Availability Sets: Place VMs in different server racks within the same data center for fault tolerance.
Zone-Redundant Services: Use features like Zone-Redundant Storage (ZRS) for enhanced reliability.

X: Data Replication and Regional Pairs

Regional Pairs: Two regions within the same geography are updated sequentially to ensure uninterrupted availability.
Multi-Region Replication: Safeguards data by duplicating it across regions, offering resilience against localized disasters.

Y: Cost Management with Resource Groups

Resource Groups: Organize resources with shared lifecycles for easier management.
Cost Allocation: Assign expenses to departments by structuring resource groups (e.g., Sales, IT Support).

Z: Azure Subscription Limits

Defined Quotas: Establish maximum allowances for resources like storage accounts (250 per region), VMs (25,000 per region), and resource groups (980 globally).
Purpose: Facilitates efficient management and prevents resource overutilization.

AZ-900 Practice Quiz (https://insidethemicrosoftcloud.com/az900/)

To transition a large capital expenditure (CapEx) to an operational expenditure (OpEx), Contoso's CIO has suggested to the board that the organization move their virtual machine (IaaS) workloads to Azure. The CFO argues that this will result in unpredictable OpEx spending. In this case, what pricing option is available to reduce costs and making predicting future spending easier?

Azure Reservations
Pay-as-you-go (PAYG)
Azure VM Scale Sets
Azure in CSP

Tailspin Toys, a small startup, is choosing their initial services architecture. They choose to rely on Office 365 and Microsoft Azure for all services. Which of the following best describes the cloud model they have chosen?

Private Cloud
Public Cloud
Hybrid Cloud
Government Cloud

Which of the following statements are true of a Software as a Service solution?

You are responsible for maintaining the solution infrastructure
You are responsible for deploying updates to the solution
You are responsible for solution availability and scalability
You are responsible for configuring the solution features

Contoso is planning to move to Azure, but currently hosts business applications in a shared virtualization infrastructure on-premises, utilizing Hyper-V. This is an example of which cloud computing model?

Hybrid Cloud
Private Cloud
Public Cloud
Government Cloud

Azure SQL Database and an on-premises SQL cluster represent a(n) …. expense and a(n) …. expense, respectively.

Capital, Capital
Capital, Operational
Operational, Operational
Operational, Capital

In Azure, you are charged only for what you use. This is known as a

Fixed-price model
Consumption based model

Contoso runs several business applications in Azure VMs. Which cloud computing model best categorizes Azure VMs?

Software as a service (SaaS)
Platform as a service (PaaS)
Infrastructure as a service (IaaS)
Function as a service (FaaS)

Azure App Service, Azure SQL Database, and Cosmos DB are examples of which category of cloud computing service?

Function as a Service (FaaS)
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)

You need to provide additional capacity than what is currently available in your on-premises datacenter. The solution must minimize capital expense (CapEx) and operational expense (OpEx). Which solution should you recommend?

Migration to public cloud
A private cloud
A hybrid cloud
Additional on-premises servers

Office 365, Azure VMs, and Event Grid represent, ……, ……, and ……, respectively.

1)SaaS 2) PaaS 3) IaaS
1) PaaS 2) IaaS 3) SaaS
1) SaaS 2) IaaS 3) PaaS

Contoso host databases for customer-facing web applications in Azure MySQL Database. Which cloud computing model best categorizes this service?

Software as a service (SaaS)
Platform as a service (PaaS)
infrastructure as a service (IaaS)
Function as a service (FaaS)

Contoso hosts a legacy CRM application that runs on an Azure VM scale set. The application runs at a steady state of around 30% resource utilization. However, during month end closing activities, the application spikes to 90% resource utilization for extended periods during the last week of the month. Azure allows Contoso IT to meet these spikes in resource demand at the push of a button, paying for the additional capacity only when needed. This is an example of:

Scalability
Elasticity
Fault Tolerance
High Availability

Contoso plans to migrate their existing on-premises SQL VMs to Azure. Which expenditure model does this implement?

Capital (CAPEX)
Operational (OPEX)
Subscription
Elastic

A financial analysis of migration of on-premises files to Azure Storage at Contoso showed that storing 2TB of archived data in Azure would be less expensive than hosting this data on-premises. The report also showed unit cost in Azure would decrease even further as the data archive grows. This is an example of cloud

Elasticity
Economies of scale
Scalability
High Availability

The Contoso Corp Financial Services team needs to automate several business processes. They need to create workflows in a low-code environment with a visual interface. The service must have built-in connectivity to their existing platforms, like SalesForce and SAP. The members working on the project are only lightly technical (citizen developers). Which Microsoft service will best fit their use case?

Power Automate
Logic Apps
Azure Automation
Azure Functions

Kelly, who works in IT Operations, wants to automate a task using a script she wrote. She wants to do this with a minimum of expense and maintenance effort. She selected Azure Functions to host the job, instead of Azure Virtual Machines (IaaS). Does this service meet the solution criteria?

YES
NO

Contoso has a line-of-business application that requires access to a file share. You need to host this share in Azure with a minimum of cost and administration effort. Which service would best fulfill this requirement?

Azure Files
Azure Blob Storage
Azure VMs
VM Scale Sets

Contoso IT needs to ensure deployments of like Azure resources are the same for every deployment. Which of the following could be used to automate resource deployment?

Azure API Management
Management Groups
Azure Resource Manager (ARM) templates
Azure Synapse

You are testing new software in an Azure VM. When you are done testing, you shut down the VM, which shows a state of “Stopped” in the Azure portal. Will you incur additional costs while the VM is in this state?

YES
NO

You are deploying multiple instances of a custom Contoso web application. The application instances share a common management lifecycle, but will be located in different Azure regions. Can you deploy resources across multiple Azure regions in a single resource group?

YES
NO

You are responsible for recommending infrastructure architectures for applications at Contoso. Which solution would you recommend for on-demand execution of automated tasks in Python for minimum of expense?

Azure Monitor
Azure Cloud Shell
Azure Automation
Azure Functions

Which Azure service would you use to correlate events from multiple Azure resources in a central repository? (choose the best answer)

Azure Data Lake
Azure Log Analytics
Azure Event Grid
Azure Event Hub

An …… protects against datacenter-level failures.

Availability Set
Availability Zone
VM scale set
Azure VM

Contoso has messages from a variety of sources (many Azure services) that need to be need to be relayed to an application. Which Azure service would be best suited to the task?

Azure Functions
Azure Event Grid
Azure IoT Hub
Azure Service Bus

You can monitor health and availability of your Azure Kubernetes Service (AKS) cluster with:

Azure Monitor
Azure App Insights
Microsoft Sentinel
Microsoft Defender for Cloud

Which storage tier in Azure Storage delivers the highest cost of data storage?

Hot
Cool
Cold
Archive

To retire some aging on-premises servers, Contoso is planning to move several SQL databases to Azure SQL Database. The CIO has asked for a tool to estimate the cost of hosting these resources in Azure. Sally suggests using the Azure Pricing Calculator to estimate costs prior to migration. Does Sally's solution meet the solution criteria?

YES
NO

Which storage tier in Azure Storage delivers the lowest cost of data storage?

Hot
Cool
Cold
Archive

You have a mobile application that exchanges large numbers of messages with customer devices. Which type of Azure storage is optimized for storing large numbers of messages, accessible from anywhere via authenticated HTTP or HTTPS calls?

Blob Storage
Queue Storage
Table Storage
File Storage

Contoso's Security team wants to apply policy-based configuration across deployments in multiple Azure subscriptions. Which of the following can help achieve this requirement?

Resource Groups
Management Groups
Role Based Access Control (RBAC)
Access Policies

Contoso plans to implement a hybrid cloud architecture utilizing Azure. They need to connect on-premises application resources. The solution should minimize latency and maximize security. Which option should they choose?

Point-to-Site VPN
Site-to-Site VPN
ExpressRoute
Azure Application Gateway

As part of a hybrid cloud deployment at Contoso, you need to connect Contoso's on-premises datacenter to Azure. The solution you choose should minimize expense during the low-scale pilot deployment. Which option will you choose?

Point-to-Site VPN
Site-to-Site VPN
ExpressRoute
Azure Application Gateway

For regulatory compliance, you need to ensure Contoso's corporate web apps use TLS 1.2 for encryption. Does Azure App Service support enforcing this specific requirement?

YES
NO

Contoso wants to migrate a legacy application to Azure that requires an file share accessible on a UNC path. You need to provide an SMB file share and secure access. The solution should minimize administrative effort. Which service will you use?

OneDrive
SharePoint
Azure VM with a file share
Azure Files

Storage for Azure VMs is hosted in which Azure Storage type?

File
Table
Disk
Blob

Contoso IT wants to configure separate Azure subscriptions for different environments (production, development, test) and products. Can they associate multiple Azure subscriptions to the same Entra ID tenant?

YES
NO

Contoso Financial Services regularly creates documents containing sensitive customer data, including personally identifiable information. You need to ensure access is restricted to finance personnel, regardless of where the document travels. Which service should you use to classify and protect these documents?

Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Purview
Entra ID Conditional Access

An Azure …… is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

Availability Zone
Region
Geography
Datacenter

Which Azure storage redundancy option does Microsoft recommend for maximum redundancy and recoverability?

Locally Redundant Storage (LRS)
Geo-Redundant Storage (GRS)
Zone Redundant Storage (ZRS)
Geo Zone Redundant Storage (GZRS)

An …… protects against VM failures due to failures in updates, power, or network connectivity.

Availability Set
Availability Zone
VM scale set
Azure VM

You need to manage your Azure VMs using the Azure portal. Which URL would you use to manage the Azure VMs?

Contoso IT wants to develop modern application components using a serverless architecture. Which Azure service is best for hosting code as part of a services infrastructure?

Azure Logic Apps
Azure Functions
Azure Service Bus
Azure Automation

You can monitor health and performance of microservices applications running on Azure Kubernetes Service (AKS) with:

Azure Monitor
Azure App Insights
Azure Sentinel
Microsoft Defender for Cloud

You need to store unstructured data, such as images, video files, social media posts on Azure Storage. Which type of Azure Storage is optimized for storage of large amounts of unstructured data?

Table Storage
Queue Storage
Disk Storage
Blob Storage

Contoso IT has deployed a group of Azure VMs for hosting production. They want best practices recommendations for high availability of their VM resources. Will the Azure Advisor tool provide recommendations for these existing resources?

YES
NO

The Contoso IT Operations team needs to monitor their customer-facing web apps for performance anomalies. Which Azure service will best fulfill this need?

Azure WebJobs
Azure Application Insights
Azure Automation
Azure Sentinel

You need to automate responses to some alerts from Azure Monitor. Which service supports automating responses and corrective actions in this scenario?

Power Automate
Azure Logic Apps
Azure Web Jobs
Azure Automation

The Contoso IT Operations team needs to aggregate events from a large number of resources hosted in Azure for correlation, alerting, and reporting. Which Azure service would you use to centrally collect, store, and act on events?

Azure App Insights
Azure Monitor
Azure Data Lake
Azure Event Hub

You need to alert on service failures in your Azure services, such as web app instances hosted in App Service, and Azure VMs that stop running for any reason. Which tool should you use?

Azure App Insights
Azure Log Analytics
Azure Monitor
Microsoft Defender for Cloud

You can find recommendations for security best practices security configuration for Azure Kubernetes Service (AKS) with:

Azure Monitor
Azure App Insights
Microsoft Sentinel
Microsoft Defender for Cloud

Azure VMs in different virtual networks can communicate by default

TRUE
FALSE

Which Microsoft solution provides support for passwordless authentication on Windows 10 and 11 systems?

Entra ID Conditional Access
Microsoft Authenticator
Windows Hello for Business
Microsoft Purview

You have deployed an Azure VM hosting a line-of-business web application. You need to provide access to the application over the Internet via HTTP/S. You add a security rule to the Network Security Group (NSG) to allow inbound traffic from the Internet. Does this solution meet the requirement?

YES
NO

Contoso IT has deployed multiple Azure VM across 15 virtual networks. How can you most securely limit inbound traffic and protect these VMs from unwanted inbound requests? (choose the best answer)

Create a network security group (NSG)
Deploy an Azure Firewall
Deploy an Azure Load Balancer
Deploy a virtual network gateway

You need to define and enforce corporate standards for new and existing Azure resource deployments in all of Contoso's Azure subscriptions. What should you use to meet this objective?

Azure Policy
Microsoft Defender for Cloud
Microsoft Sentinel
Azure Advisor

Tailspin Toys relies heavily on Entra ID for cloud identity. They want to more effectively protect their identities from external threats. Which service should they choose?

Azure Identity Protection
Microsoft Defender for Endpoint
Azure DDoS
Microsoft Information Protection

In a Site-to-Site VPN, the…. is the cross-premises gateway that connects your Azure Virtual Network with your on-premises VPN appliances

Azure Application Gateway
Azure Virtual Network Gateway
Local Network Gateway
Private Endpoint

You need to prevent accidental deletion of Azure resources in your subscription. Which feature will meet this requirement? (choose the best answer)

RBAC
Resource Locks
Security groups
Azure policies

You are responsible for creating Azure resources at Contoso using ARM templates. You need to ensure Azure resources are only created in approved regions. What should you use to enforce this requirement

Azure locks
Azure Policy
Azure Blueprint
Microsoft Defender for Cloud

Contoso IT assigns permissions at the resource group level for all resources deployed to Azure. Will resources in the resource group inherit permissions assigned to the resource group?

YES
NO

Contoso has implemented a hybrid, synchronized identity model, consisting of on-premises Active Directory and Entra ID. They want to more effectively protect their on-premises identities from external threats. Which service should they choose?

Azure Identity Protection
Microsoft Defender for Endpoint
Azure DDoS
Microsoft Information Protection

You need to implement multi-factor authentication for your Entra ID users. However, you only want to prompt for an additional authentication factor when users are not in a trusted location on an unmanaged device. Which feature should you implement? (choose the best answer)

Microsoft Purview
Identity Protection
Conditional Access
Privileged Identity Management

The Contoso Security team has implemented a new security policy. When users connect from an outside corporate offices, they must be prompted for MFA. Which feature will you implement?

Entra ID Privileged Identity Management
One Time Passwords (OTP)
Entra ID Identity Protection
Entra ID Conditional Access

You need to support OATH tokens (one-time password) as a second authentication factor for Entra ID. What Microsoft solution enables use of OATH tokens for Entra ID and other identity providers?

Entra ID Identity Protection
Microsoft Authenticator
Conditional Access
Entra ID Multi-Factor Authentication

The Contoso Legal Department has asked Contoso IT to verify whether the Contoso's Azure environment meets regulatory requirements. Which service should you use to answer this question?

Azure Advisor
Microsoft Defender for Cloud
Microsoft Purview
Azure Policy

What are the three foundational principles of Zero Trust?

1) Verify explicitly 2) Use least privilege access 3) Assume breach
1) Verify explicitly 2) Use defense in depth 3) Assume breach
1) Verify explicitly 2) Trust but verify 3) Assume breach
1) Verify explicitly 2) Use least privilege access 3) Trust must be earned

Contoso Electronics is a global retailer. The Contoso Cloud Architecture team needs to simplify deployments of new environments in Azure, including Azure Resource Manager (ARM) templates , role-based access, and policies. Which Azure service enables delivery of templates for repeatable deployment and configuration of new subscriptions and environments? (choose the best answer)

Azure Policy initiatives
Azure Policy
ARM templates
Azure Blueprints

Your company is planning to host services in Azure. You want to leverage identities in Entra ID, but still need to support on-premises identities in Active Directory. Can you support single sign-on (SSO) and multi-factor authentication for both on-premises and cloud with Entra ID?

YES
NO

You need to configure access to Office 365 resources for users at Contoso. To group users for assignment of permissions, which of the following options would you use?

Microsoft 365 group
Resource group
Security group
Management group

Implementing Azure MFA (multi-factor authentication) will ensure we know who the user is who they claim to be. This is an example of:

Authorization
Authentication
Integrity
Confidentiality

You need to ensure on-premises file shares and Azure Files remain in sync in both directions, regardless of where the file was changed. Which tool or service would you choose? (choose the best answer)

AzCopy
Azure Storage Explorer
Azure File Sync
Azure Data Box

Contoso's Security team wants to implement selective use of multi-factor authentication (MFA) based on multiple factors related to the authentication request, such as device health and sign-in risk. Which service should they implement?

Conditional Access
Identity Protection
Multi-Factor Authentication (MFA)
Windows Hello for Business

Contoso has deployed resources across multiple Azure regions for multiple business units. They have a requirement to generate cost and chargeback reporting to track the Azure costs to be charged back to each business unit. Which Azure feature should they use to simplify this task?

Tags
Resource Locks
Resource Groups
Management Groups

You need to identify and enforce Contoso's corporate standards across new and existing Azure deployments. Which service would you choose to achieve this requirement? (choose the best answer)

Azure Blueprints
Azure Policy
Azure Resource Manager (ARM) templates
Azure Automation

Using role based access control (RBAC) in Azure, we can determine which resources and services a user has access to. This is an example of:

Authorization
Authentication
Integrity
Confidentiality

Azure China and Azure Government are examples of:

Private clouds
Sovereign regions
Azure geographies
Management groups

You need to ensure no one (including administrators) can create additional resources in a Azure resource group. What will you do to achieve this objective?

Azure Policy
Role based access control (RBAC)
Resource locks
Microsoft Defender for Cloud

Which of the following describes authentication?

Determines which resources you can access
Defines the services and regions you can access
Validates that a user is who they claim to be
Establishes your resource access

You need to track resource consumption by application and department for cost tracking and chargeback. Which of the following will enable this capability.

Azure Monitor
Tags
Azure
Management Groups

You need to automate movement of multiple files to a storage account. What command line tool can you use to script copying blobs or files to or from your storage account? (choose the best answer)

Azure File Sync
Azure Storage Explorer
AzCopy
Azure Data Box

Which Azure storage redundancy option would you select for development workloads where minimizing expense is the highest priority?

Zone Redundant Storage (ZRS)
Geo-Redundant Storage (GRS)
Geo-Zone Redundant Storage (GZRS)
Locally Redundant Storage (LRS)

Contoso needs Azure capacity to support spikes in request traffic to their load-balanced web farm during the holiday shopping season. A consultant recommends deploying the website to a virtual machine scale set in Azure. Will this meet the requirement?

YES
NO

Which type of Azure storage stores NoSQL data in Azure, including a schemaless key/attribute store?

Queue Storage
Table Storage
Blob Storage
File Storage

You need to identify deviations from Microsoft security best practices in your Azure cloud infrastructure. Which service should you use?

Azure Advisor
Microsoft Defender for Cloud
Azure Monitor
Azure Key Vault

Contoso IT is planning to migrate all on-premises data to Azure. The Legal Department has asked for verification that Azure complies with Contoso's regulatory obligations, such as HIPAA and PCI DSS. Which Azure service can be used to monitor for regulatory compliance?

Azure App Insights
Azure Advisor
Azure Monitor
Microsoft Defender for Cloud

You need to calculate the estimated cost of a set of Azure resources before you deploy them. Which service or tool will you use?

Azure Advisor
Azure Pricing Calculator
Azure Cost Management
Azure TCO Calculator

As part of a migration of on-premises VM workloads to Azure VMs, Contoso wants to minimize costs. Since the VMs will be running in Azure for an extended period of time (years), what option should they consider to reduce hosting costs?

Azure Cost Management
Azure Reservations
Azure Advisor
VM Scale Sets

A …… is a virtual network gateway that sends encrypted traffic between an Azure VNET and an on-premises location over the Internet

App gateway
Web proxy
VPN gateway
Private endpoint

Contoso IT Operations has been tasked with providing recommendations on how to reducing cost of running Azure VMs. Which service should they use to gather recommendations?

Microsoft Defender for Cloud
Azure Advisor
Azure Monitor
Azure App Insights

Contoso is planning to move several on-premises services to Azure PaaS and IaaS solutions. The CIO has asked for a tool to estimate the cost of hosting these resources in Azure. Tom suggests Azure Cost Management to estimate costs prior to migration. Does Tom's solution meet the solution criteria?

To manage service lifecycle with more granularity, Contoso cloud architects have designed a model that involves a large number of resource groups. Will Contoso incur additional costs for the resources groups?

You plan to deploy several Azure VMs. The applications running on these VMs should remain available if a single Azure datacenter fails. You opt to deploy VMs to multiple availability zones. Does your solution meet the solution criteria?

YES
NO

Contoso IT has deployed a group of VMs in Azure. They want to identify recommendations on how to reduce the cost of running these VMs. Which tool should they use? (choose the best answer)

Azure Price Calculator
Azure Advisor
Azure Cost Management
Microsoft Defender for Cloud

Azure App Service supports which of the following application type(s)?

Web apps
Mobile apps
API apps
All the above

Which virtual machine configuration supports a more resilient, highly available environment by staggering VM updates and ensuring varied power and network connectivity?

Virtual machine scale sets
Virtual machine availability sets
virtual cluster
Azure Virtual Desktop

Tailspin Toys uses a pay-as-you-go (PAYG) subscription in Azure. PAYG generally provides lowest cost over time, but least flexibility in terms of shifting consumption to new services.

TRUE
FALSE

Azure Container Instances enable running containers without host servers to manage.

YES
NO

Azure Container Instances enable elastic bursting for Azure Kubernetes Service

YES
NO

Azure VMs in different subnets in the same virtual network can communicate by default

YES
NO

Azure DDoS, which protects your Azure resources against distributed denial of services attacks, includes both a Basic and Standard tiers.

YES
NO

No Pages Found