AZ-900 Practice Test Bank: 200+ Qs with Answers

Section 1.1: AZ-900 Azure Fundamentals Exam Overview

AZ-900 is designed for candidates who want to demonstrate foundational knowledge of Microsoft Azure and cloud computing concepts. The target audience includes students, business stakeholders, career changers, entry-level IT professionals, and technical candidates preparing for more advanced Azure certifications. Microsoft does not require hands-on Azure administration experience for this exam, but basic familiarity with cloud ideas and Azure service categories is extremely helpful.

What the exam tests is not deep engineering skill. Instead, it focuses on recognition, classification, and basic interpretation. You should be able to describe cloud concepts such as high availability, scalability, elasticity, fault tolerance, and consumption-based pricing. You should also recognize core Azure architecture topics including regions, availability zones, resource groups, subscriptions, compute options, networking services, storage choices, and identity services like Microsoft Entra ID. In addition, the exam measures whether you understand management and governance topics such as cost management, service-level agreements, policy, role-based access control, resource locks, and compliance tools.

A common trap is assuming that because AZ-900 is introductory, studying definitions alone is enough. Microsoft often frames fundamentals as real-world decisions. For example, you may see a business requirement for reduced capital expenditure, rapid scaling, or centralized policy enforcement. The exam is really asking: do you understand which cloud principle or Azure service category matches that need?

Exam Tip: When reading an AZ-900 item, identify whether Microsoft is testing a concept, a service category, or a governance tool. Many wrong answers are from the correct broad topic but the wrong specific function.

Another trap is overcomplicating the answer. Fundamentals exams usually reward simple mappings. If the need is identity and authentication, think identity service first. If the need is organizing related resources, think resource groups. If the need is controlling access based on job role, think RBAC. Always ask what core objective is being measured.

As you begin this course, think of AZ-900 as a vocabulary-and-logic exam. Vocabulary helps you recognize services and features. Logic helps you choose the best answer when more than one option sounds reasonable. Your goal in the early phase of study is to become comfortable enough with Azure language that the answer choices stop looking interchangeable.

Section 1.2: Microsoft Registration Process and Scheduling Basics

Before you can pass the exam, you need to understand the logistics of taking it. Microsoft certification exams are typically scheduled through Microsoft’s certification portal with an authorized exam delivery provider. The exact interface can change over time, but the process generally includes signing in with a Microsoft account, selecting the exam, choosing a language if available, confirming your testing country or region, and selecting a delivery method. Candidates should review the current provider instructions directly from Microsoft because policies and scheduling workflows may be updated.

AZ-900 is commonly available in two delivery formats: at a test center or through online proctoring. A test center provides a controlled environment and often reduces technical stress. Online proctoring offers convenience but requires a reliable computer, camera, microphone, clean testing space, and successful pre-exam system checks. Candidates sometimes choose online delivery for convenience without considering room rules, identification requirements, internet stability, and check-in timing. Those details matter because policy violations or technical problems can disrupt your attempt.

Plan your scheduling strategically. Do not book the exam only because you feel pressure to “set a deadline.” Book it when your practice performance is trending consistently upward and your weak domains are narrowing. A good rule is to schedule once you have covered all objectives, completed multiple timed practice sets, and can explain why the correct answer is right and why the distractors are wrong.

Exam Tip: Choose your exam appointment based on when you perform best mentally. If you focus better in the morning during practice, do not schedule a late-evening exam out of convenience.

Also review exam-day rules in advance. Expect identity verification, arrival or check-in time requirements, and limits on personal items. For online exams, your workspace may need to be scanned. Candidates sometimes lose confidence before the first question because they are dealing with preventable administrative stress. Remove that risk early.

Finally, understand rescheduling and cancellation policies before booking. Life happens, but missing policy deadlines may result in fees or forfeiture. Treat the registration process as part of your exam strategy. Good scheduling supports good performance, and a calm, predictable exam day can improve accuracy just as much as an extra hour of last-minute cramming.

Section 1.3: Exam Format, Scoring Model, and Time Management

AZ-900 uses Microsoft-style assessment design, which means the exam may include standard multiple-choice items, multiple-response items, matching-style interactions, and scenario-oriented questions that ask for the best answer based on a short business description. Exact question counts and exam screen formats can vary, so rely on current Microsoft guidance for official details. What matters for preparation is recognizing that this is a best-answer exam, not just a fact-recall exam.

The passing score is commonly reported on a scaled score model rather than as a simple raw percentage. Candidates should understand that scaled scoring means not every question necessarily contributes in an obvious one-point-per-item way. Because of this, it is unwise to obsess over calculating your score during the exam. Your focus should be on maximizing correct decisions, especially on topics Microsoft emphasizes in the blueprint.

Time management on AZ-900 is usually generous for well-prepared candidates, but poor reading habits can create pressure. The most common pacing mistake is overthinking easy items and then rushing scenario-based questions later. Another mistake is failing to notice qualifier words such as most cost-effective, easiest to manage, or provides identity services. These qualifiers often separate two otherwise plausible answer choices.

Exam Tip: If two options seem correct, look again at the business requirement. Microsoft often rewards the option that minimizes effort, cost, or complexity while still meeting the stated need.

Use a disciplined process. First, identify the domain: cloud concept, Azure service, or governance topic. Second, isolate the requirement. Third, eliminate answers that belong to the wrong category. Fourth, select the option that most directly solves the problem. This approach is especially useful when distractors contain real Azure products used for different purposes.

Do not assume long questions are harder or worth more. On fundamentals exams, a longer scenario often just provides context. Stay calm, read actively, and avoid answer changes unless you discover a specific misread. First instincts are often reliable when they are based on studied concepts rather than guessing. Strong pacing comes from preparation, not speed alone.

Section 1.4: Official Exam Domains and Weighting Strategy

Your study plan should follow the official AZ-900 skills outline. While domain names and percentages may be adjusted by Microsoft over time, the exam consistently centers on three major areas: describe cloud concepts, describe Azure architecture and services, and describe Azure management and governance. These are not equal in depth, and some carry more exam weight than others. A smart candidate studies accordingly.

The cloud concepts domain covers foundational ideas such as cloud computing benefits, public/private/hybrid models, and consumption-based pricing. Although this section may feel basic, do not neglect it. Microsoft expects you to distinguish concepts that sound similar, such as scalability versus elasticity or capital expenditure versus operational expenditure. These are classic exam traps because candidates remember words but not the business meaning.

The Azure architecture and services domain is typically broad and heavily represented. Expect attention on regions, region pairs, availability zones, resource groups, subscriptions, compute services, virtual networking, storage options, and identity. This is where many candidates struggle because so many Azure terms are introduced at once. Your job is not to master configuration. Your job is to identify what service type does what.

The management and governance domain includes cost management, SLAs, service lifecycle awareness, Microsoft Cost Management tools, governance features such as Azure Policy, RBAC, locks, tags, and compliance-related concepts. The exam often tests whether you can distinguish tools that control access from tools that enforce standards or organize resources for reporting.

Exam Tip: Weighting strategy means you should spend more time on broad, high-yield domains, but never abandon low-weight objectives. Fundamentals exams often use easier points from smaller topics to separate passing from failing candidates.

A practical strategy is to map every study session to one official objective. If you cannot explain a topic in one or two clear sentences and identify a likely distractor, you are not exam-ready on that objective. Study by objective, test by objective, and then mix domains during review. That pattern builds recognition first and decision accuracy second.

Section 1.5: How to Use Practice Questions and Detailed Rationales

Practice questions are most valuable when they are used to diagnose thinking, not just to collect scores. This course includes a large bank because AZ-900 readiness depends on repeated exposure to Microsoft-style wording, domain shifts, and answer-choice traps. However, candidates often misuse practice material by memorizing the right letter or by retaking the same set until the score rises artificially. That is not readiness. Real readiness means you can justify the correct answer in your own words.

After each practice set, review every rationale, including questions you answered correctly. A correct answer reached for the wrong reason is still a weakness. Detailed rationales teach the exam logic behind why one answer is best and why the distractors are not. This is especially important in Azure Fundamentals because many incorrect options are still real Azure services. The rationale is what helps you distinguish “real product” from “correct fit.”

Track your mistakes by category. Did you confuse identity and governance? Did you miss pricing concepts? Did you choose a technically possible answer instead of the simplest service? Weakness patterns are more useful than isolated missed questions. Build a notebook or spreadsheet with columns for domain, concept, why you missed it, and what clue you should have recognized.

Exam Tip: When reviewing a missed item, ask three things: What objective was being tested? What word or phrase in the prompt pointed to the answer? What made the distractor tempting?

Use untimed practice first to learn. Then shift to timed sets to build pacing and concentration. Finally, complete full mock exams under realistic conditions. The purpose of a full mock is not just endurance. It is to test whether your accuracy survives domain switching, which is common on the real exam. If your score drops when topics are mixed, that usually means your understanding is still too dependent on context clues.

Practice banks are powerful only when combined with reflection. Every rationale should improve either your conceptual knowledge or your test-taking judgment. If it does neither, you are moving too fast.

Section 1.6: Beginner Study Plan, Review Cycles, and Exam Readiness

A beginner-friendly AZ-900 study plan should be simple, structured, and objective-based. Start by dividing your preparation into phases. In Phase 1, learn the blueprint and core vocabulary. In Phase 2, study each domain in order: cloud concepts first, Azure architecture and services second, and management and governance third. In Phase 3, begin mixed practice sets and targeted review. In Phase 4, complete full mock exams and final revision. This staged approach prevents the common beginner problem of jumping straight into hard practice questions without a framework.

Use short review cycles rather than one long cram session. For example, study a topic, review it the next day, test it later in the week, and revisit it again after mixed practice. This spacing improves retention and helps move Azure terms from short-term memory into recognizable exam knowledge. Beginners especially benefit from comparing similar concepts side by side: regions versus availability zones, policy versus RBAC, CapEx versus OpEx, scalability versus elasticity.

Your weekly plan should include three activities: learn, test, and analyze. Learning introduces the concept. Testing checks recall and recognition. Analysis turns mistakes into improved judgment. Without the third step, many candidates plateau. They keep practicing but do not become more accurate because they never study their reasoning errors.

Exam Tip: Do not schedule the exam based on how much content you have watched or read. Schedule it based on performance indicators: consistent practice scores, reduced repeat errors, and confidence explaining rationales.

In the final review period, prioritize high-yield summaries, weak-topic refreshers, and one or two full-length mocks. Avoid trying to learn large new topics the night before. Focus instead on clean recall of core distinctions and calm exam execution. On exam day, your goal is not perfection. Your goal is controlled accuracy across the official objectives.

You are ready when you can do four things consistently: explain the purpose of major Azure services in plain language, identify the tested objective behind a question, eliminate distractors for a clear reason, and maintain focus across a full mock exam. If you can do that, this practice bank will help you convert knowledge into a passing result.

Section 2.1: What Cloud Computing Means in the AZ-900 Context

For AZ-900, cloud computing means delivering computing services over the internet in a way that is flexible, scalable, and typically billed according to usage. These services can include compute power, storage, networking, databases, analytics, identity, and complete software applications. The exam does not require deep engineering knowledge here, but it does expect you to understand why organizations move to the cloud and what characteristics make cloud computing different from a traditional on-premises approach.

The most tested cloud value points are high availability, scalability, elasticity, agility, fault tolerance, disaster recovery support, and global reach. High availability means services are designed to stay up and accessible. Scalability means the system can grow to handle increased demand. Elasticity means resources can expand or shrink automatically or quickly in response to actual workload changes. Agility refers to the ability to provision and change resources rapidly. Exam Tip: If a question emphasizes sudden workload spikes, elasticity is usually the better concept than scalability, because elasticity implies dynamic adjustment rather than just long-term growth.

Microsoft also expects you to understand that cloud computing shifts organizations away from managing all physical infrastructure themselves. Instead of buying servers, building datacenters, and planning capacity years in advance, organizations can consume resources when needed. This improves speed and can reduce waste. However, the exam may include trap answers suggesting that cloud always removes all management tasks. That is false. The amount of management removed depends on the service model.

Another common exam angle is terminology. A resource in the cloud is a manageable item such as a virtual machine, storage account, or database. Workloads are the applications or business processes using those resources. When the exam says a company wants to provision resources rapidly in multiple regions, it is testing whether you associate cloud with global deployment and operational flexibility. Microsoft may also use business wording rather than technical wording, such as reducing lead time, avoiding large upfront investments, or improving resilience.

The best way to identify the right answer is to connect the requirement to the core cloud benefit being described. If the question focuses on faster deployment, think agility. If it focuses on handling varying demand, think scalability or elasticity. If it focuses on minimizing downtime, think availability or fault tolerance. Avoid overthinking at this level; AZ-900 often rewards clear mapping between a stated need and the cloud concept that directly addresses it.

Section 2.2: Public Cloud, Private Cloud, and Hybrid Cloud

One of the easiest ways to lose points on AZ-900 is to confuse deployment models. Public cloud, private cloud, and hybrid cloud describe where cloud resources are hosted and how they are made available. Public cloud refers to services offered over the internet by a cloud provider to multiple customers. Azure is a public cloud platform. Customers do not own the underlying datacenter hardware, and they typically benefit from broad scalability, global access, and consumption-based pricing.

Private cloud refers to cloud infrastructure used by a single organization. It may be hosted on-premises or by a third party, but it is dedicated to one customer rather than shared in the same way as a public cloud environment. In exam questions, private cloud is often associated with greater control, custom security requirements, or regulatory preferences. The trap is assuming private cloud always means on-premises. It often does, but the defining point is dedicated use by one organization, not simply physical location.

Hybrid cloud combines public cloud and private infrastructure in a connected model. This is one of the most frequently tested deployment concepts because it fits many real-world scenarios. A company may keep sensitive systems on-premises while extending other workloads to Azure. It may also use hybrid for gradual migration, business continuity, disaster recovery, data residency concerns, or integration with legacy systems. Exam Tip: If a scenario says an organization wants to keep some resources in its own datacenter while also using cloud services, hybrid cloud is usually the correct answer.

Microsoft likes to test these models through scenario clues rather than definitions. For example, if an organization wants maximum control over infrastructure dedicated only to itself, private cloud is the best match. If it wants to avoid maintaining physical hardware and wants rapid global scaling, public cloud is the strongest answer. If it needs both local control and cloud flexibility, hybrid cloud is the likely choice.

Be careful with distractors that sound security-related. Many students incorrectly assume private cloud is automatically more secure than public cloud. On AZ-900, the better interpretation is that private cloud may provide more direct control, but public cloud can still be highly secure. The exam is testing model characteristics, not simplistic assumptions. Focus on ownership, access model, and deployment strategy rather than broad claims like one model is always cheaper or always safer.

Section 2.3: Infrastructure as a Service, Platform as a Service, and Software as a Service

Service models describe how much of the technology stack is managed by the cloud provider versus the customer. This is a major AZ-900 objective, and Microsoft often tests it by asking what the organization wants to manage itself. Infrastructure as a Service, or IaaS, provides the most control among the three core models. The provider manages the physical infrastructure, but the customer still manages items such as the operating system, installed software, and much of the configuration. Virtual machines are the classic example.

Platform as a Service, or PaaS, reduces management overhead further. The provider manages the underlying infrastructure, operating systems, runtime, and often scaling mechanisms, while the customer focuses mainly on application code and data. This is ideal when developers want to build and deploy applications without managing servers. On the exam, if a scenario emphasizes rapid development, less infrastructure management, and application deployment, PaaS is often the right answer.

Software as a Service, or SaaS, is the most complete provider-managed model. Users simply access the finished application, usually through a browser or client app. The provider manages the infrastructure, platform, and application itself. Microsoft 365 is a familiar example. If the requirement is to use a ready-made application with minimal management by the customer, SaaS is the expected answer. Exam Tip: If the prompt says the organization wants users to consume an application rather than build or host one, think SaaS first.

A common exam trap is choosing IaaS because it feels more flexible. But flexibility is not always what the question is asking for. The best answer is the one that matches the management boundary in the scenario. If the company needs full control over the operating system, choose IaaS. If it only needs a place to run code, choose PaaS. If it simply wants to use the software, choose SaaS.

Another trap is mixing service models with deployment models. Public cloud is not a replacement term for SaaS, and private cloud is not the same as IaaS. They answer different questions. To avoid confusion, ask yourself: is the question about where the service runs, or about how much the provider manages? That one habit helps separate these closely related but distinct exam topics.

Section 2.4: Shared Responsibility Model and Basic Security Ownership

The shared responsibility model explains that security and management responsibilities are divided between the cloud provider and the customer. This concept appears throughout AZ-900 because it supports many later objectives, including governance, compliance, identity, and service selection. Microsoft wants you to understand that moving to the cloud does not mean the customer gives up all responsibility. Instead, the provider takes responsibility for certain layers, while the customer remains responsible for others.

At a high level, the provider is always responsible for the physical datacenter, physical network, and physical hosts. The customer remains responsible for items such as data, account access, and identity-related choices. The exact split changes by service model. In IaaS, the customer usually manages the operating system, applications, and data. In PaaS, the provider manages more of the platform stack, so the customer focuses primarily on the application and data. In SaaS, the provider manages nearly everything except the customer’s data, user access, and configuration choices within the software.

This is a favorite best-answer topic because the exam may ask who is responsible for a specific layer. The wrong answers often include items that sound technical but belong to different levels. For example, in a virtual machine scenario, the provider does not manage the guest operating system for the customer. In a SaaS scenario, the customer typically does not patch the application platform. Exam Tip: When uncertain, think from the top of the stack downward: the more complete the service model, the more responsibility shifts to the provider.

Security ownership on AZ-900 is tested at a basic level. You are not expected to design advanced controls, but you should know that customers remain responsible for protecting identities, managing permissions, classifying and protecting their data, and configuring services correctly. Misconfiguration is still the customer’s problem in many cases. This is an important trap because some candidates assume the provider handles all security automatically. The provider secures the cloud infrastructure; the customer must still secure what they put in the cloud.

If a question asks which statement best describes shared responsibility, choose the one that reflects a partnership model rather than all-or-nothing ownership. That language is very Microsoft-like and often marks the correct answer.

Section 2.5: Consumption-Based Model, OpEx vs CapEx, and Cloud Benefits

The AZ-900 exam places strong emphasis on cloud economics, especially the consumption-based model. In a consumption-based model, customers pay for the resources they use, often measured by time, storage consumed, transactions, or bandwidth. This contrasts with traditional purchasing, where organizations buy hardware and software capacity upfront whether they use it fully or not. Microsoft tests this because it is one of the most important business reasons organizations adopt cloud services.

Closely related to this is the difference between CapEx and OpEx. Capital expenditure, or CapEx, refers to upfront spending on physical infrastructure and other long-term assets. Operating expenditure, or OpEx, refers to ongoing costs that are paid as services are consumed. Cloud computing often shifts spending from CapEx to OpEx. Instead of buying servers in advance, a company pays monthly or per usage. Exam Tip: If a question mentions reducing large upfront costs or aligning costs with actual usage, the answer is likely tied to OpEx or consumption-based pricing.

Cloud benefits often appear in the same question as pricing concepts. These include cost predictability, the ability to scale on demand, faster deployment, reduced need to overprovision, and the option to stop paying for unused resources when properly managed. However, be cautious: the exam does not suggest cloud is always automatically cheaper. Poorly managed cloud resources can still create unnecessary cost. The tested principle is flexibility and usage-based billing, not guaranteed savings in every situation.

Another common exam theme is matching a business outcome to a cloud benefit. If an organization wants to launch quickly without waiting to build a datacenter, that reflects agility. If it wants to support users in many geographies, that reflects global reach. If it wants to survive a localized failure, that relates to resiliency and availability. If it wants to avoid paying for peak capacity all year, that points to elasticity and consumption-based pricing.

To identify the right answer, focus on the financial wording in the scenario. Upfront purchase suggests CapEx. Pay for what you use suggests OpEx and consumption. Variable demand suggests elasticity. Avoid answers that overpromise, such as statements that cloud eliminates all costs or all planning. Those are classic distractors in Microsoft fundamentals exams.

Section 2.6: Exam-Style Practice for Describe Cloud Concepts

When you practice this domain, do not just memorize definitions. AZ-900 often uses short scenarios that test whether you can identify the single best cloud concept from limited clues. That means your study method should center on pattern recognition. As you review practice items, ask what the question is really testing: a deployment model, a service model, a pricing concept, a cloud benefit, or responsibility ownership. If you can classify the question first, the answer becomes much easier to spot.

A strong exam technique is keyword mapping. Terms such as dedicated, single organization, and maximum control often point toward private cloud. Terms such as combine on-premises and cloud point toward hybrid cloud. Terms such as manage virtual machines and operating systems suggest IaaS. Terms such as deploy code without managing infrastructure suggest PaaS. Terms such as use a complete application suggest SaaS. Terms such as pay only for usage suggest a consumption-based model. Terms such as provider manages physical infrastructure but not all customer data or identities suggest shared responsibility.

Another practical strategy is eliminating answers that belong to the wrong category. If the question asks how a company can keep some resources on-premises and move some to Azure, then SaaS, PaaS, and IaaS may be distractors because the real issue is deployment model, not service model. If the question asks who patches the guest operating system in a virtual machine, then public versus private cloud is irrelevant because the issue is responsibility under IaaS.

Exam Tip: Microsoft sometimes writes two technically true answers, but only one directly addresses the stated requirement. Always choose the most precise fit. Do not choose a broader answer when a narrower and more exact answer is available.

As you build readiness, review every rationale, especially for missed questions. Categorize each miss: definition confusion, wording trap, category confusion, or overthinking. This chapter’s objective is not only to teach the theory of cloud concepts but to help you think the way the exam expects. Once you can quickly identify what kind of cloud concept is being tested, your accuracy and speed improve together, which is essential for full mock exams and final review.

Section 3.1: Azure Accounts, Subscriptions, and Management Groups

One of the first architecture topics on AZ-900 is the hierarchy used to access, bill, and govern Azure. Start with the Azure account. An account is associated with an identity and is used to sign in to Azure services. From an exam perspective, the account is commonly the starting point for ownership and access, but it is not the main billing and resource boundary tested on the exam. That role usually belongs to the subscription.

An Azure subscription is a logical unit for provisioning resources and tracking costs. If a question asks how to separate billing for departments, projects, or environments, the best answer is often to use separate subscriptions. Subscriptions also help enforce quotas and create administrative boundaries. For exam purposes, remember that resources are deployed into a subscription, not directly into a management group. This distinction appears often in distractor choices.

Management groups sit above subscriptions. Their purpose is to help organize and apply governance consistently across multiple subscriptions. If an organization has many subscriptions and wants to apply policies or access rules at a broader scope, management groups are the right concept. The exam may describe a large company with multiple business units and ask which option simplifies centralized governance. That wording points toward management groups.

The hierarchy is important: management groups can contain subscriptions, subscriptions can contain resource groups, and resource groups contain resources. You do not need to memorize every edge case for AZ-900, but you do need to recognize the general structure and the scope of each layer.

Exam Tip: If the scenario emphasizes cost tracking or service limits, think subscription. If it emphasizes applying governance across many subscriptions, think management group. If it emphasizes organizing deployed services for lifecycle management, think resource group.

A common exam trap is choosing an answer that sounds administratively powerful but is at the wrong level. For instance, management groups are not where you deploy a virtual machine. Another trap is assuming one subscription equals one account. In reality, one account can have access to multiple subscriptions, and organizations can structure access in different ways. Keep your reasoning tied to the scope described in the question.

Section 3.2: Resource Groups, Resources, and Azure Resource Manager Basics

Resource groups are among the most frequently tested Azure architecture concepts because they are central to how Azure organizes deployed services. A resource group is a logical container for resources that share a common lifecycle, administrative purpose, or deployment model. If a question asks how to organize a web app, database, and storage account that belong to the same solution, a resource group is usually the best answer.

A resource is simply an individual Azure service instance, such as a virtual machine, virtual network, storage account, or Azure SQL Database. On the exam, a common challenge is distinguishing between the individual service and the container used to organize it. If the wording is about creating, updating, or deleting a single service, the concept is resource. If the wording is about grouping multiple services for management, the concept is resource group.

Azure Resource Manager, often abbreviated ARM, is the deployment and management service for Azure. This does not mean it is just another container. Rather, ARM provides a consistent management layer that lets you deploy, update, and manage resources in Azure. It supports templates, role-based access control integration, tagging, and consistent API behavior. The exam does not usually go deep into template syntax, but it may test whether you recognize that Azure Resource Manager enables infrastructure to be deployed and managed in a standardized way.

Another practical concept is tagging. Tags are key-value pairs applied to resources to help categorize them, often for cost reporting or administration. If the exam asks how to label resources by department, owner, or environment without changing the resource structure itself, tags are a likely answer. Tags do not replace resource groups; they complement them.

Exam Tip: Resource groups are not billing containers in the same sense as subscriptions. Costs can be analyzed by resource group, but the core billing boundary is still the subscription. Microsoft sometimes tests this distinction through subtle wording.

Common traps include confusing Azure Resource Manager with resource groups, assuming all related resources must always be in the same resource group, or thinking tags are a substitute for access control. For AZ-900, focus on purpose: ARM manages deployments and control plane operations, resource groups organize resources, and resources are the actual Azure service instances being consumed.

Section 3.3: Azure Regions, Region Pairs, and Sovereign Regions

An Azure region is a geographic area containing one or more datacenters connected through a low-latency network. Regions matter because they affect service availability, latency, data residency considerations, and disaster recovery design. In the exam, if a scenario mentions deploying services close to users to reduce delay, the underlying concept is region selection for latency optimization.

Do not assume every Azure service is available in every region. Microsoft may test this through a best-answer question that asks what you should verify before planning a deployment. The correct reasoning is to check service availability by region. This matters especially for newer or specialized services.

Region pairs are another favorite AZ-900 topic. Certain Azure regions are paired with another region in the same geography to support disaster recovery and platform updates. Microsoft prioritizes recovery of at least one region in each pair during broad outages. You do not need to memorize every pair for AZ-900, but you should understand the purpose: support resiliency and continuity planning.

Sovereign regions are designed to meet specific compliance, legal, or governmental requirements. Examples include Azure Government and region offerings built for specific national or regulatory boundaries. When the exam references strict jurisdictional control, public sector isolation, or special compliance environments, sovereign region concepts may be involved. The key idea is that these are not just normal public Azure regions with a different name; they exist to meet particular governance or regulatory needs.

Exam Tip: “Region” answers location and latency concerns. “Region pair” answers broad resiliency and disaster recovery concepts. “Sovereign region” answers regulatory and jurisdictional isolation needs.

A common trap is mixing availability zones with regions. Zones are separate physical locations within a single region, while region pairs involve two different regions. Another trap is assuming region choice is only about geography. On the exam, region choice can also affect compliance, service availability, and business continuity planning.

Section 3.4: Availability Zones, Availability Sets, and Resiliency Concepts

Microsoft expects AZ-900 candidates to recognize the difference between high availability options within Azure. Availability zones are physically separate datacenter locations within a region. They provide protection against datacenter-level failures. If the question describes spreading resources across separate physical locations in one region for higher availability, availability zones are the concept being tested.

Availability sets are different. They are used primarily with virtual machines to improve redundancy by distributing VMs across fault domains and update domains. Fault domains help protect against hardware failure, while update domains help reduce simultaneous downtime during planned maintenance. The exam may ask which option increases the availability of multiple VMs that support the same application. If the wording focuses on VM distribution for maintenance and hardware fault isolation, availability sets are a strong clue.

Resiliency is the broader design principle of continuing operations despite failures. In AZ-900, you are not expected to architect every detail of business continuity and disaster recovery, but you should recognize that redundancy can exist at multiple levels: within a datacenter, across datacenters in a region, across regions, and across paired regions. The exam often tests whether you can match the failure scope to the correct Azure feature.

For example, if the question implies a single datacenter outage within a region, availability zones may be the best answer. If it implies a virtual machine maintenance or hardware isolation scenario, availability sets may be more appropriate. If it implies regional disaster recovery, the concept moves beyond sets and zones toward multiple regions or region pairs.

Exam Tip: Read for failure scope. VM-level redundancy suggests availability sets. Datacenter-level redundancy within one region suggests availability zones. Geography-level recovery suggests multiple regions or region pairs.

Common traps include assuming availability sets and availability zones are interchangeable, or believing they solve every disaster recovery problem. They improve availability, but they do not replace good design choices around backup, replication, and regional planning. On AZ-900, the best answer is the one that most directly matches the outage type described in the scenario.

Section 3.5: Core Azure Services Overview for Exam Recognition

Although this chapter centers on architecture, AZ-900 also expects you to recognize major Azure service categories because architecture questions often name or imply them. The exam frequently describes business needs first and expects you to identify the service family. The big categories to recognize are compute, networking, storage, identity, and database-related services.

In compute, key items include virtual machines, containers, and app hosting services. If the scenario needs full operating system control, virtual machines are usually implied. If it needs packaged application deployment with lightweight portability, containers may be involved. If it describes hosting a web application without emphasizing infrastructure management, Azure App Service is often the better recognition target.

In networking, you should recognize virtual networks, load balancing, VPN options, and content delivery concepts. If the scenario is about private communication among Azure resources, think virtual network. If it is about distributing traffic across endpoints, think load balancing or traffic management concepts depending on the wording. For storage, know the broad types: blob storage for unstructured object data, file storage for shared file access, and managed disks for VM storage.

Identity is especially important because many architectural questions include user access, authentication, or authorization. The modern Microsoft identity service is Microsoft Entra ID. If the exam mentions cloud-based identity, single sign-on, or authentication for Azure resources, identity services are likely central to the answer. Do not confuse identity management with subscriptions or resource groups; they solve different problems.

Exam Tip: On AZ-900, you usually do not need advanced configuration knowledge. You need service recognition. Ask yourself, “What problem is this service category designed to solve?” Then eliminate answers that belong to a different category.

Common traps include choosing a service because it is familiar rather than because it is the best architectural fit. A question about storing huge unstructured data is more likely pointing to blob storage than a relational database. A question about organizing access is more likely pointing to identity and role-based access, not resource grouping. Build your exam confidence by associating each Azure service family with its primary use case.

Section 3.6: Exam-Style Practice for Describe Azure Architecture and Services

When you practice this objective area, your goal is not only to memorize definitions but to develop Microsoft-style answer logic. AZ-900 often uses short scenarios with one or two critical keywords that reveal the correct architectural component. Train yourself to identify those keywords quickly. Words such as billing, governance, lifecycle, latency, compliance, datacenter outage, and regional resilience usually point directly to different Azure constructs.

A strong method is to classify every practice item by scope. Ask: is this question about organization, deployment, geography, availability, or service recognition? Organization points to subscriptions, management groups, resource groups, and tags. Deployment points to Azure Resource Manager. Geography points to regions, region pairs, and sovereign regions. Availability points to availability sets and zones. Service recognition points to compute, networking, storage, or identity categories.

Another exam skill is eliminating technically possible but less precise options. For example, several features can contribute to resiliency, but only one directly addresses the exact failure scope in the question. Similarly, multiple Azure features can help with administration, but only one may be the formal boundary for billing or policy inheritance. This is why reading the final sentence carefully matters. Microsoft frequently hides the tested objective in the last line of the item.

Exam Tip: Do not rush when two options both sound correct. Ask which one is the official Azure construct designed primarily for that task. AZ-900 rewards best-answer discipline more than broad technical imagination.

As you review mistakes, create a personal error log. Note whether you confused scope, geography, resiliency, or service category. That pattern tells you what to revisit before the real exam. If you repeatedly miss items involving region pairs and availability zones, for example, focus on failure-domain language. If you confuse subscriptions and resource groups, revisit billing boundary versus lifecycle organization.

This chapter’s architecture content is foundational for later topics in management, governance, and pricing. The more clearly you understand Azure’s structural building blocks now, the easier it becomes to answer broader exam questions later. Master the vocabulary, connect each term to its purpose, and practice selecting the most precise answer rather than the merely plausible one.

Section 4.1: Compute Services Including Virtual Machines, App Services, Containers, and Functions

Azure compute services answer one core question: how do you run workloads in the cloud? On the AZ-900 exam, you are expected to recognize the major compute choices and understand the difference between infrastructure control and platform abstraction. The four most commonly tested options are Virtual Machines, Azure App Service, containers, and Azure Functions.

Azure Virtual Machines provide the most control. They are ideal when an organization needs to run a traditional server-based workload, choose the operating system, install custom software, or maintain full administrative access to the environment. In exam scenarios, VMs are often correct when the requirement mentions legacy applications, specific OS control, or lift-and-shift migration from on-premises servers.

Azure App Service is a platform as a service offering for web apps, APIs, and mobile app back ends. It reduces management overhead because Microsoft manages the underlying infrastructure. This is commonly the best answer when a company wants to deploy a web application quickly without managing servers, patching operating systems, or handling much of the runtime environment manually.

Containers package an application and its dependencies into a portable unit. On AZ-900, you are not expected to master container orchestration, but you should know that containers are useful for consistency across environments and microservices-style deployment. If the scenario emphasizes portability, rapid deployment, or standardized packaging, containers are likely relevant.

Azure Functions is the key serverless compute service in many fundamentals questions. Functions run code in response to events and are especially appropriate for short-lived, event-driven tasks. If the scenario mentions processing a file upload, reacting to a message, or executing code only when triggered, Azure Functions is often the best fit.

Exam Tip: When comparing VMs, App Service, containers, and Functions, look for the management clue. Need full server control? Choose VMs. Need managed web hosting? Choose App Service. Need packaged app portability? Choose containers. Need event-driven execution without server management? Choose Functions.

Common traps include choosing Virtual Machines simply because “any app can run there.” That may be true technically, but AZ-900 usually rewards the more cloud-optimized service. Another trap is confusing App Service with Functions. App Service is for hosting continuously available web applications and APIs, while Functions is for code triggered by events.

The exam may also test consumption language. Functions strongly aligns with event-based execution and scaling behavior, while VMs are infrastructure-based compute resources. If you can tie each compute service to a use case instead of memorizing names, you will answer these questions more reliably.

Section 4.2: Virtual Networking, Load Balancing, VPN Gateway, and ExpressRoute

Networking questions in AZ-900 focus on connectivity and traffic flow, not low-level engineering. You need to know the purpose of Azure Virtual Network, load balancing services, VPN Gateway, and ExpressRoute. Microsoft often frames these topics around how users, services, or data centers connect.

Azure Virtual Network, or VNet, is the foundational private network in Azure. It enables Azure resources to communicate securely with each other, with the internet, and with on-premises environments depending on configuration. If a question asks how to logically isolate or connect Azure resources within a private network, VNet is usually the starting point.

Load balancing distributes traffic across multiple resources to improve availability and performance. At the AZ-900 level, you mainly need to recognize that Azure Load Balancer works at the network layer and distributes traffic across virtual machines or services. The exam may also mention traffic distribution generally without requiring deep protocol knowledge.

VPN Gateway enables encrypted connectivity between Azure and another network over the public internet. It is commonly used for site-to-site, point-to-site, or VNet-to-VNet connections. If the scenario calls for secure hybrid connectivity but does not require a private dedicated circuit, VPN Gateway is likely the correct answer.

ExpressRoute provides a private dedicated connection between on-premises infrastructure and Microsoft cloud services. This is often the best answer when a scenario emphasizes more consistent performance, private connectivity, or avoiding the public internet. It is a favorite exam comparison against VPN Gateway.

Exam Tip: The standard comparison is simple: VPN Gateway uses the internet with encryption; ExpressRoute provides a private dedicated connection. If the question stresses highest reliability, private path, or enterprise-grade dedicated connectivity, think ExpressRoute.

A common exam trap is assuming every secure connection is ExpressRoute. That is incorrect. VPN Gateway is also secure, but it traverses the public internet. Another trap is confusing VNet with a subscription or resource group. A VNet is a networking construct for communication, not a billing or administrative boundary.

When you read a networking answer set, identify whether the requirement is internal Azure communication, internet traffic distribution, encrypted hybrid access, or dedicated private connectivity. That process usually eliminates distractors quickly. Fundamentals questions reward classification more than configuration.

Section 4.3: Storage Services Including Blob, Disk, File, and Archive Options

Azure storage is another heavily tested area because it maps directly to common business needs. On the AZ-900 exam, you should be able to distinguish Blob Storage, managed disks, Azure Files, and archive storage choices. The key is to connect the storage service to the kind of data being stored and how frequently that data is accessed.

Azure Blob Storage is designed for massive amounts of unstructured object data, such as images, videos, backups, logs, and documents. If the question mentions object storage, internet-accessible files, or large-scale unstructured content, Blob Storage is usually the strongest answer.

Managed disks are used with Azure Virtual Machines. They provide persistent block storage for VM operating systems and data disks. If the scenario is about storing the OS or attached storage for a VM, disks are the right choice, not Blob Storage or Azure Files.

Azure Files provides managed file shares that can be accessed using standard SMB protocols. This is useful when applications or users need a shared file system experience in the cloud. On exam items, Azure Files is often the correct answer when a company wants to replace or extend a traditional file server with cloud-based file shares.

Archive options come into play when data is rarely accessed and cost optimization matters more than retrieval speed. Azure storage tiers, especially the archive tier, are important for long-term retention scenarios. If the question highlights infrequent access and lower storage cost, archive storage is a strong candidate.

Exam Tip: Use this memory pattern: Blob for objects, Disk for VMs, Files for shared file access, Archive for rarely used data. AZ-900 questions often become much easier if you classify the data first.

Common traps include choosing Blob Storage for any file-related need. While technically many file-like objects can be stored as blobs, Azure Files is the better answer when the scenario specifically requires shared file access or SMB compatibility. Another trap is forgetting that archive storage reduces cost but also reduces immediate accessibility. If the data must be read frequently, archive is likely wrong.

The exam may also connect storage to resilience or access patterns, but at the fundamentals level the most important skill is service matching. Pay attention to words like unstructured, shared, persistent disk, backup, and rarely accessed. Those terms usually point directly to the intended answer.

Section 4.4: Azure Active Directory, Authentication, and Identity Basics

Identity is a major part of the Azure fundamentals story because cloud access begins with who the user is and what that user is allowed to do. For AZ-900, you should know that Azure Active Directory is now called Microsoft Entra ID, and it is the primary cloud identity and access management service used across Microsoft cloud offerings.

Authentication answers the question, “Who are you?” Authorization answers the question, “What are you allowed to do?” These two ideas are frequently tested, sometimes directly and sometimes within service scenarios. If a user signs in with credentials, that is authentication. If the platform determines what resources the user can access after sign-in, that is authorization.

Microsoft Entra ID supports features such as single sign-on, multifactor authentication, and identity management for users, groups, and applications. Single sign-on allows users to authenticate once and access multiple applications without repeatedly signing in. Multifactor authentication improves security by requiring an additional factor beyond a password.

The AZ-900 exam may also compare Microsoft Entra ID with traditional on-premises Active Directory. The basic distinction is that Microsoft Entra ID is a cloud identity service, while traditional Active Directory Domain Services is commonly associated with on-premises domain environments. You do not need advanced synchronization knowledge, but you should recognize that these are related yet different identity systems.

Exam Tip: If the scenario is about users signing in to cloud apps, managing identities, enabling MFA, or using single sign-on, think Microsoft Entra ID. Do not confuse identity management with network connectivity or subscription structure.

A frequent trap is mixing up authentication and authorization. Another is assuming Microsoft Entra ID is only for Azure administration. It also supports access to Microsoft 365, SaaS applications, and other cloud-integrated resources. The exam may use broad wording like “manage user identities” or “enable access to multiple applications,” which should point you toward identity services rather than compute or networking answers.

You should also be ready to interpret identity questions in business language. If the requirement is reducing repeated sign-ins, that is usually single sign-on. If the requirement is adding security beyond passwords, that is multifactor authentication. If the requirement is controlling what a signed-in user can do, that is authorization. These concepts are simple, but Microsoft likes to test them with real-world phrasing instead of textbook definitions.

Section 4.5: Choosing the Right Azure Service for Common Scenarios

This section brings the chapter together using the logic AZ-900 expects on best-answer questions. In fundamentals exams, the challenge is rarely memorizing a definition in isolation. The real challenge is choosing the most appropriate service from several plausible options. That is why scenario recognition matters.

Start by identifying the domain of the requirement. Is the problem about running an application, connecting systems, storing data, or controlling access? That first classification narrows the answer set quickly. A compute requirement should not lead you toward identity services, and a file-sharing need should not lead you toward networking tools.

Next, identify the operational clue. If the company wants full control over an operating system, Virtual Machines are a strong fit. If it wants a managed web platform, App Service is stronger. If it wants code to run only when triggered, Azure Functions is the likely answer. If the requirement says secure private hybrid connectivity over the internet, VPN Gateway makes sense; if it says dedicated private connection, ExpressRoute is usually better.

For storage, focus on the format and access pattern of data. Unstructured documents, media, and logs suggest Blob Storage. A shared cloud file system suggests Azure Files. VM operating system storage suggests managed disks. Long-term, rarely retrieved data points toward archive storage.

For identity, ask whether the scenario is really about sign-in and access. If users need single sign-on, multifactor authentication, or cloud identity management, Microsoft Entra ID should stand out immediately.

Exam Tip: On AZ-900, the best answer is often the service most directly named by the scenario wording. Words such as web app, event-driven, shared files, private dedicated connection, and single sign-on are intentional clues. Train yourself to spot those phrases quickly.

A common trap is choosing the broadest possible service instead of the most appropriate one. Yes, a VM can host a web app, but if the scenario emphasizes managed web hosting, App Service is better. Yes, files can be stored in Blob Storage, but if users need a traditional file share, Azure Files is better. The exam rewards precision.

When practicing, explain to yourself why the wrong answers are wrong. That habit builds exam resilience, especially when Microsoft presents two answer choices that both seem technically possible. Your goal is to choose the one that best aligns with Azure fundamentals design intent.

Section 4.6: Exam-Style Practice for Describe Azure Architecture and Services

To perform well in this AZ-900 objective area, you need more than familiarity with service names. You need a repeatable exam method. The most effective approach is to read each item for its requirement signal, eliminate options from the wrong service domain, and then compare the remaining answers based on the specific clue in the scenario.

For compute questions, ask whether the workload is infrastructure-based, managed platform-based, containerized, or event-driven. For networking questions, ask whether the need is internal connectivity, load distribution, encrypted hybrid access over the internet, or a private dedicated connection. For storage questions, ask what kind of data is involved and how it is used. For identity questions, ask whether the issue is authentication, authorization, SSO, or MFA.

Exam Tip: Microsoft often writes distractors that are real Azure services but belong to the wrong category. If a scenario asks how to let users sign in once to many applications, networking and compute answers can be eliminated immediately, even if they sound familiar.

Another practical technique is to watch for absolute wording. Fundamentals questions typically avoid highly technical edge cases. If one answer seems complex and another is a straightforward textbook fit, the straightforward answer is often correct. The exam tests recognition of core Azure services, not architectural creativity.

As you review practice sets, track your mistakes by type. If you confuse App Service and Functions, that is a compute classification issue. If you miss VPN Gateway versus ExpressRoute, that is a connectivity comparison issue. If you select Blob instead of Azure Files, that is a storage access-pattern issue. Weakness tracking helps you improve much faster than simply counting your score.

Finally, remember where this chapter fits into the full course outcomes. You are not just memorizing facts. You are building the ability to interpret official AZ-900 objectives, apply Microsoft-style logic, and recognize the best answer under time pressure. That skill becomes essential when you transition from learning content to taking full mock exams and final review sessions. Keep revisiting these service distinctions until your recognition becomes immediate.

Section 5.1: Cost Management, Pricing Calculators, and Total Cost Concepts

Azure uses a consumption-based pricing model for many services, which means customers pay for what they use. The exam expects you to understand the major pricing factors, not detailed price sheets. Common factors include resource type, region, usage duration, performance tier, storage amount, outbound data transfer, and licensing choices. In other words, two virtual machines may cost different amounts because of size, location, operating system, or how long they run.

Microsoft often tests whether you can distinguish tools used before deployment from tools used after deployment. The Azure Pricing Calculator helps estimate expected costs for planned services. It is a pre-deployment estimation tool. By contrast, Azure Cost Management helps analyze, monitor, and optimize actual spending after resources are running. This distinction matters. If a scenario asks you to forecast a monthly cost before buying services, the pricing calculator is the better answer. If it asks how to track current spending trends and budgets, Cost Management is the correct match.

Total cost concepts also matter. Total Cost of Ownership, or TCO, compares the full cost of running workloads on-premises versus in Azure. It considers items such as hardware, power, cooling, maintenance, staffing, and software. The Azure TCO Calculator is designed for migration comparison, not daily budget monitoring. This is a favorite exam trap because some learners confuse it with the Pricing Calculator.

• Pricing Calculator: estimates Azure service costs before deployment
• TCO Calculator: compares on-premises costs with Azure costs
• Azure Cost Management: monitors, allocates, budgets, and optimizes actual Azure spending

Another tested idea is cost control through governance. Tags can support chargeback or cost reporting by department, project, or environment. Budgets and alerts can help organizations avoid surprises. Reserved instances and hybrid benefits may lower costs in some scenarios, but AZ-900 usually tests the high-level idea that planning and monitoring help optimize spend.

Exam Tip: If the wording says estimate, calculate in advance, or compare cloud versus on-premises, think calculators. If it says analyze spending, set budgets, or identify waste in existing resources, think Cost Management.

A common trap is assuming the cheapest option is always the best answer. Microsoft questions often ask for the service that meets the requirement, not simply the lowest cost. Focus on the business need first, then match the appropriate pricing or management concept.

Section 5.2: Service Level Agreements, Service Lifecycle, and Support Plans

A Service Level Agreement, or SLA, is a formal commitment about expected service availability. In Azure, it is commonly expressed as a percentage, such as 99.9% uptime. AZ-900 expects you to understand what an SLA means and how architecture affects availability. A higher SLA generally means less allowable downtime over a period. If a question asks how to improve availability, the answer is often to design for redundancy rather than simply choose a different management tool.

Microsoft may also test composite SLAs. When a workload depends on multiple services, the overall availability can be lower than the SLA of any individual service. You do not need advanced math for most AZ-900 items, but you should understand the principle: combining dependent components can reduce the total SLA unless redundancy is built in.

Service lifecycle terms are also important. Azure services may be in preview or generally available. Preview features are made available for evaluation and may have limited support or different SLA treatment. Generally available services are fully released for production use. On the exam, if the scenario emphasizes production readiness, enterprise commitment, or standard support expectations, GA is usually the safer concept.

Support plans are another tested area. Candidates should know that different Azure support plans provide different response times, support scopes, and pricing levels. The exam usually does not expect memorization of every plan detail, but it may ask which option gives faster technical support or which support model fits a business need.

• SLA: defines expected availability
• Preview: early access, may have limitations
• General Availability: production-ready release status
• Support plans: paid tiers with varying responsiveness and capabilities

Exam Tip: Do not confuse an SLA with a support plan. SLA is about service uptime commitment. A support plan is about access to technical help and response times.

A common exam trap is choosing support plans to solve an availability problem. If the issue is downtime tolerance, think architecture and SLA. If the issue is needing help from Microsoft, think support plan. Likewise, if the question asks whether a feature is suitable for production, look for clues about preview versus general availability.

The exam tests your ability to separate operational commitments from release stage and from support access. Treat them as three distinct ideas: uptime commitment, lifecycle status, and assistance level.

Section 5.3: Governance Tools Including Azure Policy, RBAC, Locks, and Tags

Governance in Azure is about keeping resources aligned with organizational rules. This is one of the highest-value topic clusters in the management and governance domain because the exam frequently tests distinctions among Azure Policy, role-based access control, resource locks, and tags. These tools may all appear in answer choices, but they solve different problems.

Azure Policy enforces organizational standards and can assess compliance across resources. For example, it can restrict allowed resource locations, require specific tags, or block certain resource types. If the question asks how to ensure resources follow rules or how to audit noncompliant configurations, Azure Policy is usually the correct answer.

RBAC controls who can do what. It assigns permissions to users, groups, or identities at different scopes such as management group, subscription, resource group, or resource. If the requirement is about granting a team read-only access, allowing an administrator to manage VMs, or limiting user actions, think RBAC. A major trap is selecting Azure Policy when the question is really about permissions. Policy governs resources; RBAC governs access.

Resource locks protect resources from accidental deletion or modification. A CanNotDelete lock prevents deletion, while a ReadOnly lock prevents changes. Locks are not the same as permissions, though they affect what actions can succeed. On the exam, if the concern is accidental change rather than user authorization, locks are often the best answer.

Tags are metadata labels attached to resources. They are commonly used for organization, reporting, automation, and cost tracking. Tags do not enforce security by themselves, but Azure Policy can require them. This relationship is another exam favorite.

• Azure Policy: enforce standards and evaluate compliance
• RBAC: assign permissions and control access
• Resource locks: prevent accidental deletion or modification
• Tags: organize and classify resources for management and cost visibility

Exam Tip: If the key verb is enforce, require, or audit, think Policy. If it is allow, deny access, or assign permissions, think RBAC. If it is prevent deletion or prevent changes, think locks. If it is categorize or allocate costs, think tags.

The exam also expects awareness of management hierarchy, especially subscriptions and resource groups, because governance scope matters. Policies and RBAC assignments can apply at different levels, which lets organizations standardize controls across many resources. Even if a question does not mention hierarchy directly, scope often determines the best answer.

Section 5.4: Microsoft Purview, Compliance Concepts, and Trust Features

Azure management and governance is not only about cost and permissions. It also includes compliance, risk awareness, and trust. In AZ-900, Microsoft wants you to recognize how Azure helps organizations understand regulations, classify data, and review compliance status. At this level, focus on the purpose of the services rather than implementation details.

Microsoft Purview is associated with data governance, data discovery, classification, and compliance management capabilities across data estates. If a question asks about discovering and governing data assets, classifying sensitive information, or improving data visibility, Purview is a strong candidate. Do not confuse Purview with Azure Policy. Policy manages Azure resource compliance and standards; Purview focuses more on data governance and related compliance insight.

Another tested concept is the Microsoft trust framework. Microsoft provides documentation and portals that help customers understand security, privacy, and compliance commitments. The Service Trust Portal is especially important. It provides access to audit reports, compliance guides, privacy information, and documentation related to how Microsoft cloud services meet regulatory expectations. If a question asks where an organization can review compliance documentation or audit information, Service Trust Portal is often the right answer.

Compliance itself means adhering to legal, regulatory, and organizational standards. Azure offers tools and documentation, but customers still share responsibility depending on the service model. In SaaS, more responsibility is handled by the provider. In IaaS, customers still manage more of the environment. This shared responsibility idea can appear as a hidden layer in governance questions.

Exam Tip: When the wording focuses on regulations, audit reports, compliance documents, or trust information, think Service Trust Portal. When it focuses on governing and classifying data, think Microsoft Purview.

A common trap is choosing a security product when the question is really about compliance evidence or governance documentation. Another is selecting Azure Monitor because the phrase monitor sounds broad, even though the requirement is about compliance reporting, not operational telemetry.

Trust features in Azure also include transparency around security and privacy practices. The exam tests whether you understand that Azure provides both technical tools and formal documentation to help organizations meet governance requirements. The best-answer pattern is usually to choose the service that most directly addresses the business and regulatory need, not the one with the broadest feature set.

Section 5.5: Azure Portal, Cloud Shell, Azure Advisor, Monitor, and ARM Templates

This section covers the daily management tools and deployment features that often appear in AZ-900 questions. You should be able to identify each tool by its primary purpose. The Azure Portal is the web-based graphical interface for creating, configuring, and managing Azure resources. It is the most familiar management entry point and is commonly the correct answer when the question asks for a browser-based management interface.

Azure Cloud Shell is a command-line environment accessible through the browser. It supports tools such as Azure CLI and PowerShell. If a question asks for command-line management without installing local tooling, Cloud Shell is a strong match. The exam may contrast the portal and Cloud Shell, so watch for clues about graphical versus command-line administration.

Azure Advisor provides personalized best-practice recommendations. These commonly relate to cost, security, reliability, operational excellence, and performance. If the wording says recommend improvements, identify underutilized resources, or optimize deployments, Azure Advisor is likely the right choice. This is different from Azure Monitor, which collects and analyzes telemetry such as metrics, logs, and alerts.

Azure Monitor helps track resource health and performance. It supports operational visibility across applications and infrastructure. If the requirement is to observe usage, detect issues, trigger alerts, or review logs, think Azure Monitor. A common trap is confusing Monitor with Advisor. Monitor reports what is happening; Advisor suggests what could be improved.

ARM templates, based on Azure Resource Manager, are used for declarative and repeatable deployments. They define infrastructure as code so environments can be deployed consistently. The exam usually tests this at a conceptual level: if the organization wants standardized, automated deployment of the same environment multiple times, ARM templates are a correct answer.

• Azure Portal: browser-based GUI management
• Cloud Shell: browser-accessible command-line environment
• Azure Advisor: recommendation engine for optimization
• Azure Monitor: telemetry, metrics, logs, and alerting
• ARM templates: repeatable, declarative resource deployment

Exam Tip: Questions often include both Advisor and Monitor in the answer choices. Ask yourself whether the need is to observe current conditions or to receive optimization guidance.

This part of the exam tests practical recognition. You do not need to write templates or build alert rules, but you do need to know which tool fits which operational objective. Strong candidates answer these items quickly because they connect the wording to the tool’s main job.

Section 5.6: Exam-Style Practice for Describe Azure Management and Governance

To perform well on the management and governance objective, you must think like the exam writers. Microsoft-style questions rarely ask for broad essays. They present a short scenario, then test whether you can match a requirement to the most appropriate Azure concept. The key to success is identifying the dominant need in the scenario. Is it cost estimation, access control, standards enforcement, monitoring, recommendations, compliance documentation, or repeatable deployment?

Use a process of elimination. If one option controls permissions and another enforces resource rules, determine whether the scenario is about people or resources. If one option estimates cost and another analyzes active spending, decide whether the resources already exist. If one option collects telemetry and another offers recommendations, decide whether the need is visibility or optimization.

Watch for trigger phrases. Words such as budget, forecast, estimate, and spending point toward pricing and cost tools. Words such as role, permission, reader, and contributor point toward RBAC. Words such as compliant, required, allowed locations, and audit point toward Azure Policy. Words such as delete protection or prevent modification point toward locks. Words such as metrics, alerts, and logs indicate Azure Monitor. Words such as recommendations and best practices suggest Azure Advisor. Words such as regulatory reports and compliance documents suggest Service Trust Portal.

Exam Tip: In AZ-900, the correct answer is often the one that is most specific, not the one that is most powerful. Choose the service whose primary purpose directly matches the requirement.

Another high-value strategy is grouping similar tools in your memory. Pair Policy with governance rules, RBAC with access, Tags with organization, Locks with protection, Advisor with recommendations, Monitor with telemetry, Pricing Calculator with pre-purchase estimates, and Cost Management with ongoing spend analysis. This mental map helps under time pressure.

Finally, remember that this domain connects strongly with earlier AZ-900 topics. Shared responsibility, cloud economics, and Azure architecture all influence governance decisions. A well-prepared candidate sees management and governance not as isolated facts, but as the control layer over Azure resources. If you master the distinctions in this chapter, you will be much better prepared for best-answer and scenario-based items in the real exam.

Section 6.1: Full Mock Exam Covering Describe Cloud Concepts

The first portion of your full mock exam should emphasize cloud concepts because this domain establishes the vocabulary and business logic used throughout the rest of AZ-900. Expect ideas related to cloud models, shared responsibility, consumption-based pricing, scalability, elasticity, high availability, and the benefits of cloud computing. The exam does not usually expect deep engineering detail here, but it does expect clean distinctions. If you cannot instantly separate public cloud, private cloud, and hybrid cloud, or recognize examples of OpEx versus CapEx, you will likely miss easy points.

When reviewing this domain, train yourself to identify the keyword that drives the answer. If a prompt focuses on avoiding upfront hardware purchases, think consumption-based pricing and operational expenditure. If it highlights customer control over applications but provider management of the underlying platform, that usually signals a service model distinction such as PaaS. If it emphasizes extending on-premises systems into the cloud, hybrid cloud is often the exam target. Microsoft frequently uses realistic business language instead of textbook phrasing, so your job is to translate business needs into cloud concepts.

One of the most tested areas is the shared responsibility model. Many learners memorize the chart but fail to apply it. The core idea is simple: responsibility shifts depending on whether the solution is IaaS, PaaS, or SaaS. The more the cloud provider manages, the less the customer manages. However, identity, data, and access configuration remain highly relevant customer concerns in most scenarios. If a prompt asks who manages physical datacenters, networking hardware, or host infrastructure, the provider is responsible. If it asks who controls user access, account configuration, or data classification, the customer still plays a major role.

• Be ready to distinguish elasticity from scalability.
• Be ready to connect cost language to consumption-based pricing.
• Be ready to identify benefits such as agility, global reach, and disaster recovery support.
• Be ready to recognize when a scenario points to private cloud for control or public cloud for flexibility.

Exam Tip: If two options both sound correct, choose the one that directly answers the business need in the prompt. For example, if the requirement is “pay only for what is used,” that is not just a cloud benefit in general; it specifically aligns with consumption-based pricing.

A full mock exam in this area should not just test memory. It should test whether you can interpret business language and classify it correctly. That is the exact skill AZ-900 rewards.

Section 6.2: Full Mock Exam Covering Describe Azure Architecture and Services

This section maps to the largest area of confusion for many candidates because Azure architecture and services contain many terms that sound similar. Your mock exam should cover regions, region pairs, availability zones, resource groups, subscriptions, management groups, compute options, networking basics, storage services, and identity services. The exam objective is not to turn you into an Azure administrator. It is to confirm that you understand what major Azure building blocks do and when they are appropriate.

Start with the organizational hierarchy. Candidates often mix up subscriptions, resource groups, and management groups. A resource group is a logical container for resources that share a lifecycle or administrative relationship. A subscription is a billing and access boundary. A management group sits above subscriptions for governance at scale. If the scenario emphasizes applying policy across multiple subscriptions, management groups are a better fit than resource groups. If it emphasizes managing resources together for deployment or deletion, resource groups are the key clue.

In compute, know the broad use case for virtual machines, containers, Azure App Service, and serverless functions. Virtual machines offer the most control. App Service is a managed platform for hosting web apps and APIs. Containers package applications consistently, and Azure Functions support event-driven execution. Common traps appear when learners choose the most powerful option instead of the most appropriate one. The exam often rewards managed services when the prompt prioritizes reduced administrative effort.

Networking and storage also appear regularly. You should understand virtual networks, subnets, VPN gateways at a high level, and the role of load balancing. For storage, distinguish between blob storage, file storage, disk storage, and archive considerations. If the scenario refers to unstructured data such as images or backups, blob storage is frequently the intended answer. If it refers to file shares accessible via common file protocols, Azure Files is a stronger match. Managed disks align with virtual machine storage.

Identity is another recurring test area. Microsoft Entra ID, formerly Azure Active Directory, is central to authentication and identity management. Do not confuse identity management with governance tools. RBAC controls who can do what to Azure resources, while Entra ID manages user identities and authentication.

Exam Tip: On architecture questions, ask yourself whether the prompt is about organization, hosting, connectivity, data storage, or identity. That first classification helps eliminate many wrong answers before you even compare details.

Mock Exam Part 1 and Part 2 should include a balanced spread across these service families because AZ-900 often tests breadth rather than depth. Your job is to recognize the category, then identify the most suitable Azure service.

Section 6.3: Full Mock Exam Covering Describe Azure Management and Governance

The management and governance domain is where the exam shifts from “what Azure is” to “how Azure is controlled.” Your full mock exam should include pricing tools, service-level agreements, governance capabilities, monitoring concepts, compliance tools, and deployment support. Many candidates underestimate this section because it sounds administrative, but it frequently contains subtle best-answer wording.

Cost management is a major exam objective. Know the purpose of Azure Cost Management, pricing calculators, and total cost of ownership tools. The exam may test whether you can identify which tool estimates future cloud costs versus which tool compares cloud costs with on-premises environments. Watch for wording such as estimate, analyze, forecast, or compare. These verbs matter. Estimating a planned Azure deployment differs from analyzing current spending trends. A good test taker does not treat all cost tools as interchangeable.

Governance questions often target Azure Policy, resource locks, tags, and RBAC. RBAC is about permissions. Azure Policy is about enforcing or auditing standards. Resource locks prevent accidental deletion or modification. Tags help with organization and reporting. The common trap is confusing prevention with authorization. If the scenario asks how to ensure resources meet a naming or location rule, Azure Policy is stronger than RBAC. If it asks how to stop accidental deletion of a production resource, a lock is the better answer.

Compliance, trust, and service health are also important. You should recognize the role of the Microsoft Purview compliance portal at a basic level, understand that Azure provides tools to support compliance efforts, and know what Service Health communicates. Service Health is different from monitoring application metrics. It informs you about Azure service issues, planned maintenance, and advisories relevant to your subscription.

• Use SLA questions to identify uptime guarantees, not performance promises.
• Use governance questions to separate access control from standards enforcement.
• Use cost questions to separate estimation from real-time management or historical analysis.

Exam Tip: If a question asks for the “best way to enforce” a rule across resources, think policy first. If it asks who is allowed to perform an action, think RBAC first.

This domain rewards precision. Two answer choices may both support governance, but only one will align with the exact control mechanism described in the prompt.

Section 6.4: Detailed Answer Review and Decision-Making Patterns

The most valuable part of a full mock exam happens after you finish it. Weak Spot Analysis is not simply a list of wrong answers. It is a method for identifying why you missed them. Were you missing factual knowledge, or did you misread the prompt? Did you confuse two similar services? Did you rush and choose an answer that was true but incomplete? These patterns matter more than your raw practice score because they tell you where score gains are actually possible before exam day.

Review every question in three layers. First, identify the tested objective. Was it cloud concepts, architecture and services, or management and governance? Second, identify the trigger words that should have guided your decision. Third, explain why each incorrect option was less suitable. This last step is essential because Microsoft-style exams often use plausible distractors. If you cannot explain why the wrong options are wrong, you may be vulnerable to the same trap again.

A practical review framework is to sort misses into categories: knowledge gap, terminology confusion, scope confusion, and best-answer error. A knowledge gap means you did not know the concept. Terminology confusion means you mixed up similar terms such as availability zones and regions, or Azure Policy and RBAC. Scope confusion means you chose a tool that works at the wrong level, such as resource group instead of management group. A best-answer error means you selected something technically valid but less aligned to the exact requirement.

Exam Tip: The AZ-900 exam frequently rewards the answer with the simplest sufficient fit. Do not over-engineer. If the requirement is basic web app hosting with minimal infrastructure management, App Service is often a better answer than virtual machines.

Track recurring errors in a notebook or spreadsheet. If three misses involve identity and governance overlap, that is a revision signal. If your mistakes cluster around pricing tools, build a focused comparison sheet. Good candidates turn practice results into a targeted final review. Great candidates also notice their own habits, such as changing correct answers unnecessarily or rushing through familiar-looking questions. Decision-making discipline is part of exam readiness.

Section 6.5: Final Revision Plan by Official Exam Objective

Your final revision plan should align directly to the official AZ-900 objectives instead of random review. Begin with Describe cloud concepts. Spend time reinforcing cloud models, shared responsibility, consumption-based pricing, and the difference between scalability and elasticity. Make sure you can translate business needs into these concepts without relying on exact textbook wording. This domain often contains straightforward points if your fundamentals are stable.

Next, review Describe Azure architecture and services. Because this objective covers broad Azure knowledge, create compact comparison notes rather than long summaries. Compare regions versus availability zones, subscriptions versus resource groups versus management groups, virtual machines versus App Service versus functions, and blob storage versus file storage versus disk storage. Include identity basics with Microsoft Entra ID and access basics with RBAC. The goal is fast recognition, not deep implementation detail.

Then review Describe Azure management and governance. Focus on cost tools, SLAs, Azure Policy, tags, locks, compliance support, and Service Health. These topics are commonly tested using practical wording. Build one-page sheets that answer: what it does, when it is used, and what it is commonly confused with. This is especially effective for governance tools, where several answers may sound administratively reasonable.

A strong final review schedule for the last few days includes short blocks of active recall, one more timed mock exam, and focused correction of weak areas. Do not spend your final day trying to learn advanced material outside the AZ-900 scope. This exam measures fundamentals, and confidence comes from clean fundamentals. If registration, score expectations, and pacing still worry you, review them now so they do not distract you later. Know your exam appointment, ID requirements, and time plan in advance.

• Day minus three: full domain review with comparison charts.
• Day minus two: timed mock exam and answer analysis.
• Day minus one: light review, flashcards, and exam logistics.

Exam Tip: In the final 24 hours, prioritize recall over rereading. If you can explain a concept aloud in plain language, you are much more likely to recognize it correctly on the exam.

Section 6.6: Exam Day Tips, Confidence Boosters, and Next Steps

Your Exam Day Checklist should reduce uncertainty, not add pressure. Confirm your registration details, testing format, identification requirements, internet and room setup if testing online, and your planned arrival or check-in time. Remove avoidable stressors. A calm candidate reads more accurately, and accuracy matters more than speed on AZ-900. This is a fundamentals exam, so trust the structured preparation you have already completed.

During the exam, read the last line of the prompt carefully because it often reveals what is truly being asked. Then return to the scenario details. Watch for absolute words and scope indicators such as most appropriate, best, minimize management, enforce, estimate, or across multiple subscriptions. These words often eliminate distractors quickly. If you are unsure, rule out answers that solve a different problem than the one described. Avoid adding assumptions that are not in the prompt.

Confidence comes from process. If a question feels difficult, classify it by domain first. Is it cloud concept, architecture/service selection, or governance? Then identify whether the need is cost, control, hosting, storage, identity, or compliance. This method helps you recover even when the exact wording feels unfamiliar. Mark uncertain questions if your testing format allows review, but do not let one item drain time and focus from the rest of the exam.

Exam Tip: If two options both seem plausible, ask which one is more directly aligned to the stated objective in the prompt. Microsoft exam writers often include a broader true statement and a more precise best answer. Choose precision.

After the exam, regardless of the outcome, treat the experience as useful professional development. If you pass, you have validated your understanding of Azure fundamentals and built a base for future Microsoft certifications. If you do not pass on the first attempt, use the score report categories to guide your next study cycle. Either way, completing full mock exams, reviewing weak spots, and following a disciplined exam-day process puts you in a much stronger position than passive study ever could.

You are now at the end of the course. The final step is simple: review your weak areas, trust your preparation, and approach the exam with calm, structured thinking. That is how AZ-900 is passed.