AZ-900 Practice Test Bank: 200+ Qs with Answers

Section 1.1: AZ-900 exam purpose, audience, and certification value

AZ-900, Microsoft Azure Fundamentals, is designed to validate broad foundational knowledge of cloud concepts and Azure services. It is not intended to prove that you can deploy complex architectures, manage production environments, or troubleshoot advanced platform issues. Instead, the exam checks whether you understand the language of cloud computing and can identify which Azure services and concepts fit common business and technical scenarios. That makes it ideal for beginners, students, career changers, sales and procurement professionals, project managers, and technical professionals who need cloud literacy before moving to role-based certifications.

From an exam objective standpoint, Microsoft expects you to describe rather than implement. Words like describe, identify, recognize, and differentiate are important clues. You may see content around cloud computing, shared responsibility, consumption-based pricing, high availability, scalability, elasticity, reliability, predictability, security, governance, and service types such as IaaS, PaaS, and SaaS. You also need a high-level understanding of Azure architecture and basic services like regions, availability zones, subscriptions, resource groups, virtual machines, containers, virtual networks, VPN, ExpressRoute, and DNS.

The value of AZ-900 is twofold. First, it gives you a structured way to learn modern cloud concepts using Azure as the reference platform. Second, it serves as a credential that shows employers you understand core cloud vocabulary and platform basics. While it is an entry-level certification, do not underestimate it. Employers often use fundamentals certifications to verify that a candidate can communicate accurately about cloud services and can continue on to more specialized tracks.

A common trap is assuming that because the exam is beginner-friendly, every question will be obvious. In reality, Microsoft often places similar concepts side by side. For example, a question may force you to distinguish between high availability and disaster recovery, or between a resource group and a subscription, or between SaaS and PaaS. The exam rewards clarity, not overthinking.

Exam Tip: Read every answer choice through the lens of “What is Microsoft most likely trying to validate here?” If the question is about foundational cloud responsibility, think in terms of service model boundaries rather than advanced implementation details.

Certification value also comes from momentum. Many candidates use AZ-900 as a launching point toward Azure Administrator, Azure Developer, Azure Security, or Azure AI certifications. If you build clean mental models now, your later study will be much easier.

Section 1.2: Official exam domains and how Microsoft weights objectives

One of the smartest things you can do early in your preparation is study the official skills measured document. Microsoft updates exam objectives periodically, so always treat the official exam page as the source of truth. The AZ-900 blueprint is organized into domains, and those domains are weighted. Weighting matters because it tells you where Microsoft expects more question volume. If one domain carries a larger percentage, it deserves more of your study time and more of your practice-question review.

At a high level, the exam covers cloud concepts, Azure architecture and services, and Azure management and governance concepts. Within those areas, the exam repeatedly returns to foundational distinctions: cloud models, benefits of cloud services, service types, architectural components, and major categories of Azure services such as compute and networking. You should also expect governance and cost-related ideas to appear because consumption-based pricing, policy, and organizational structure are central to Azure fundamentals.

Weighting should shape your study plan. For example, if cloud concepts and core Azure architecture together represent a significant share of the exam, you should not spend disproportionate time on obscure details of a single service. A classic beginner mistake is diving deeply into portal screenshots, command syntax, or advanced configuration options. AZ-900 generally tests what a service is for, when it is used, and how it compares with alternatives.

Another trap is studying domain headings without connecting them. Microsoft often blends objectives in a single question. A scenario about a company needing predictable costs, quick scaling, and reduced hardware management may test consumption-based pricing, cloud benefits, and service model selection all at once. Likewise, a question about resiliency across Azure regions may overlap with architectural components and high availability concepts.

Exam Tip: Build a study tracker that lists each official objective and mark your confidence as red, yellow, or green. Domain weighting tells you where to spend time, but confidence tracking tells you where you are most likely to lose points.

When you review practice questions, tag each missed item to an objective area. Over time, patterns emerge. If you repeatedly miss IaaS versus PaaS scenarios or confuse availability zones with regions, that is not random error; it is an objective-level weakness that needs focused review. The strongest candidates treat the blueprint as a map, not just a checklist.

Section 1.3: Registration process, scheduling, identification, and test policies

Before exam day, make sure you understand how registration and scheduling work. Microsoft certification exams are typically scheduled through Microsoft’s certification portal, which directs you to the authorized exam delivery process. You may be able to choose a local test center or an online proctored delivery option, depending on your location and current policies. Always verify available delivery methods in the official registration workflow rather than relying on old forum posts or outdated study guides.

When registering, use legal identification details exactly as required. Name mismatches are a preventable reason for exam-day stress. Review the identification policy well in advance, especially if you are taking the exam at a test center or through online proctoring. Requirements can vary by region, and online testing may include room scan procedures, desk-clear rules, webcam requirements, and restrictions on watches, phones, paper, and background noise.

Scheduling strategy matters too. Beginners often book too early and create panic, or book too late and lose momentum. The best approach is to pick a realistic target date based on your current knowledge and available weekly study time. Once the exam is booked, work backward to create milestones: foundational review, first practice set, weak-area remediation, full revision, and final readiness check.

Understand rescheduling and cancellation policies before you commit. Life happens, but missed deadlines may cost you fees or force unnecessary delays. Also review technical requirements if you choose online delivery. A weak internet connection, unsupported browser, or noisy environment can become a bigger problem than the exam itself.

A common trap is treating logistics as unimportant compared with studying. In reality, poor logistics can drain focus and confidence. If you spend exam morning worrying about ID requirements, check-in windows, or whether your room meets proctor rules, you start the exam at a disadvantage.

Exam Tip: Do a “dry run” 48 hours before your exam. Confirm your login, check your ID, test your computer and webcam if relevant, and review the check-in instructions. Remove every avoidable variable.

Good preparation includes administrative readiness. The less mental energy you spend on process details, the more you can devote to interpreting questions calmly and accurately.

Section 1.4: Question formats, scoring concepts, and time management basics

AZ-900 may include several question styles, such as standard multiple-choice, multiple-select, matching, drag-and-drop, and short scenario-based items. Microsoft can vary delivery and item types over time, so avoid assuming a fixed template. The key point is that the exam measures your ability to recognize correct conceptual relationships, not just recall isolated definitions. Some questions are direct, while others present a business need and ask which concept or service best fits.

Scoring can feel mysterious to candidates because Microsoft does not publish every detail of how individual items are weighted. What you should know is that the passing score is typically reported on a scaled score model. This means not every question necessarily contributes in exactly the same way. Do not waste time trying to reverse-engineer the scoring algorithm. Instead, focus on maximizing accuracy across all domains, especially the heavily weighted ones.

Because this is a fundamentals exam, your biggest scoring risk is not speed; it is misreading. Candidates often lose points by overlooking qualifiers such as most cost-effective, best fit, reduces management overhead, provides private connectivity, or improves resiliency. Those phrases tell you what the exam is really testing. If a scenario emphasizes reduced platform management, PaaS may be more appropriate than IaaS. If it emphasizes complete control over the operating system, IaaS is usually the better fit.

Time management should be simple and disciplined. Move steadily, answer what you can, and avoid spending excessive time debating one uncertain question early in the exam. If the platform allows review, use it strategically. Mark items where you can narrow to two answers but need a second look. However, be careful not to change correct answers because of anxiety during the final review.

Common traps include choosing an answer that is technically true but not the best answer, ignoring all answer choices before reading the scenario carefully, and assuming that longer answers are more likely to be correct. Microsoft writes distractors that are often plausible. Your task is to identify the option most aligned with the exact requirement in the question.

Exam Tip: When stuck, eliminate answers by category. Ask: Is this a cloud concept, a pricing concept, an architectural component, or a service type? Narrowing the category often reveals the correct answer even if you do not remember every detail.

Strong exam performance comes from calm reading, objective recognition, and disciplined pacing rather than from rushing.

Section 1.5: Study strategy for beginners using practice questions effectively

If you are new to Azure or cloud computing, your study strategy should start with concepts first, then move to service recognition, and finally to scenario-based comparison. Many beginners make the mistake of jumping straight into large banks of practice questions. Practice is essential, but it works best after you have a mental framework. Otherwise, you may memorize answer patterns without understanding why those answers are right.

A beginner-friendly method is to study in layers. First, learn the core cloud concepts: cloud computing, shared responsibility, consumption-based pricing, public versus other deployment ideas if included, and the benefits of cloud services such as high availability, scalability, elasticity, reliability, predictability, security, and governance. Next, study the service models: IaaS, PaaS, and SaaS. Then move into Azure architecture and common services, including regions, availability zones, subscriptions, resource groups, compute options, and networking basics.

Once you have that baseline, begin using practice questions in short sets. After each set, review every explanation, including questions you answered correctly. Correct answers reached by guessing are still weaknesses. Keep an error log with three columns: the objective tested, why your answer was wrong, and the rule or concept that would help you answer correctly next time. Over time, this creates a personalized study guide based on your actual gaps.

Focus especially on comparative reasoning. Can you explain why containers differ from virtual machines at a high level? Why ExpressRoute differs from VPN? Why DNS is about name resolution rather than traffic isolation? Why a region is different from an availability zone? These are classic exam themes. The exam often rewards distinction and classification rather than memorization of product minutiae.

A major trap is overstudying advanced content because it feels impressive. AZ-900 does not require deep administrator-level skill. If you spend hours learning complex implementation details while still mixing up SaaS and PaaS, your study plan is out of balance. Stay aligned to exam objectives.

Exam Tip: Use a 70-20-10 study split: 70% on official objectives and concept review, 20% on practice questions and explanation analysis, and 10% on final revision notes. Practice questions should reinforce understanding, not replace it.

Consistency beats cramming. Even 30 to 45 minutes of focused daily study can build strong retention when paired with regular review and objective-based tracking.

Section 1.6: Baseline diagnostic quiz and personal exam readiness plan

Your first practice activity in this course should not be a score-chasing exercise. It should be a diagnostic. The purpose of a baseline quiz is to reveal what you already know, what you partially understand, and what you are currently guessing. Even if your starting score is low, that information is useful. It helps you prioritize effort instead of studying everything with equal intensity.

After your diagnostic attempt, sort your results by objective area. Most beginners will see uneven performance. For example, you may understand cloud benefits but struggle to distinguish IaaS, PaaS, and SaaS in realistic scenarios. Or you may recognize Azure virtual machines but be less confident about subscriptions, resource groups, regions, and availability zones. This is normal. Your readiness plan should be built around these patterns.

Create a personal readiness plan with weekly targets. A practical structure is: week one for cloud concepts and pricing ideas, week two for service models and cloud benefits, week three for Azure architecture, week four for compute and networking basics, and week five for mixed practice and weak-area repair. If your timeline is shorter, compress the schedule but keep the sequence. Foundational understanding should come before mixed testing.

Set readiness criteria before booking your final review week. For example, aim for stable practice performance across multiple sessions, not one lucky score. You should be able to explain key distinctions out loud in plain language. If you cannot explain why a service fits a scenario, your knowledge may still be too fragile for exam conditions.

Another smart step is to define a retake-proof strategy. Do not prepare merely to scrape past the minimum. Prepare to understand the material well enough that unfamiliar wording does not shake you. This is especially important because Microsoft can phrase fundamentals in different ways while testing the same core ideas.

Exam Tip: Readiness is not just a percentage score. True readiness means you can identify the objective being tested, eliminate distractors confidently, and justify the correct answer without relying on memory alone.

As you begin the rest of this book, use your diagnostic results as a compass. Every chapter and practice set should move you from recognition to explanation, and from explanation to reliable exam performance.

Section 2.1: Describe cloud computing and the cloud model

Cloud computing refers to the delivery of computing services over the internet. These services can include servers, storage, databases, networking, analytics, and software. On the AZ-900 exam, the cloud is not tested as an abstract buzzword. Instead, you are expected to understand that cloud computing allows organizations to access technology resources on demand, scale them when needed, and avoid owning all infrastructure physically on site.

The cloud model shifts organizations away from the traditional idea of purchasing hardware, installing it in a company data center, and maintaining it for years whether utilization is high or low. In cloud computing, resources are provisioned when needed and released when no longer needed. This creates flexibility and supports faster business response. If a company launches a new application, it can deploy infrastructure much more quickly in the cloud than through a lengthy hardware procurement cycle.

Microsoft commonly tests whether you understand core cloud characteristics. These include on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Even if those exact terms are not always listed in a question, the underlying ideas appear often. For example, a scenario that mentions users provisioning resources themselves without waiting for hardware delivery is testing on-demand self-service. A scenario about tracking usage for billing points to measured service.

A common trap is confusing cloud computing with virtualization. Virtualization is a technology that allows multiple virtual systems to run on shared hardware, but cloud computing is broader. The cloud includes service delivery, automation, scalability, billing models, and operational flexibility. Virtualization can exist without a cloud operating model. Therefore, if the exam asks what defines cloud computing, focus on service delivery and elasticity rather than simply the existence of virtual machines.

Exam Tip: When a question asks what cloud computing helps an organization do, look for answers involving flexibility, on-demand resource use, and reduced need for direct infrastructure ownership. Answers centered only on buying more hardware are usually distractors.

From a test strategy perspective, identify whether the question is asking for a definition, a capability, or a business outcome. If the stem asks what cloud computing is, choose the answer that describes internet-delivered services. If it asks why businesses use the cloud, look for agility, scalability, and cost flexibility. This distinction helps eliminate vague but tempting choices.

Section 2.2: Describe the shared responsibility model

The shared responsibility model explains how security, management, and operational duties are divided between the cloud provider and the customer. This is one of the most important conceptual areas in AZ-900 because many beginners incorrectly assume that moving to the cloud means the provider is responsible for everything. That is not true. Microsoft secures the underlying cloud infrastructure, but customers still retain responsibility for specific elements depending on the service type they use.

At the broadest level, the provider is typically responsible for the physical security of datacenters, power, cooling, and the physical hosts. The customer remains responsible for items such as data, identities, device security, and access management. As services become more managed, customer responsibility decreases for infrastructure tasks, but it never disappears completely. This is why shared responsibility is called shared, not transferred.

On the exam, questions may approach this topic by comparing on-premises systems to cloud services. In an on-premises environment, the customer is responsible for nearly everything. In IaaS, the provider manages the physical infrastructure while the customer manages operating systems, applications, and data. In PaaS, the provider manages more of the underlying platform, while the customer focuses more heavily on the application and data. In SaaS, the provider manages almost the entire stack, but the customer still manages users, access, and the data they place into the service.

A common exam trap is selecting the provider for responsibility over data classification or user account management. Even in SaaS, customers are generally still responsible for how their data is used, who can access it, and how identities are governed. If the question includes phrases such as “who can sign in,” “what permissions users have,” or “how sensitive data is labeled,” think customer responsibility.

Exam Tip: If an answer choice mentions physical datacenter hardware, rack security, or host maintenance, that usually points to the cloud provider. If it mentions accounts, data, endpoints, or configurations, that usually points to the customer.

To answer shared responsibility questions correctly, first identify the service model in the scenario. Then ask yourself what layer is being discussed: physical infrastructure, operating system, application runtime, application logic, or data. The lower the layer, the more likely the provider is responsible. The closer the layer is to business use and information control, the more likely the customer remains responsible.

Section 2.3: Describe cloud models: public, private, and hybrid

AZ-900 expects you to distinguish among public, private, and hybrid cloud models. These models describe how cloud resources are deployed and who uses them. The exam often presents a business requirement and asks which model best fits it. The key is to focus on ownership, access, and operational location rather than on specific products.

A public cloud is owned and operated by a third-party cloud provider and delivers resources over the internet. Multiple customers share the provider’s infrastructure, though each customer’s resources remain logically isolated. Public cloud is typically associated with speed, scalability, and reduced capital investment. If a scenario emphasizes fast deployment, broad access, and no need to maintain physical datacenter infrastructure, public cloud is often the correct answer.

A private cloud is used exclusively by a single organization. It may be hosted in the organization’s own datacenter or by a third party, but the environment is dedicated to that organization. Private cloud can offer greater direct control and may be preferred when strict regulatory or customization requirements exist. However, it usually involves higher management overhead compared with public cloud.

A hybrid cloud combines public cloud and private infrastructure, allowing data and applications to move between environments or be managed across both. Hybrid cloud is especially important for exam scenarios. Many organizations are not fully cloud-only. They may keep sensitive systems on-premises due to compliance, latency, or legacy dependencies while using public cloud for web apps, backup, or burst capacity. If a question says an organization must keep some resources in its own datacenter while also using cloud services, hybrid cloud is the best fit.

A frequent trap is assuming hybrid means simply using more than one cloud service. That idea is closer to multicloud, not hybrid by itself. Hybrid specifically involves a mix of on-premises or private cloud resources with public cloud resources. Watch for wording such as “retain local infrastructure” or “continue using on-premises servers.”

• Public cloud: provider-owned, internet-delivered, shared infrastructure model
• Private cloud: dedicated to one organization, more direct control
• Hybrid cloud: combines private/on-premises resources with public cloud services

Exam Tip: If the requirement includes both “must keep some systems on-premises” and “wants cloud flexibility,” choose hybrid cloud unless the question explicitly defines another model.

To identify the correct answer, ask: Is the infrastructure shared and provider-run? Public. Is it dedicated to one organization? Private. Is it a combination of local/private and public environments? Hybrid. These three distinctions solve most exam questions in this area.

Section 2.4: Describe consumption-based pricing and cloud economics

One of the most fundamental cloud business concepts is consumption-based pricing. In a traditional IT model, organizations often purchase hardware in advance and pay for capacity whether they use it fully or not. In the cloud, many services are billed based on actual usage. This might include compute time, storage consumed, network traffic, or transactions processed. For AZ-900, the exam does not expect you to calculate complex invoices, but it does expect you to understand the economic logic behind paying for what you use.

This model connects directly to operational expenditure, or OpEx, versus capital expenditure, or CapEx. CapEx refers to up-front investment in physical assets such as servers and networking equipment. OpEx refers to ongoing spending for services consumed over time. Cloud services often shift costs from CapEx to OpEx, which can improve financial flexibility and reduce the risk of overprovisioning. An organization does not need to buy a large amount of hardware in anticipation of future growth; it can scale usage and spending as demand changes.

On the exam, look for scenario language such as “avoid large up-front costs,” “pay monthly based on usage,” or “reduce spending on unused capacity.” These clues point directly to cloud economics and the consumption model. Another common angle is the ability to stop paying for resources when they are no longer needed. This supports temporary workloads, testing environments, and seasonal demand spikes.

A common trap is thinking the cloud is always cheaper in every situation. The more accurate exam perspective is that the cloud provides cost flexibility and can reduce waste, especially for variable demand. If a question asks what consumption-based pricing allows, the strongest answer is usually not simply “lower cost,” but rather “pay only for resources used.” That wording is more precise and more aligned to Microsoft exam objectives.

Exam Tip: If the stem emphasizes unpredictable demand, temporary projects, or minimizing idle infrastructure costs, consumption-based pricing is likely the tested concept.

Also understand that cloud economics support experimentation. Businesses can deploy a proof of concept without committing to a major hardware purchase. This reduces financial barriers to innovation. In exam questions, that benefit may appear as improved business agility tied to the cost model. Separate this from technical agility: one is about financial flexibility, the other is about operational speed. AZ-900 may test both in nearby answer choices, so read carefully.

Section 2.5: Describe cloud benefits: high availability, scalability, elasticity, agility, and disaster recovery

This section covers several closely related cloud benefits that appear frequently on AZ-900. These terms are easy to mix up, which is exactly why they are tested. You should learn not only what each term means, but also the clue words that separate them.

High availability refers to designing systems so that they remain accessible and operational for a high percentage of time, often through redundancy. If a question mentions minimizing downtime or keeping services available despite component failures, the concept is high availability. Reliability is related, but in beginner-level exam wording, high availability is the more common target when uptime is emphasized.

Scalability is the ability to increase or decrease resources to meet demand. This can mean scaling up to more powerful resources or scaling out to more instances. Elasticity is more dynamic: it refers to automatically or rapidly adjusting resources in response to current demand. If the question emphasizes planned growth, scalability is often correct. If it emphasizes automatic response to spikes and drops, elasticity is usually the better answer.

Agility means the cloud enables faster deployment, faster experimentation, and faster adjustment to changing business needs. This is not the same as elasticity. Agility is about speed of action and responsiveness from an organizational and operational perspective. If a business wants to launch services quickly without waiting months for procurement, that is agility.

Disaster recovery refers to the ability to recover from a major outage or catastrophic event. In exam language, look for restoring systems after regional failure, datacenter outage, or significant disruption. This differs from high availability, which focuses on keeping services running continuously. Disaster recovery is about recovery after serious interruption; high availability is about preventing or minimizing interruption in the first place.

• High availability: keeps services running with minimal downtime
• Scalability: increases or decreases capacity to meet demand
• Elasticity: automatically adjusts resources as demand changes
• Agility: enables rapid deployment and faster business response
• Disaster recovery: restores operations after major failure

Exam Tip: When two answers both sound plausible, ask whether the scenario is about uptime, growth, automatic adjustment, speed of deployment, or recovery after failure. That usually reveals the tested benefit.

The most common trap is selecting scalability when the scenario clearly describes automatic adjustment during demand swings. That is elasticity. Another trap is selecting high availability when the scenario is about recovering after a disaster. Recovery after the event points to disaster recovery.

Section 2.6: Domain practice set for Describe cloud concepts with answer analysis

As you practice this exam domain, focus less on memorizing isolated terms and more on building a decision process. Azure Fundamentals questions in the cloud concepts domain tend to be short, but the distractors are intentionally similar. Your job is to identify the exact concept being tested from one or two key clues. This section provides a framework for analyzing those clues without listing direct quiz items in the chapter text.

Start by classifying the scenario into one of four buckets: definition, responsibility, deployment model, or business benefit. If the scenario asks what cloud computing enables, think definition. If it asks who manages what, think shared responsibility. If it describes location and ownership of resources, think public, private, or hybrid. If it highlights outcomes such as cost flexibility, uptime, or responsiveness to demand, think benefits and economics.

Next, underline or mentally isolate trigger phrases. Examples include “pay only for what is used,” “keep some servers on-premises,” “customer still manages user access,” “rapidly handle demand spikes,” or “recover from a major outage.” Each phrase maps strongly to a tested objective. This is one of the fastest ways to improve your score because AZ-900 often uses predictable wording patterns even when the surrounding scenario changes.

A strong answer analysis habit is to eliminate near-miss choices by asking why they are wrong, not just why one answer is right. For example, an option about scalability may be close, but if the scenario emphasizes automatic reaction to workload change, elasticity is more precise. An option about public cloud may sound attractive, but if local datacenter resources must remain in use, hybrid is more accurate. This precision is essential on foundational exams.

Exam Tip: In cloud concept questions, the best answer is usually the most exact answer, not the most broadly positive statement. Avoid choices that sound impressive but do not match the key phrase in the prompt.

For final preparation, review your mistakes by category. If you miss questions because terms sound alike, create a comparison sheet for pairs such as scalability versus elasticity and high availability versus disaster recovery. If you miss scenario questions, practice extracting clue words before reading the answer choices. This method trains you to think like the exam writers and improves both speed and accuracy on test day.

Section 3.1: Describe cloud service types: IaaS, PaaS, and SaaS

This objective is one of the most frequently tested areas on AZ-900 because it checks whether you understand the level of responsibility retained by the customer. Infrastructure as a Service, or IaaS, provides the most control among the three main service models. You typically manage virtual machines, operating systems, networking settings, and installed applications, while the cloud provider manages the underlying physical datacenter, hardware, and virtualization layer. In exam scenarios, IaaS is the right fit when an organization wants to migrate existing server workloads with minimal redesign or when it needs administrative access to the operating system.

Platform as a Service, or PaaS, reduces management overhead by letting the provider manage the operating system, runtime, middleware, and much of the scaling platform. The customer focuses on application code and data. On AZ-900, PaaS appears in scenarios involving web app development, API hosting, managed databases, and rapid application deployment. If the wording emphasizes that developers want to build without managing servers, PaaS is usually the strongest answer.

Software as a Service, or SaaS, is complete software delivered over the internet. Users simply consume the application, often through a browser or client app. Microsoft 365 is the classic exam example. In SaaS, the provider manages almost everything, and the customer mainly manages user settings and data usage. If the scenario mentions email, collaboration, CRM, or subscription-based business software with no concern for infrastructure or platform maintenance, think SaaS.

• IaaS: highest customer control, highest management responsibility
• PaaS: balanced approach for developers, less platform management
• SaaS: least management, software consumed as a finished service

Exam Tip: Look for verbs in the scenario. “Install,” “patch,” and “configure the OS” point toward IaaS. “Deploy code” and “focus on development” point toward PaaS. “Use the application” points toward SaaS.

A common trap is assuming PaaS means no management at all. That is incorrect. Customers still manage the application, data, identity settings, and service configuration. Another trap is choosing SaaS simply because a service is internet-based. A hosted custom application can still be PaaS or IaaS. The correct answer depends on who manages the layers. The exam tests your ability to classify the service model based on operational responsibility, not just based on where the software runs.

Section 3.2: Describe serverless and event-driven basics for AZ-900 scenarios

Although AZ-900 is a fundamentals exam, Microsoft may include basic serverless and event-driven scenarios because they represent an important cloud concept: running code or workflows without managing traditional servers. Serverless does not mean servers do not exist. It means the provider abstracts server management away from the customer. You focus on the function or workflow, and the platform handles scale, infrastructure allocation, and often billing based on execution or consumption.

In Azure, common examples include Azure Functions and Logic Apps. Azure Functions are often associated with small units of code triggered by events such as an HTTP request, a timer, or a message in a queue. Logic Apps are associated with workflow automation and integrating systems through connectors. On the exam, you are not expected to configure triggers or write code. Instead, you should recognize when a lightweight, event-driven, pay-for-use model is more appropriate than maintaining full-time virtual machines.

Serverless aligns closely with consumption-based pricing. If an application runs infrequently, such as processing uploaded files or sending notifications when an event occurs, serverless may be more cost-efficient than provisioning dedicated infrastructure. Event-driven means the action happens in response to something: a file arriving, a request being received, a message being posted, or a scheduled time being reached. These clues are important in scenario questions.

Exam Tip: If the question emphasizes sporadic execution, automatic scaling, or paying only when code runs, a serverless option is often the intended answer. If the question emphasizes long-running control over the environment, a VM-based answer is more likely.

A common trap is treating serverless as the same as PaaS. They are related, but serverless is more specific. PaaS broadly means the provider manages the platform. Serverless usually adds an execution model where scaling and billing are highly dynamic and tied closely to demand. Another trap is assuming serverless is always the cheapest option. The exam may mention constant, predictable workloads where other approaches are also reasonable. Focus on the scenario wording and choose the service type that most directly satisfies the requirement being tested.

Section 3.3: Describe Azure architecture and services: regions, region pairs, and availability zones

Azure’s global infrastructure is a core AZ-900 topic because it explains how Microsoft provides scale, performance, and resiliency. An Azure region is a geographical area containing one or more datacenters connected through a low-latency network. Regions allow customers to deploy services closer to users, meet certain compliance needs, and improve disaster recovery planning. On the exam, if a scenario asks where you choose to place workloads for geographic proximity or data residency considerations, region selection is the concept being tested.

Availability zones provide fault isolation within a region. Each zone is a physically separate location with independent power, cooling, and networking. This matters when the exam asks how to increase resiliency against datacenter-level failure inside the same region. Availability zones are not the same as regions. A region is broader; a zone is a separate location within a supported region. If a question asks about protection from the failure of a single datacenter, availability zones are usually the best answer.

Region pairs are another testable concept. Azure pairs many regions within the same geography to support platform updates and certain disaster recovery considerations. The idea is that one region in a pair can help provide continuity if another experiences a major outage. Do not overcomplicate this objective. AZ-900 usually tests recognition: region pairs support resiliency and planned update sequencing.

• Region: a geographical deployment area containing datacenters
• Availability zone: separate physical location within a region for fault isolation
• Region pair: two paired regions within the same geography for resiliency considerations

Exam Tip: Match the failure scope to the answer choice. Single datacenter failure within a region points to availability zones. Broader geographic resiliency points toward multiple regions or region pairs.

A common trap is assuming every region supports availability zones. That is not true. Another trap is confusing high availability with disaster recovery. Availability zones improve availability within a region. Using multiple regions addresses a wider scope of failure. The exam often rewards candidates who notice whether the scenario is local, regional, or cross-regional in scope.

Section 3.4: Describe Azure resources, resource groups, subscriptions, and management groups

This objective focuses on how Azure organizes what you deploy and how governance can be applied at different levels. An Azure resource is an individual manageable item such as a virtual machine, storage account, or virtual network. Resources do not exist in isolation for long on the exam; they are usually discussed in relation to resource groups and subscriptions.

A resource group is a logical container for resources that share a common lifecycle, purpose, or administrative boundary. For example, all resources for a single application might be placed in one resource group so they can be deployed, monitored, and removed together. Resource groups are not billing accounts. They are organizational containers. Questions often test whether you understand that resources in a resource group can be different types and that a resource group helps with management and organization.

A subscription is primarily a billing and access boundary. It helps separate environments, departments, or projects for cost management and administration. If the exam asks how to separate billing for different business units, subscription is often the best answer. A management group sits above subscriptions and is used to apply governance consistently across multiple subscriptions. This is especially important in larger organizations.

Exam Tip: If the question mentions grouping related resources for deployment or lifecycle management, choose resource group. If it mentions billing, quotas, or separating administrative boundaries across larger scopes, think subscription. If it mentions applying policy across several subscriptions, think management group.

One common trap is believing a resource can belong to multiple resource groups. It cannot. Another trap is assuming all resources in a resource group must be in the same region. Resource groups are logical containers, so resources can exist in different regions, even though the metadata for the resource group itself is stored in a specific location. AZ-900 does not usually require deep implementation details, but it does test whether you understand which Azure construct solves which management problem. Keep the hierarchy clear: management groups at the top, subscriptions below them, resource groups within subscriptions, and resources inside resource groups.

Section 3.5: Describe Azure datacenters, geographies, and resiliency concepts

To answer Azure architecture questions accurately, you must distinguish between physical infrastructure and organizational terms. Azure datacenters are the physical facilities that house servers, storage, and networking hardware. Customers do not usually choose a datacenter directly. Instead, they select a region, and Azure operates the datacenter infrastructure behind that region. A geography is a broader market boundary that typically contains one or more regions and is designed to address data residency, compliance, and customer needs at a larger scale.

Resiliency concepts on AZ-900 are foundational rather than deeply architectural. You should recognize that redundancy can exist within a datacenter, across datacenters in a region, across availability zones, and across regions. The broader the redundancy scope, the more resilient the solution can become against larger failures. However, the exam is not asking you to design enterprise disaster recovery plans. It is testing whether you can identify which Azure infrastructure concept aligns with a stated availability or continuity requirement.

Reliability and high availability are often mentioned alongside these concepts. Reliability means the system can recover from failures and continue to operate as expected. High availability means minimizing downtime. In Azure terms, deploying across multiple availability zones can help improve availability against datacenter-level incidents. Deploying across regions can help support disaster recovery for wider regional outages.

Exam Tip: If the wording includes compliance, data residency, or market boundary language, pay attention to geography and region terms. If the wording focuses on continuity during infrastructure failures, focus on zones, paired regions, or multi-region deployment.

A common trap is selecting a geography when the question really asks where workloads are deployed. Workloads are deployed to regions, not geographies. Another trap is assuming resiliency is automatic in every design. Azure provides resilient options, but the architecture choices still matter. At the fundamentals level, your job is to recognize the role each infrastructure layer plays in supporting availability, governance, and global reach.

Section 3.6: Mixed practice set covering Describe cloud concepts and Describe Azure architecture and services

When you review mixed AZ-900 scenarios, your first task is to identify the category of the question before evaluating the options. Ask yourself: is this a service model question, a pricing and responsibility question, an infrastructure resiliency question, or a resource organization question? This step alone eliminates many wrong answers. For example, if a scenario says a company wants employees to use email and collaboration tools without managing infrastructure, you are in SaaS territory, not in region or subscription territory. If the scenario says a company wants separate billing for development and production environments, you are likely dealing with subscriptions.

Another useful strategy is to locate the deciding clue. If the clue is “developers deploy code without managing the operating system,” the answer pattern is PaaS. If the clue is “must maintain administrative control over the OS,” the answer pattern is IaaS. If the clue is “protect against the failure of an individual datacenter,” the answer pattern is availability zones. If the clue is “organize all resources for one application together,” the answer pattern is resource group.

Exam Tip: On mixed questions, avoid reading all answer choices as equally broad cloud terms. Many wrong options are true statements about Azure, but only one addresses the exact requirement in the prompt. Precision matters more than general correctness.

Common traps in mixed sets include confusing subscriptions with resource groups, confusing regions with availability zones, and choosing IaaS when the scenario clearly emphasizes reduced management overhead. Also watch for distractors built around impressive-sounding words such as “global,” “automatic,” or “secure.” Those words do not determine the answer by themselves. The best answer is the one aligned to the specific exam objective being tested.

Your chapter takeaway should be practical: classify cloud services by who manages what, classify Azure infrastructure by physical scope and resiliency role, and classify Azure organization by management and billing purpose. Those three habits form a strong decision framework for AZ-900. If you can apply that framework consistently, scenario-based items become much easier to solve, even when the wording is unfamiliar.

Section 4.1: Describe Azure compute services: virtual machines, containers, App Service, and virtual desktop

Azure compute services are central to the AZ-900 exam because they represent different ways to run workloads in the cloud. The test objective is not to make you an engineer who deploys each service, but to help you identify which compute model matches a stated business need. The most common services tested are Azure Virtual Machines, Azure Containers, Azure App Service, and Azure Virtual Desktop.

Azure Virtual Machines are an Infrastructure as a Service option. They provide the highest level of control among the commonly tested compute services because the customer manages the operating system, installed software, patches to the guest OS, and many configuration choices. If a scenario says a company must run a custom application on Windows Server or Linux and needs administrative access, virtual machines are usually the right answer. A common trap is choosing App Service when the requirement clearly says full OS control is needed.

Containers package an application and its dependencies together for consistent deployment. On AZ-900, you do not need deep Kubernetes knowledge. You mainly need to know that containers are lighter weight than full virtual machines and are useful for rapidly deploying portable applications. If the question mentions microservices, portability, fast startup, or consistent execution across environments, containers are a strong clue. Azure Kubernetes Service may appear, but the exam focus is still conceptual: containers help run applications efficiently without managing full guest operating systems for each instance.

Azure App Service is a Platform as a Service offering for hosting web apps, mobile app back ends, and APIs. It is one of the most tested examples of PaaS. If a business wants to deploy a web application quickly and avoid server management, App Service is usually the best fit. The exam often contrasts virtual machines with App Service. The distinction is simple: VMs give you infrastructure control; App Service gives you a managed platform for application hosting.

Azure Virtual Desktop provides desktop and app virtualization. If users need to access Windows desktops and applications remotely from many devices, Azure Virtual Desktop is the likely answer. Do not confuse it with virtual machines used as servers. The exam may describe remote work, centralized desktop delivery, or secure access to desktop environments from home or branch offices.

Exam Tip: Match the wording carefully. “Manage the OS” points to virtual machines. “Host a web app without managing servers” points to App Service. “Portable app packaging” points to containers. “Remote desktop experience” points to Azure Virtual Desktop.

• Virtual Machines = most control, IaaS, customer manages OS
• Containers = lightweight application packaging and deployment
• App Service = managed web and API hosting, PaaS
• Azure Virtual Desktop = cloud-hosted desktop and app delivery

The exam tests recognition more than implementation. Your goal is to identify the key service purpose quickly and avoid being distracted by extra technical wording in the scenario.

Section 4.2: Describe Azure networking services: virtual network, load balancer, VPN gateway, ExpressRoute, and DNS

Networking is another core AZ-900 area, and the exam usually focuses on whether you understand what each service connects, routes, balances, or resolves. The foundational concept is the Azure virtual network, commonly called a VNet. A VNet is the basic private network boundary for Azure resources. Virtual machines and other resources can communicate securely within a VNet, and the VNet can also connect to on-premises environments. If the question asks for private communication between Azure resources, think virtual network first.

Azure Load Balancer distributes traffic across multiple resources to improve availability and performance. On the exam, this is usually tested in simple terms: if an application is running on multiple virtual machines and traffic must be spread across them, Load Balancer is the likely answer. The trap is confusing load balancing with private connectivity. Load Balancer manages traffic distribution; it does not replace VPN Gateway or ExpressRoute.

VPN Gateway connects an on-premises network to Azure over the public internet using encrypted tunnels. This is ideal for hybrid connectivity when internet-based secure communication is acceptable. ExpressRoute, in contrast, provides a dedicated private connection between on-premises infrastructure and Microsoft cloud services. A classic AZ-900 distinction is public internet versus private dedicated link. If the requirement says “without traversing the public internet,” the answer is typically ExpressRoute, not VPN Gateway.

Azure DNS hosts DNS domains and provides name resolution using Azure infrastructure. It is important to understand that DNS resolves names to IP addresses; it does not provide connectivity by itself. This is a frequent trap. If the requirement is to translate a domain name into an IP address, Azure DNS is relevant. If the requirement is to establish communication between networks, DNS is not the right answer.

Exam Tip: Watch for the phrase “dedicated private connection.” That wording strongly signals ExpressRoute. If the wording says “encrypted connection over the internet,” that points to VPN Gateway.

• Virtual Network = private network for Azure resources
• Load Balancer = distributes traffic across resources
• VPN Gateway = secure hybrid connectivity over the public internet
• ExpressRoute = private dedicated connection to Azure
• Azure DNS = domain hosting and name resolution

What the exam really tests is whether you can separate networking functions into categories: internal networking, traffic distribution, hybrid connectivity, private dedicated connectivity, and name resolution. If you classify the requirement correctly, the right answer becomes much easier to spot.

Section 4.3: Describe Azure storage services: blob, disk, file, archive, and redundancy options

Azure storage questions on AZ-900 typically test storage type selection and basic redundancy awareness. You should know the difference between blob storage, disk storage, and file storage, as well as the role of archive access tiers and redundancy choices. The exam often describes a simple business need and expects you to map it to the correct storage service.

Azure Blob Storage is designed for massive amounts of unstructured data, such as documents, images, backups, logs, video, and data for analytics. If a scenario references object storage or very large quantities of non-relational content, blob storage is usually correct. Azure Disk Storage, on the other hand, provides persistent disks for Azure virtual machines. If a workload needs storage attached to a VM operating system or application running on a VM, disk storage is the better match. Azure Files offers managed file shares accessible via common protocols, which is useful when multiple systems need shared file access.

The archive tier is important as a cost concept. If data is rarely accessed but must be retained long term at low cost, archive storage is often the answer. A common trap is choosing archive when the scenario requires frequent access. Archive is optimized for low cost, not fast retrieval.

Redundancy options are also tested at a foundational level. You are not expected to master every technical detail, but you should understand that redundancy improves durability and availability of data. Locally redundant storage keeps copies within one datacenter. Zone-redundant storage spreads copies across availability zones in a region. Geographically redundant options replicate to another region. If a scenario emphasizes resilience against regional failure, answers with geo-redundancy should stand out.

Exam Tip: Separate “type of data” from “how resilient it must be.” Blob, disk, and file describe the storage type. LRS, ZRS, GRS, and similar terms describe redundancy and durability strategy.

• Blob Storage = unstructured object data
• Disk Storage = persistent disks for virtual machines
• Azure Files = managed shared file storage
• Archive tier = low-cost storage for rarely accessed data
• Redundancy options = data protection across one site, zones, or regions

The exam is testing practical selection, not architecture design at expert level. Read for clues like “shared file access,” “VM disk,” “rarely accessed,” or “regional outage protection,” and map each phrase to the correct service or redundancy model.

Section 4.4: Describe Azure database and analytics services commonly tested on AZ-900

AZ-900 introduces database and analytics services at a high level, mainly to ensure that you can distinguish relational, non-relational, and analytics-focused solutions. The most frequently discussed services include Azure SQL Database, Azure Database for MySQL or PostgreSQL, Azure Cosmos DB, and analytics offerings such as Azure Synapse Analytics. At this level, the exam is not asking for query syntax or performance tuning. It is asking what kind of service fits what kind of data problem.

Azure SQL Database is a managed relational database service. If a scenario describes structured data with tables, rows, columns, and SQL-based applications, Azure SQL Database is often the expected choice. Managed database services reduce administrative overhead compared to self-managed database software on virtual machines, which is a distinction Microsoft likes to test. If the business wants a relational database without managing the underlying infrastructure, a managed service is the likely answer.

Azure Cosmos DB is commonly presented as a globally distributed, highly scalable non-relational database. If the question mentions low-latency access, flexible data models, or global distribution, Cosmos DB is a strong clue. A trap here is selecting SQL Database simply because the business stores “data.” You must identify whether the workload is relational or non-relational and whether global distribution matters.

Analytics services such as Azure Synapse Analytics are generally used when the goal is to analyze large volumes of data for business insights. The exam may not go deep, but it may ask you to identify which service is intended for analytics rather than transactional storage. Transaction processing and analytical processing are different needs. If the scenario is about reporting, trends, business intelligence, or analyzing large datasets, analytics services should stand out.

Exam Tip: Ask whether the data is transactional or analytical, and whether it is relational or non-relational. Those two distinctions often eliminate most wrong answers immediately.

• Azure SQL Database = managed relational database
• Azure Database for MySQL/PostgreSQL = managed open-source relational options
• Azure Cosmos DB = non-relational, globally distributed database
• Azure Synapse Analytics = large-scale analytics and insight generation

The exam objective is basic service recognition. The right answer usually comes from identifying the data pattern, not from remembering deep feature lists.

Section 4.5: Describe identity, access, and security basics with Microsoft Entra ID

Identity is a high-value topic on AZ-900 because it connects directly to authentication, authorization, and secure access in Azure. Microsoft Entra ID, formerly Azure Active Directory, is the core cloud identity service you need to understand. On the exam, you should know that Microsoft Entra ID helps manage user identities, sign-ins, and access to applications and resources. A very common test objective is distinguishing identity management from subscription management or from network security services.

Authentication verifies who a user is. Authorization determines what that authenticated user can do. These terms appear frequently in cloud fundamentals exams. If a scenario says users need to sign in to cloud applications, that is an identity and authentication clue. If it says certain users should have permissions to manage resources while others should only view them, that is an authorization clue. Microsoft Entra ID supports identity, while Azure role-based access control is used to assign permissions to Azure resources.

The exam also expects basic awareness of security-enhancing capabilities such as multifactor authentication, single sign-on, and conditional access at a conceptual level. Multifactor authentication improves security by requiring more than one verification method. Single sign-on allows a user to sign in once and access multiple applications. These are often used as straightforward recognition items rather than deep design topics.

A common trap is confusing Microsoft Entra ID with on-premises Active Directory Domain Services. They are related concepts but not identical services. The exam may include both names in answer choices to see whether you understand that Microsoft Entra ID is the cloud identity platform. Another trap is assuming identity services provide network connectivity or data storage. They do not. Their role is centered on users, groups, authentication, and access control.

Exam Tip: If the requirement involves sign-in, user identities, application access, or directory-based access control, start with Microsoft Entra ID. If the requirement is specifically about what actions a user can perform on Azure resources, think role-based access control together with identity.

• Authentication = prove identity
• Authorization = determine permissions
• Microsoft Entra ID = cloud identity and access foundation
• MFA = stronger sign-in security
• SSO = one sign-in for multiple apps

The exam tests whether you can connect everyday security needs to the correct foundational Azure identity service. Keep the concepts simple and role-focused.

Section 4.6: Domain practice set for Describe Azure architecture and services with detailed rationales

This final section is about how to think through AZ-900 service-selection items in the architecture and services domain. Rather than memorizing isolated facts, train yourself to extract the requirement keywords, classify the service category, eliminate distractors, and justify the best match. That is exactly how top scorers approach foundational certification exams.

Start with compute scenarios. If the requirement includes custom operating system control, legacy server software, or administrator access, lean toward virtual machines. If it emphasizes web app hosting without server maintenance, App Service is a better fit. If it highlights lightweight deployment, portability, or microservices, containers are stronger. If end users need full desktop experiences from the cloud, Azure Virtual Desktop becomes the likely solution. The rationale should always come back to control level and workload style.

For networking scenarios, identify whether the need is internal communication, traffic distribution, secure internet-based connectivity, private dedicated connectivity, or name resolution. Virtual Network supports private communication between Azure resources. Load Balancer distributes traffic across endpoints. VPN Gateway provides encrypted connectivity over the internet. ExpressRoute provides private dedicated connectivity. DNS resolves names. Many wrong answers sound technical, but only one matches the network function being requested.

For storage and data scenarios, determine the storage pattern before looking at redundancy. Unstructured content suggests blob storage. Shared file access suggests Azure Files. VM-attached storage suggests managed disks. Rarely accessed retained data suggests archive storage. Then look at resilience needs: local, zone, or geo redundancy. This two-step reasoning helps avoid one of the most common exam traps, where a candidate selects a redundancy option but ignores the wrong storage type.

For database and identity items, keep the purpose front and center. Structured relational app data points to Azure SQL Database or another managed relational service. Flexible, globally distributed non-relational data points to Cosmos DB. Business insight and large-scale reporting point to analytics services. User sign-in and identity governance point to Microsoft Entra ID. Azure permissions point to authorization concepts such as role-based access control.

Exam Tip: When stuck between two answers, choose the option that most directly and simply satisfies the stated requirement. AZ-900 usually rewards the most appropriate foundational service, not the most complex or specialized one.

Finally, remember what this domain is really measuring: Can you recognize the main Azure building blocks and choose them correctly in beginner business scenarios? If you can consistently identify the service family, map the keywords, and avoid category confusion, you will perform well in this section of the exam.

Section 5.1: Describe factors that can affect costs in Azure and cost optimization basics

Cost questions on AZ-900 usually test whether you understand why Azure bills can vary and which tools help you plan or control spending. Azure uses consumption-based pricing for many services, meaning you typically pay for what you use. However, the exam expects more than that simple phrase. Costs can be affected by resource type, usage volume, region, pricing tier, outbound network traffic, storage capacity, and how long resources remain deployed.

For example, a virtual machine left running continuously costs more than one stopped when not needed. Premium storage generally costs more than standard storage. Certain regions may have different prices for the same resource. Bandwidth charges can matter, especially for outbound data transfer. On the exam, if a scenario asks what changes the monthly bill, think about consumption, performance tier, and location first.

Azure provides tools to estimate and monitor spending. The Pricing Calculator is used before deployment to estimate expected costs. Cost Management helps analyze spending trends, identify high-cost resources, and support budget planning after resources exist. A classic trap is confusing a planning tool with an operational analysis tool. The Pricing Calculator estimates future cost; Cost Management tracks and evaluates actual or forecasted spending.

Basic optimization ideas are fair game for AZ-900. These include right-sizing services, deleting unused resources, shutting down unneeded compute, choosing appropriate pricing tiers, and applying governance practices to reduce waste. Reservations and savings options may be mentioned at a high level, but the exam focus is usually on understanding that committing to certain usage patterns can lower costs compared with pure pay-as-you-go for predictable workloads.

• Use estimates before deployment.
• Monitor actual usage after deployment.
• Remove idle resources to avoid unnecessary charges.
• Match service tier to business need.
• Use budgets and reviews to keep spending visible.

Exam Tip: If a question asks which factor does not usually affect cost, be careful. Governance tools like resource locks do not directly reduce pricing, even though they protect resources. Tags help organize cost reporting but do not themselves make services cheaper.

What the exam is really testing here is whether you understand that cloud cost control is active, not automatic. Azure gives flexibility, but flexibility can increase spending if resources are oversized or forgotten. Choose answers tied to visibility, planning, and resource discipline.

Section 5.2: Describe Service Level Agreements and service lifecycle concepts

Service Level Agreements, or SLAs, define Microsoft’s uptime commitment for Azure services. On AZ-900, you are expected to understand SLAs conceptually, not memorize every percentage. An SLA is usually expressed as a percentage of uptime over a period, such as 99.9 percent. Higher percentages generally mean less allowable downtime. The exam may ask you to identify that an SLA represents expected availability, not performance speed, security level, or feature completeness.

A common exam trap is assuming that combining services always keeps the same SLA. In practice, overall solution availability depends on the architecture. If you build a workload with multiple components, total availability is influenced by how those components interact. Another important point is that deploying redundant resources across availability zones or regions can support higher availability than a single-instance design.

You should also know basic service lifecycle terms. Public preview means a feature is available for testing and evaluation, but it may have limited support or reduced guarantees compared with general availability. General availability, often abbreviated GA, means the service is fully released for production use. Questions may test whether a preview feature is appropriate for mission-critical workloads. Usually, GA is the safer answer for production.

Microsoft may also retire or deprecate services and features. Retirement means the service will no longer be supported after a stated date. At the AZ-900 level, the main lesson is that cloud services evolve over time, and organizations must track lifecycle announcements to avoid operational or compliance issues.

• SLA = uptime commitment.
• Higher SLA means less downtime allowed.
• Redundancy can improve solution availability.
• Preview is for early access, not ideal for critical production use.
• GA is the standard production-ready lifecycle stage.

Exam Tip: If the scenario emphasizes guaranteed availability for a business-critical application, eliminate answers involving preview offerings unless the question specifically asks about testing new capabilities.

The exam often tests whether you can separate availability promises from governance or cost concepts. SLA is about service uptime. Azure Policy is about enforcement. Cost Management is about spending. Keep those roles distinct and you will avoid several common wrong-answer choices.

Section 5.3: Describe Azure management tools: portal, Cloud Shell, Azure CLI, and Azure PowerShell

Azure offers multiple management interfaces, and AZ-900 often tests your ability to match the tool to the user need. The Azure portal is the web-based graphical interface for creating, configuring, and monitoring resources. It is the easiest starting point for beginners and is often the best answer when a question mentions a visual interface or point-and-click administration.

Cloud Shell is a browser-accessible shell environment available from the Azure portal. It lets you run commands without installing local tools. Cloud Shell supports both Azure CLI and Azure PowerShell, which is an important exam detail. If a question asks how to run command-line Azure management tools directly from a browser, Cloud Shell is the correct choice.

Azure CLI is a cross-platform command-line tool suited for scripting and automation, especially in Bash-style environments. Azure PowerShell provides Azure management through PowerShell cmdlets and is especially familiar to administrators already working in PowerShell ecosystems. On the exam, the distinction is usually not about one being more powerful than the other; it is about which style or environment is being used.

A common trap is choosing Cloud Shell when the real answer is Azure CLI or Azure PowerShell. Remember: Cloud Shell is the hosted environment, while CLI and PowerShell are the command tools you can run locally or inside Cloud Shell. Another trap is thinking the portal is only for simple tasks. In fact, many Azure resources can be fully managed through the portal, although automation often uses command-line tools or templates.

• Azure portal: graphical web interface.
• Cloud Shell: browser-based shell environment.
• Azure CLI: command-line management, cross-platform.
• Azure PowerShell: Azure management with PowerShell cmdlets.

Exam Tip: Watch for wording. “Without local installation” points to Cloud Shell. “Graphical interface” points to the portal. “Script commands in a cross-platform way” often points to Azure CLI. “Use PowerShell cmdlets” points to Azure PowerShell.

What the exam is testing is tool recognition, not syntax knowledge. You do not need to memorize commands. You do need to identify which management path best fits browser access, scripting, automation, or GUI-based administration.

Section 5.4: Describe infrastructure as code and deployment tools: ARM templates and Bicep overview

Infrastructure as code, often abbreviated IaC, means defining infrastructure in files so deployments are repeatable, consistent, and automatable. This is an important management and governance concept because it reduces manual errors and helps standardize environments. On AZ-900, you are expected to understand the purpose of ARM templates and Bicep at a high level.

ARM templates are JSON-based files used to declare Azure resources and configurations. They allow you to deploy infrastructure in a consistent way across environments. If a question asks how to repeatedly deploy the same solution with the same settings, ARM templates are a strong answer. They support declarative deployment, meaning you define the desired end state rather than listing every manual step.

Bicep is a newer, more readable language that simplifies authoring ARM-based deployments. It is easier to write than raw JSON and compiles to ARM templates. For the exam, understand that Bicep is not a separate competing platform; it is a more user-friendly way to define Azure deployments that still works with Azure Resource Manager.

A common trap is confusing IaC tools with governance tools. ARM templates and Bicep deploy resources; Azure Policy governs what is allowed or required. Another trap is assuming templates are primarily for monitoring. They are for provisioning and consistent deployment, not for tracking resource health.

Benefits of IaC that may appear in exam scenarios include repeatability, reduced configuration drift, standardized environments, and easier automation in development, test, and production. These are especially useful when an organization wants consistency across many subscriptions or resource groups.

• ARM templates use JSON.
• Bicep is easier to author and compiles to ARM templates.
• IaC improves consistency and repeatability.
• Declarative deployment describes the desired state.

Exam Tip: If the question focuses on deploying the same environment multiple times with fewer manual errors, think ARM templates or Bicep. If it focuses on enforcing compliance after deployment, think Azure Policy instead.

The exam is testing your understanding that modern Azure administration includes automation and standardization. Even at the fundamentals level, you should recognize that manual portal configuration is not the only deployment method and often not the best one for repeatable environments.

Section 5.5: Describe governance and compliance features: Azure Policy, resource locks, tags, Microsoft Purview, and Azure Arc

This section is heavily tested because many services sound similar. Azure Policy is used to enforce organizational standards and assess compliance across resources. For example, a policy can require specific tags, restrict allowed locations, or deny creation of certain resource types. On the exam, if the scenario is about enforcing rules automatically, Azure Policy is usually the answer.

Resource locks protect resources from accidental changes. A CanNotDelete lock prevents deletion, while a ReadOnly lock prevents modifications. These are useful safeguards, but they are not the same as policy enforcement. A frequent trap is selecting resource locks when the question asks about ensuring future resources meet standards. Locks protect existing resources; Policy defines allowed conditions and can evaluate compliance.

Tags are name-value pairs applied to resources for organization. They commonly support cost reporting, ownership tracking, environment labeling, and operational filtering. Tags themselves do not enforce behavior unless combined with Azure Policy. Be careful here: tags organize, policies enforce, and locks protect.

Microsoft Purview is associated with data governance, data cataloging, and compliance visibility across data estates. At the AZ-900 level, know that it helps organizations discover, classify, and manage data. Azure Arc extends Azure management capabilities to resources outside Azure, such as on-premises servers or resources in other cloud environments. If the exam asks how to manage hybrid or multicloud resources from Azure, Azure Arc is the key term.

• Azure Policy: enforce standards and evaluate compliance.
• Resource locks: prevent accidental deletion or modification.
• Tags: organize resources and support reporting.
• Microsoft Purview: data governance and compliance visibility.
• Azure Arc: manage resources beyond Azure in a unified way.

Exam Tip: The words in the scenario matter. “Enforce,” “deny,” or “require” usually suggest Azure Policy. “Prevent deletion” suggests resource locks. “Categorize by department” suggests tags. “Hybrid management” suggests Azure Arc. “Data estate governance” suggests Microsoft Purview.

What the exam really measures here is your ability to classify governance tools by function. If you memorize one clean phrase for each service, you can answer most governance questions quickly and confidently.

Section 5.6: Domain practice set for Describe Azure management and governance with exam-style explanations

As you review this objective domain, focus less on memorizing isolated definitions and more on recognizing decision patterns. AZ-900 management and governance questions typically begin with a business goal: reduce cost, enforce standards, protect resources, deploy consistently, or manage hybrid assets. Your job is to map that goal to the correct Azure capability.

For cost-related scenarios, identify whether the need is estimation or ongoing analysis. Estimation before implementation points to the Pricing Calculator. Ongoing visibility into spending points to Cost Management. If the scenario includes waste reduction, think about right-sizing, deleting unused resources, and governance practices that improve accountability through tags or policy.

For availability questions, remember that SLA means uptime commitment. If a solution needs stronger availability, look for redundancy or architecture choices rather than unrelated governance tools. Do not confuse SLA with backup, monitoring, or security. The exam often includes tempting distractors that are useful services, but not relevant to the specific requirement being asked.

For management tools, ask whether the scenario emphasizes graphical access, browser-based shell use, or scripting style. Portal equals GUI. Cloud Shell equals browser-hosted command environment. Azure CLI equals command-line cross-platform management. Azure PowerShell equals PowerShell-based administration. If you classify the access method first, the correct answer becomes obvious.

For deployment questions, repeatability and consistency suggest infrastructure as code. ARM templates and Bicep both fit that idea, with Bicep serving as a simpler authoring experience. For governance questions, separate organization, enforcement, and protection: tags organize, Azure Policy enforces, and resource locks protect.

Exam Tip: When stuck between two answers, ask which one acts before a bad deployment versus which one helps after deployment. Azure Policy can prevent or audit noncompliant resources. Cost Management helps you analyze spending after resources are in use. Locks stop accidental changes to existing resources.

One final strategy for this domain: watch for broad wording such as “most appropriate,” “best tool,” or “primarily used for.” Microsoft often includes answer choices that are technically related to Azure management but not the best fit. The winning answer is the one whose primary purpose most directly matches the requirement. If you think in terms of primary purpose instead of loose association, you will avoid many classic AZ-900 traps.

Section 6.1: Full-length mock exam covering Describe cloud concepts

This first full-length mock segment mirrors the part of AZ-900 that tests your foundational understanding of cloud computing itself. In Mock Exam Part 1, many candidates perform well on straightforward definitions but lose points when the exam shifts to applied wording. For example, learners may know the definitions of public cloud, private cloud, and hybrid cloud, yet still miss a scenario because they focus on where a server is located instead of how resources are managed and connected. The exam wants conceptual clarity, not vague familiarity.

When reviewing cloud concepts, organize the domain into five repeatable buckets: deployment models, service models, shared responsibility, pricing, and cloud benefits. This structure helps you classify the question before you even look at the answer choices. If the scenario mentions control over hardware and operating systems, you are probably in shared responsibility or IaaS territory. If it emphasizes rapid app development without managing infrastructure, think PaaS. If it describes complete software delivery to end users, SaaS is likely the best fit.

Common exam traps in this domain include confusing scalability with elasticity, reliability with availability, and capital expenditure with operational expenditure. Scalability is about adjusting resources to handle demand; elasticity emphasizes automatic or dynamic adjustment as demand changes. High availability is about minimizing downtime, while reliability is about the system’s ability to recover and continue operating predictably. CapEx usually refers to upfront infrastructure purchases, while OpEx aligns with usage-based cloud spending. These are classic distinction questions on AZ-900.

Exam Tip: If a prompt highlights paying only for what is used, reducing upfront hardware investment, or shifting costs to ongoing usage, that is a direct signal for consumption-based pricing and OpEx thinking. Do not overcomplicate it by assuming the question is about a specific Azure pricing tool unless the wording clearly asks about cost management services.

The shared responsibility model is another high-yield topic. The exam frequently tests whether security and management responsibilities change based on IaaS, PaaS, or SaaS. A reliable strategy is to ask: who manages the lower layers? In IaaS, the customer manages more. In SaaS, Microsoft and the software provider manage far more of the stack. The test may not require technical stack diagrams, but it absolutely expects you to understand the shift in administrative responsibility as you move up the service model ladder.

Finally, cloud benefits questions often include multiple true statements, but only one answer best matches the prompt. If the scenario is about handling sudden traffic spikes, prioritize elasticity. If it is about having services in geographically distributed locations to reduce outage risk, think high availability and resiliency. If it is about enforcing standards, reducing risk, and ensuring organizational rules are followed, that points toward governance rather than security alone. In your mock review, score yourself not only by correct answers but also by whether you identified the tested concept quickly and accurately.

Section 6.2: Full-length mock exam covering Describe Azure architecture and services

This section corresponds to Mock Exam Part 2 and focuses on the AZ-900 objective area that asks you to describe Azure architecture and services. This is where foundational cloud knowledge becomes platform-specific. Microsoft expects you to recognize the role of regions, region pairs, availability zones, subscriptions, management groups, and resource groups, while also identifying what major compute and networking services are for. The exam is still beginner level, but the wording can be precise enough to expose uncertainty about service purpose.

Start with architecture. Regions are geographic areas containing one or more datacenters. Availability zones are separate physical locations within an Azure region that improve resiliency. Resource groups are logical containers for Azure resources. Subscriptions define billing and access boundaries. These ideas are often tested through scenarios that ask what to use for organization, isolation, or resilience. A common trap is choosing resource groups when the question is really about billing separation, which points to subscriptions instead.

Compute and networking services must also be clearly separated in your mind. Virtual Machines are Azure’s IaaS compute option when you need operating system control. Containers package applications more lightly and are useful for portability and fast deployment. Virtual Networks provide private communication in Azure. VPN connects networks securely over the public internet, while ExpressRoute provides a private dedicated connection to Azure. Azure DNS handles domain name resolution. These are all objective-aligned topics, and the exam typically tests them through business needs rather than technical configuration details.

Exam Tip: Watch for trigger phrases. “Lift and shift” often suggests Virtual Machines. “Managed platform for application deployment” usually points toward PaaS services. “Private dedicated connectivity” should immediately make you think ExpressRoute, not VPN. “Resolve names to IP addresses” is DNS. Train yourself to map phrase to service quickly.

One frequent distractor pattern is to offer a real Azure service that is useful but too broad or too narrow for the requirement. For instance, if the scenario needs logical grouping for lifecycle management, resource groups fit better than subscriptions. If the scenario requires fault isolation within a region, availability zones are stronger than simply selecting a region. If the requirement is application hosting without managing the underlying OS, a platform service may be better than a VM, even if a VM could technically run the application.

In your full mock analysis, do not just note that you missed an Azure service question. Label the reason: architecture confusion, service-purpose confusion, or keyword misread. That level of diagnosis is essential because AZ-900 does not test implementation commands; it tests whether you can identify what Azure component solves which type of business need. Once you can separate architecture terms from service terms and compute choices from network choices, your performance in this domain usually rises quickly.

Section 6.3: Full-length mock exam covering Describe Azure management and governance

Management and governance is a domain where many beginners underestimate the exam. They often think governance is advanced administration, but AZ-900 tests it at a conceptual level because it is central to cloud adoption. You are expected to understand why organizations need tools and structures to control cost, enforce standards, assign access, and monitor compliance. This means your mock exam should not only cover service names, but also the purpose behind Azure’s management features.

At this level, focus on the distinction between organizing resources, controlling access, enforcing rules, and tracking spend. Resource groups and subscriptions help organize and separate resources. Governance concepts include policy enforcement and standardization. Cost management focuses on visibility, budgeting, and usage awareness. Role-based access control is about assigning permissions according to job function. If you blur these categories, distractors become much harder to eliminate.

Exam questions in this area often ask which Azure feature would help a company remain compliant with internal standards, prevent deployment of nonapproved resource types, or keep spending under control. The trap is that several tools may support part of the objective. For example, tags help classify resources, but they do not by themselves enforce deployment restrictions. Budgets help track cost, but they do not grant or remove permissions. The exam rewards selecting the tool whose primary purpose directly matches the stated need.

Exam Tip: Governance questions usually contain words like enforce, standardize, require, prevent, audit, organize, or assign. Cost questions use terms like monitor, budget, estimate, reduce, or optimize. Security and identity questions focus on access, authentication, and authorization. Separate these word families as you read.

This section is also where your Weak Spot Analysis becomes valuable. If you miss management and governance items, ask whether the issue came from service-name confusion or from misunderstanding organizational scope. Many candidates know that subscriptions matter, but they fail to remember that subscriptions are important for billing boundaries. Others know resource groups hold resources, but they use them as answers for governance enforcement questions that are actually about policy. The exam often checks whether you understand what each layer is for, not just what it is called.

As part of your mock preparation, summarize governance using simple mental statements: organize with resource groups and subscriptions, control access with roles, monitor cost with cost tools, and enforce standards with governance controls. This kind of compact review helps under time pressure. AZ-900 management questions are very manageable when you avoid overthinking and match the problem to the primary function of the Azure feature being tested.

Section 6.4: Detailed answer review and distractor breakdown

The most important part of a mock exam is not the score report. It is the quality of your review. A Weak Spot Analysis should classify every missed item into one of four categories: did not know, partially knew but confused terms, changed from right to wrong, or misread the question. This is how serious exam coaching turns practice into measurable improvement. If you only reread the correct answer, you will repeat the same error pattern.

Distractors on AZ-900 are usually plausible because they are connected to the same broad topic. For example, if the question is about reducing downtime within a region, a distractor may offer a general Azure region concept when the more precise answer is availability zones. If the prompt asks about a private dedicated network connection, VPN is a tempting distractor because it is also used for connectivity, but ExpressRoute is the stronger answer because it matches the dedicated private connection requirement. The exam is not trying to trick you unfairly; it is testing whether you can choose the best fit among related cloud concepts.

During review, rewrite the logic of the question in one sentence. Ask yourself: what exact requirement was tested? Then explain why each wrong option was wrong. This matters because many AZ-900 misses happen when candidates can explain why the right answer is right, but cannot explain why the others are wrong. On the real exam, elimination is often the fastest path to confidence.

Exam Tip: If you are between two answers, compare scope and precision. One option is often technically related, while the other is the direct solution. Choose the answer that matches the narrowest explicit requirement in the prompt.

Another useful review tactic is confidence tracking. Mark each answer as high, medium, or low confidence before checking results. If you got a question right with low confidence, that topic still needs review. If you got one wrong with high confidence, that is even more important because it indicates a misconception. Misconceptions are more dangerous than uncertainty on exam day because they feel correct and are harder to notice under time pressure.

Finally, look for wording traps: always, only, best, most cost-effective, fully managed, dedicated, and responsibility. These words often narrow the answer sharply. The chapter’s earlier mock sections gave you broad objective practice; this review section turns that practice into exam readiness by teaching you to see the exam writer’s logic. That is the difference between passive review and strategic preparation.

Section 6.5: Final revision plan by official exam objective

Your final revision should follow the official AZ-900 objective map rather than your personal preference. Many learners over-review the topics they enjoy and under-review the topics that actually produce mistakes. Build your last study cycle around the tested domains: cloud concepts, benefits of cloud services, cloud service types, Azure architecture and services, and Azure management and governance. This keeps revision aligned with how the exam is structured.

For cloud concepts, review definitions and contrasts: public versus private versus hybrid, CapEx versus OpEx, shared responsibility, and the ideas behind high availability, scalability, elasticity, reliability, predictability, security, and governance. For service types, rehearse IaaS, PaaS, and SaaS with scenario thinking rather than memorized lines. For Azure architecture, revisit regions, availability zones, subscriptions, resource groups, and the purpose of core architectural elements. For compute and networking, ensure you can identify when a scenario calls for VMs, containers, virtual networks, VPN, ExpressRoute, or DNS.

A practical final plan is to divide revision into short focused blocks. Spend one block reviewing notes, one block explaining the topic aloud in simple language, and one block doing targeted practice. If you cannot explain a term in one or two clear sentences, you probably do not know it well enough for AZ-900. Foundational exams reward clarity of understanding more than memorization volume.

• Day 1: Cloud concepts and cloud benefits.
• Day 2: IaaS, PaaS, SaaS and shared responsibility.
• Day 3: Azure architecture components.
• Day 4: Azure compute and networking services.
• Day 5: Management, governance, cost, and access concepts.
• Final day: Mixed review and confidence check.

Exam Tip: In the final 24 hours, stop trying to learn brand-new details. Focus on high-yield distinctions and error patterns from your Weak Spot Analysis. Last-minute cramming on obscure items usually adds stress and lowers recall of the basics that carry most of the score.

Also prepare a “must know cold” list: region versus availability zone, subscription versus resource group, VPN versus ExpressRoute, scalability versus elasticity, and IaaS versus PaaS versus SaaS. These distinction pairs account for a large share of beginner mistakes. If your review plan makes these automatic, your performance will become steadier across the whole exam.

Section 6.6: Exam day tips, confidence strategy, and next-step certification path

Your Exam Day Checklist should be simple and repeatable. Confirm your appointment time, identification requirements, and testing format well in advance. If testing online, check your room setup, internet stability, and system requirements before the exam window. If testing at a center, plan your route and arrival time. Administrative stress is one of the easiest ways to lose focus before the first question appears.

When the exam begins, start with calm pacing. AZ-900 is a fundamentals exam, so avoid rushing just because some questions look familiar. Read for scope words like best, most appropriate, dedicated, managed, or responsibility. These small words frequently determine the answer. If a question feels confusing, identify the domain first: is this cloud concept, architecture, compute, networking, or governance? Categorizing the question often reduces anxiety and helps you eliminate wrong choices faster.

Your confidence strategy should be deliberate. Answer what you know, mark uncertain items mentally for review if the platform allows, and do not let one difficult question affect the next one. Beginners often assume a hard question means they are failing. It does not. The exam naturally mixes easy and moderate items. What matters is consistent decision-making across the full set.

Exam Tip: Never change an answer unless you can clearly explain why your second choice is better. Many candidates lose points by overriding correct instincts with vague doubt. Change only when you identify a specific keyword or concept you missed on the first read.

After the exam, think about your next certification step. AZ-900 is a foundation, not an endpoint. If you enjoyed the infrastructure topics, a role-based Azure administrator path may be a natural next move. If governance, security, or identity topics were your strongest areas, consider a security-focused pathway. If data or AI concepts interest you later, Azure fundamentals can also support movement into those areas. The value of AZ-900 is that it gives you a vocabulary and mental framework for the broader Microsoft cloud ecosystem.

Finish this chapter with the right perspective. You do not need perfect memorization to pass AZ-900. You need clean fundamentals, careful reading, and smart elimination. Use the mock exam results, the distractor review, and the final revision plan to strengthen exactly what the exam measures. If you can identify the tested concept quickly, avoid the common traps, and stay composed on exam day, you will be well prepared to earn this certification and build from it.