AZ-900 Practice Test Bank: 200+ Questions

Section 1.1: AZ-900 exam purpose, audience, and official domain breakdown

AZ-900 is intended for candidates who need a broad understanding of Microsoft Azure and cloud concepts without being required to perform administrator-level tasks. That includes business stakeholders, students, sales professionals, project managers, career changers, and aspiring technical professionals. It is also a useful first certification for IT staff who plan to pursue role-based Azure certifications later. The exam validates vocabulary, conceptual understanding, and awareness of Microsoft’s core cloud offerings.

The official blueprint is your study anchor. Microsoft periodically updates the measured skills, so always verify the current skills outline on the official certification page before final review. At a high level, AZ-900 covers three major areas: cloud concepts; Azure architecture and services; and Azure management and governance. The exact weightings can change, but architecture and services usually carry the largest portion, followed by cloud concepts and management/governance. That means candidates who overfocus on only basic cloud definitions often discover too late that they are weak on Azure-specific services and architectural components.

What does the exam test in each domain? In cloud concepts, expect principles such as high availability, scalability, elasticity, reliability, predictability, security, governance, and manageability. You should know shared responsibility, consumption-based pricing, and the business benefits of cloud services. In Azure architecture and services, know regions, region pairs, availability zones, subscriptions, management groups, resource groups, and core services across compute, networking, storage, and databases. In management and governance, understand cost management, tags, Azure Policy, resource locks, Microsoft Purview, and the Service Trust Portal.

Exam Tip: Read the word “describe” carefully in the skills outline. On AZ-900, “describe” usually means explain the purpose, identify when a service is used, or distinguish it from related services. It usually does not mean perform advanced configuration steps.

A common trap is treating the exam as either too technical or not technical enough. It is not a memorization-only business exam, and it is not an administrator deployment exam. The sweet spot is conceptual precision. If a scenario mentions hosting applications without managing underlying infrastructure, think PaaS. If it mentions renting complete software delivered over the internet, think SaaS. If it stresses direct control over operating systems and virtual machines, think IaaS. The exam rewards candidates who can map scenario language to the correct cloud model or Azure service category quickly and confidently.

Section 1.2: Microsoft certification registration, scheduling, and rescheduling process

Registering for AZ-900 is straightforward, but careless scheduling creates unnecessary stress. Start by creating or confirming your Microsoft account and using the official certification page to access exam registration. Microsoft delivers exams through an authorized exam provider, and during registration you will choose whether to test at a center or take the exam online with remote proctoring, depending on local availability and current policies.

During the process, verify your legal name exactly as it appears on your identification documents. Name mismatches are a frequent administrative problem and can delay or prevent testing. Confirm your time zone, exam language, and selected appointment carefully before checkout. If you plan to test online, review the technical and environmental requirements well in advance. You may need a compatible computer, webcam, microphone, stable internet connection, and a quiet private space. Candidates sometimes prepare academically but fail the systems check or violate testing-room rules on exam day.

Rescheduling and cancellation options exist, but they are governed by provider deadlines. Do not assume you can move your exam at the last minute without penalty. Read the specific policy displayed during booking. A smart strategy is to pick a realistic date tied to your study plan, not an aspirational date that forces rushed preparation. Many first-time candidates book too early, then spend the week before the exam cramming instead of consolidating knowledge.

Exam Tip: Schedule your exam for a time of day when you are mentally sharp. For many candidates, a familiar morning or early afternoon slot works better than a late evening session after work fatigue has set in.

Another good practice is to schedule the exam before your motivation fades but after you have mapped a structured plan. A booked exam creates accountability. However, do not confuse commitment with pressure. If your practice scores and concept retention are not improving, use the rescheduling window rather than forcing an unprepared attempt. You want your appointment date to support performance, not sabotage it. Registration is not just a clerical step; it is part of your exam strategy.

Section 1.3: Exam format, timing, scoring model, and question style overview

AZ-900 typically includes a mix of question styles rather than one uniform format. You may encounter standard multiple-choice items, multiple-select items, drag-and-drop style associations, and short scenario-based prompts. Microsoft can adjust exam delivery and item types over time, so avoid overreliance on any single practice format. The key is to understand concepts well enough to answer across different presentations.

The exam has a defined appointment window, but not every minute is used for scored questions. There may be time allocated for instructions, survey items, and other administrative steps. Candidates often become anxious because they confuse total appointment time with actual question-answering time. Read on-screen directions calmly and manage your pace. You do not need to rush every question, but you do need to avoid spending too long on one confusing item early in the exam.

Microsoft uses a scaled scoring model, and the commonly cited passing score is 700 on a scale of 100 to 1000. That does not mean 70 percent correct in a simple one-to-one way. Different questions may carry different weight, and some items may be unscored pilot questions. Because of this, chasing exact raw-score math is not useful. Focus instead on broad competence across all tested domains. Weakness in one high-weight domain can hurt more than you expect.

Exam Tip: If you see two answer options that both seem true, ask which one most directly satisfies the wording in the stem. AZ-900 often tests the best answer, not just a technically possible answer.

Question writers also use distractors based on near-synonyms and category confusion. For example, a service related to compliance evidence may tempt you away from a governance service, or a networking term may be confused with an identity or management feature. Slow down enough to identify the exact task in the stem: compare, identify, select the best benefit, choose the correct service type, or determine the proper architectural component. Candidates who read lazily often miss easy points. Your passing strategy should combine steady pacing, domain balance, and disciplined reading.

Section 1.4: How to use a 200+ question bank effectively for retention

A large question bank is one of the best tools for AZ-900 preparation, but only if you use it the right way. The wrong method is to speed through questions, memorize answer positions, and feel confident because the same items start looking familiar. That creates recognition, not mastery. The real exam will often test the same objective using different wording, different distractors, or a slightly altered scenario. If you only memorized patterns, your score will collapse under variation.

The right method starts with diagnostic use. Take a mixed set early to identify weak domains. Then study those domains and return to targeted practice. For every missed question, write down three things: why the correct answer is right, why your chosen answer was wrong, and what clue in the wording should have guided you. This is how a practice bank becomes a retention engine instead of a score vanity tool.

Use spaced repetition. Revisit missed concepts after one day, several days, and one week. Group your review by themes such as cloud models, shared responsibility, pricing, Azure core architecture, compute, networking, storage, databases, and governance tools. If you miss a question about resource groups, do not review that item alone; review subscriptions, management groups, tags, and locks with it so your knowledge becomes connected.

Exam Tip: Aim to explain each answer aloud in plain language. If you cannot teach the difference between availability zones and regions, or between Azure Policy and a resource lock, you do not yet know it well enough for exam pressure.

Another smart technique is to mix confidence tracking with score tracking. Mark answers as “knew,” “guessed,” or “unsure.” A correct guess should still trigger review. Many candidates overestimate readiness because their raw practice score includes too many lucky selections. True readiness means consistent performance with clear reasoning. Use the 200+ question bank to build recall, discrimination, and exam stamina, not just a percentage.

Section 1.5: Common beginner mistakes and how to avoid them

The most common beginner mistake is assuming AZ-900 is easy because it is labeled fundamentals. Fundamentals does not mean trivial. It means the exam covers broad concepts that many new candidates have never organized formally before. Underestimating the exam leads to shallow study, weak terminology, and avoidable failure on basic distinctions.

A second mistake is studying only generic cloud theory and neglecting Azure-specific services. You must know both. It is not enough to define IaaS, PaaS, and SaaS if you cannot recognize Azure examples of compute, storage, networking, and database services. Likewise, you should not memorize service names without understanding the cloud principle behind them. The exam expects both concept and mapping ability.

A third mistake is confusing governance, compliance, and security tools. Candidates mix up Azure Policy, resource locks, cost management, Microsoft Purview, and the Service Trust Portal because all of them sound administrative. Learn the purpose of each one. Azure Policy enforces or evaluates rules. Resource locks help prevent accidental deletion or modification. Cost management supports spending visibility and optimization. Microsoft Purview relates to data governance and compliance capabilities. The Service Trust Portal provides access to trust, compliance, audit, and security documentation.

Exam Tip: When two Azure tools seem related, ask: “What is the primary purpose?” The exam usually separates tools by their core function, not by every feature they might touch indirectly.

Other common errors include cramming at the end, ignoring official terminology, and failing to read every word of a question stem. Watch for absolute terms and hidden qualifiers such as “best,” “most appropriate,” “primary,” or “automatically.” These often decide the answer. Also avoid overthinking. If the exam asks a fundamentals-level question, choose the fundamentals-level answer. Do not import advanced architecture assumptions that the stem does not mention.

Section 1.6: Personal study roadmap and final readiness checklist

Your study roadmap should be simple, structured, and realistic. Begin with the official exam skills outline and split your time according to the domain weight. A strong beginner plan over two to four weeks might start with cloud concepts, move into Azure architecture and services, and finish with management and governance, while using mixed practice throughout. Short daily study sessions usually outperform occasional marathon sessions because retention improves through repetition and recovery.

A practical weekly flow is: learn a topic, review notes, answer targeted practice items, analyze every mistake, and then revisit the same concepts later in mixed mode. Build summary sheets for terms that are easy to confuse: cloud models, service types, architectural components, storage options, compute services, and governance tools. If possible, pair reading with light hands-on exploration in the Azure portal so names become more concrete, but remember that conceptual clarity remains the main goal.

In the final days before the exam, shift from acquisition to consolidation. Stop chasing obscure details. Instead, verify that you can explain core concepts quickly and accurately: shared responsibility, consumption-based pricing, high availability, scalability versus elasticity, regions versus availability zones, subscriptions versus resource groups, and the purpose of major Azure service categories. Review your missed-question log and focus on repeated weak spots.

• Can you summarize the exam domains and their major objectives?
• Do you know the registration, ID, and scheduling requirements?
• Can you recognize common question styles without panic?
• Can you explain major cloud concepts in plain language?
• Can you identify core Azure compute, networking, storage, and database services?
• Can you distinguish governance and compliance tools by primary purpose?
• Are your recent practice results consistent, not lucky?

Exam Tip: The night before the exam, prioritize rest over last-minute cramming. A clear mind improves reading accuracy, recall, and confidence more than an extra hour of anxious review.

If you can work through this checklist honestly and your practice performance shows stable understanding across domains, you are ready to move deeper into the course. The remaining chapters will build the knowledge you need, but this chapter gives you the exam framework, study discipline, and tactical awareness required to use that knowledge effectively on test day.

Section 2.1: What cloud computing means in the AZ-900 context

In AZ-900, cloud computing is best understood as the delivery of computing services over the internet. Those services can include servers, storage, databases, networking, software, analytics, and more. The exam is not looking for a philosophical answer. It wants you to recognize that cloud computing provides on-demand access to resources, typically with rapid provisioning and pricing tied to usage. If a company no longer needs to buy and maintain every piece of infrastructure itself, that is a strong indicator of a cloud model.

A key exam concept is that cloud computing abstracts away much of the hardware complexity from the customer. Instead of purchasing physical servers, waiting for installation, and planning years in advance, organizations can provision resources when needed. This changes how IT operates. It also changes who is responsible for what. Even at this early concept stage, Microsoft expects you to know that moving to the cloud does not remove all customer responsibility. The provider manages parts of the environment, but the customer still manages certain settings, identities, data, and policies depending on the service used.

Another core term is shared responsibility. This appears throughout cloud concepts and governance. In simple terms, some responsibilities stay with the cloud provider and some remain with the customer. The exact split depends on whether the service is closer to infrastructure, platform, or software. On the exam, questions may not always mention the phrase directly, but they may describe who manages hardware, operating systems, applications, or data. Your job is to infer the boundary correctly.

A common trap is confusing cloud computing with virtualization alone. Virtualization is an enabling technology, but cloud computing includes broader capabilities such as self-service access, broad network access, elasticity, pooled resources, and usage-based billing. If an answer only describes virtual machines running somewhere, it may be incomplete. The better answer usually includes service delivery, scalability, or pay-for-use characteristics.

Exam Tip: When the exam asks what cloud computing enables, think speed, flexibility, and service delivery. When it asks what cloud computing changes, think cost model, responsibility model, and scaling behavior.

To identify the right answer, look for words such as on-demand, rapidly provisioned, internet-based delivery, shared responsibility, and consumption-based. These are classic AZ-900 signals. Answers that focus only on hardware ownership or only on a single technology are often distractors. The test is checking whether you understand the cloud as an operating model, not just a hosting location.

Section 2.2: Public cloud, private cloud, and hybrid cloud models

One of the most tested fundamentals in this domain is the difference among public cloud, private cloud, and hybrid cloud. These are cloud models, not service types. That distinction matters because many beginners confuse public cloud with SaaS or private cloud with IaaS. On AZ-900, cloud models describe where resources are hosted and how they are controlled, while service types describe how those resources are delivered to the customer.

In a public cloud, computing resources are owned and operated by a third-party cloud provider and delivered over the internet. Azure is a public cloud platform. Customers typically share underlying infrastructure, though their data and workloads remain logically isolated. Public cloud is associated with high scalability, minimal hardware ownership, and fast provisioning. If a scenario emphasizes avoiding infrastructure maintenance, supporting rapid growth, or paying only for what is used, public cloud is often the best fit.

In a private cloud, the cloud environment is dedicated to a single organization. It may be hosted in the company’s own datacenter or by a third party, but the key idea is that the organization has more control over the environment. Private cloud can be appealing when there are strict regulatory, compliance, customization, or control requirements. However, private cloud usually involves greater cost and management overhead than public cloud. On the exam, if the scenario emphasizes maximum control and dedicated resources, private cloud becomes a likely answer.

Hybrid cloud combines public cloud and private cloud or on-premises infrastructure, allowing data and applications to move between environments as needed. This is a favorite exam topic because it reflects real-world transition strategies. Hybrid cloud fits organizations that must keep some systems on-premises due to compliance, latency, legacy application requirements, or phased migration plans. If a question says a company cannot move everything to the cloud yet but wants cloud benefits for some workloads, hybrid cloud is the strongest choice.

A common trap is assuming hybrid means using multiple public cloud providers. That is actually multi-cloud, which is different. Another trap is assuming private cloud always means on-premises. It often does, but the defining factor is dedicated use by one organization, not simply the location of the equipment.

Exam Tip: Match the model to the business constraint. Public cloud usually means lowest management overhead and best agility. Private cloud usually means greatest control. Hybrid cloud usually means integration with existing on-premises systems.

To identify correct answers, read for clue words. “Dedicated,” “exclusive,” and “full control” point toward private cloud. “Rapid expansion,” “no hardware purchase,” and “hosted by provider” point toward public cloud. “Keep some resources on-premises,” “gradual migration,” and “connect both environments” point toward hybrid cloud.

Section 2.3: CapEx vs OpEx and consumption-based pricing

AZ-900 expects you to understand not just that cloud can save money, but how the financial model changes. This is where CapEx and OpEx appear. Capital expenditure, or CapEx, refers to upfront spending on physical infrastructure or long-term assets such as servers, networking equipment, and datacenter facilities. Operational expenditure, or OpEx, refers to ongoing spending for products and services as they are consumed. Cloud computing shifts many costs from CapEx to OpEx because customers no longer need to purchase as much infrastructure before it is used.

Consumption-based pricing is central to this idea. In the cloud, organizations often pay for the resources they consume, such as compute time, storage used, or transactions processed. This can reduce waste because companies do not need to overbuy for peak capacity months or years in advance. On the exam, if a scenario says a company has unpredictable demand, seasonal spikes, or wants to avoid large upfront costs, consumption-based pricing is likely one of the intended benefits.

However, Microsoft also tests the tradeoff side. Consumption-based pricing can be cost-efficient, but it requires monitoring and governance. If resources are left running unnecessarily, costs can rise unexpectedly. Therefore, a question may present cloud cost flexibility as a benefit while also implying the need for active management. Do not assume cloud is always automatically cheaper. The exam favors the more precise idea that cloud can optimize costs through pay-as-you-go usage and scaling, especially when matched to actual demand.

A common trap is selecting an answer that says cloud has no upfront costs at all. That is too absolute. Cloud reduces or shifts many upfront infrastructure costs, but organizations may still have migration, training, licensing, networking, or governance expenses. Another trap is confusing “pay for what you provision” with “pay only for what is actively used.” Some services bill based on provisioned capacity, and others are more usage-based. For AZ-900, the safest principle is that cloud pricing is generally consumption-based rather than requiring large hardware purchases.

Exam Tip: If a question compares traditional datacenter purchases with cloud flexibility, think CapEx versus OpEx first. That comparison is one of the most predictable patterns in this exam domain.

To identify the right answer, ask yourself what the business is trying to avoid: large upfront investment, overprovisioning, long procurement cycles, or idle capacity. Those cues usually support OpEx and cloud consumption-based models. If the requirement emphasizes buying and depreciating physical assets, that is CapEx language and typically points away from the core cloud advantage being tested.

Section 2.4: High availability, scalability, elasticity, reliability, and predictability

This section contains some of the most commonly confused cloud benefit terms in AZ-900. You should know each one individually and also understand how they differ. High availability refers to designing services so they remain accessible even when components fail. In practice, this often means redundancy across systems, locations, or zones. On the exam, if the goal is minimizing downtime and keeping services accessible during failures, high availability is the concept being tested.

Scalability means the ability to adjust resources to meet increasing or decreasing demand. This can happen by scaling up, adding more power to an existing resource, or scaling out, adding more instances. Elasticity is closely related but more dynamic. It refers to the automatic or near-automatic expansion and contraction of resources in response to workload changes. The easiest way to remember the difference is that scalability is the capacity to grow or shrink, while elasticity is the cloud’s ability to do so responsively as demand changes.

Reliability focuses on whether a system can recover from failures and continue operating according to expectations over time. It overlaps with availability but is not identical. A highly reliable system consistently performs well and can handle faults gracefully. Predictability refers to being able to forecast performance and cost with greater confidence. In cloud discussions, predictability often comes from standardized deployment, monitored environments, and usage-based models that can be measured and analyzed.

One major exam trap is treating all these terms as interchangeable benefits. They are related, but the correct answer depends on the wording. If the question mentions traffic surges during special events, elasticity is probably stronger than general scalability. If it mentions continued service despite hardware failure, high availability or reliability is more likely. If it mentions expected performance and cost analysis, think predictability.

Exam Tip: Read the verb in the scenario. “Remain available” suggests high availability. “Grow to meet demand” suggests scalability. “Automatically adjust as demand changes” suggests elasticity. “Recover and continue operating” suggests reliability.

To identify correct answers, connect the cloud benefit to the business outcome. Retail site traffic spike? Elasticity. Need to support long-term growth? Scalability. Need to reduce downtime risk? High availability. Need stable operational behavior over time? Reliability. Need to estimate spend and performance consistently? Predictability. The exam rewards choosing the term that most directly matches the stated outcome, not the broadest cloud buzzword.

Section 2.5: Security, governance, and manageability in cloud environments

Although this chapter is focused on cloud concepts, the AZ-900 exam also expects you to connect those concepts to secure and manageable operations. A frequent beginner mistake is assuming that moving to the cloud means security is now entirely the provider’s problem. Microsoft explicitly tests against that misunderstanding. Cloud security operates under a shared responsibility model. The provider secures the underlying infrastructure, while the customer is still responsible for items such as identity configuration, access control, data protection choices, and many workload settings depending on the service model.

Governance means establishing rules and controls to ensure resources are used properly, securely, and cost-effectively. In practical exam terms, governance is about consistency and policy. Even in a broad cloud-concepts question, governance can appear through ideas such as standardization, compliance, cost control, and preventing unauthorized changes. If a scenario talks about enforcing organizational requirements across resources, that is governance thinking.

Manageability is another cloud benefit. Cloud environments often provide tools for centralized monitoring, templates, automation, policy enforcement, and consistent deployment. Compared with traditional environments, this can reduce operational complexity and improve visibility. However, cloud manageability does not mean zero administration. A candidate should be able to recognize that cloud platforms improve management capabilities while still requiring planning, oversight, and proper configuration.

The exam may also frame security and governance as cloud benefits because major providers operate at enormous scale, invest heavily in physical and operational security, and offer built-in governance features. Still, avoid extreme statements like “the cloud is automatically secure” or “governance is no longer needed.” Those are classic trap answers because they ignore customer responsibilities and policy needs.

Exam Tip: When you see answer choices that sound absolute, be careful. In cloud security and governance, Microsoft usually favors balanced statements about shared responsibility, built-in tooling, and improved manageability rather than complete elimination of customer duties.

To identify the best answer, look for whether the question is asking about who secures what, how organizations enforce standards, or how they manage resources at scale. “Shared responsibility” points to security boundaries. “Enforce rules and compliance” points to governance. “Monitor, automate, and administer consistently” points to manageability. These distinctions matter because the exam often places them close together.

Section 2.6: Exam-style practice set for Describe cloud concepts

This final section is designed to help you think like the exam without presenting actual quiz items in the chapter text. The Describe cloud concepts domain usually uses short scenarios, comparison prompts, or definition checks. Your strategy should be to identify the tested keyword first, then eliminate answers that belong to a different conceptual category. For example, if the prompt is about where services are hosted and controlled, you should think cloud models. If the prompt is about how software or infrastructure is delivered, that belongs to cloud service types. Mixing those categories is one of the most common ways candidates miss straightforward points.

When practicing, train yourself to underline the business driver in each scenario. Is the company trying to reduce upfront investment? That suggests OpEx and consumption-based pricing. Does it need some systems to stay on-premises? That suggests hybrid cloud. Is the concern unexpected demand spikes? That suggests elasticity. Is the goal to keep services running despite failures? That points to high availability or reliability depending on wording. This approach helps you move from memorization to recognition, which is exactly what AZ-900 tests.

Also practice rejecting overstatements. Answer options that use words like “always,” “never,” “fully,” or “all” are often suspicious in foundational cloud questions. Cloud concepts are usually nuanced. Public cloud does not mean no control at all. Private cloud does not automatically mean cheaper. Cloud pricing does not guarantee lower cost without management. Security is not transferred entirely to the provider. These nuances are where Microsoft tests candidate maturity.

A productive study method is to build a three-column review sheet: term, official meaning, and common confusion. For example, write scalability and note that it is often confused with elasticity; write hybrid cloud and note that it is often confused with multi-cloud; write OpEx and note that it is often confused with “free from planning.” This type of structured comparison is highly effective for AZ-900 because the exam rewards differentiation among similar ideas.

Exam Tip: In the final review before test day, spend extra time on terms that seem obvious. Foundational terms create false confidence, but they are heavily tested and often paired with subtle distractors.

As you continue into later chapters, keep these cloud concepts active in your memory. Azure architecture, service choices, management tools, and governance controls all build on this foundation. Candidates who master this chapter typically find later domains easier because they already understand the logic behind cloud decisions rather than memorizing isolated facts.

Section 3.1: Infrastructure as a Service, Platform as a Service, and Software as a Service

The AZ-900 exam requires you to distinguish the three primary cloud service types: Infrastructure as a Service, Platform as a Service, and Software as a Service. These models are not just vocabulary terms; they describe how much of the technology stack the cloud provider manages and how much remains under customer control. A common exam objective is to match a business requirement to the correct service model. If you can identify the level of management responsibility and customization needed, you can usually identify the right answer quickly.

Infrastructure as a Service, or IaaS, provides fundamental computing resources such as virtual machines, storage, and networking. In Azure, Azure Virtual Machines is the classic IaaS example. Customers have strong control over the operating system, installed software, and many configuration settings. This is useful when a company wants to migrate existing workloads with minimal redesign or needs administrator-level control. On the exam, clues such as managing virtual machines, configuring the guest operating system, or controlling network setup often point to IaaS.

Platform as a Service, or PaaS, abstracts much of the infrastructure management so developers can focus on application deployment and code. Azure App Service is a standard example. In a PaaS scenario, Microsoft manages more of the underlying platform, including much of the operating environment, patching, and scaling capabilities. The customer focuses more on the application and data. If a question emphasizes rapid development, reduced administrative overhead, or hosting an application without managing servers, PaaS is often correct.

Software as a Service, or SaaS, delivers a complete application over the internet. Microsoft 365 is a familiar example. Customers use the software without managing the underlying infrastructure or application platform. On the exam, if the scenario involves accessing email, collaboration, CRM, or productivity software as a finished service, SaaS is likely the answer.

• IaaS: highest customer control, highest customer management effort
• PaaS: balanced approach, customer manages application and data more than infrastructure
• SaaS: lowest customer management effort, provider delivers finished software

Exam Tip: A fast test-day method is to ask, "What is the customer still managing?" If the answer includes operating systems and virtual machines, think IaaS. If the customer mainly manages deployed applications and data, think PaaS. If the customer mainly uses the software, think SaaS.

A common trap is assuming PaaS means no customer responsibility. That is false. Customers still manage application logic, identities, data, and many configuration choices. Another trap is confusing Azure as a platform with the PaaS model itself. Azure includes IaaS, PaaS, and SaaS-related offerings, so the word Azure alone does not tell you the service type. Look for scenario details, not brand names alone.

Section 3.2: Shared responsibility model across service types

The shared responsibility model is one of the most important cloud concepts tested on AZ-900. Microsoft wants candidates to understand that cloud security and management responsibilities are divided between the cloud provider and the customer. The exact split depends on the service type. This is a favorite exam topic because it reveals whether you truly understand how cloud services work rather than simply recognizing product names.

In all cloud models, Microsoft is responsible for the physical datacenter, including physical hosts, networking infrastructure at the datacenter level, and the physical security of facilities. Customers do not patch physical servers or secure building access. That part is always the provider's job. However, the customer is never completely free of responsibility. Data classification, identity management decisions, and correct service configuration remain important customer duties across all models.

In IaaS, the customer carries the largest share of responsibility. Microsoft manages the physical infrastructure, but the customer typically manages the guest operating system, installed applications, data, network controls at the resource level, and many security settings. In PaaS, Microsoft manages more of the platform, reducing the customer's administrative burden. The customer usually focuses on applications, data, identities, and service configuration. In SaaS, Microsoft manages almost everything related to the application delivery stack, but the customer still manages users, access, data usage, and some configuration choices.

This model often appears in exam questions that ask who is responsible for patching the operating system, securing data, or managing installed applications. The key is to determine which layer of the stack is being discussed. For example, operating system patching in a virtual machine points toward the customer in IaaS. Managing a fully hosted email application points more toward Microsoft in SaaS, with the customer still responsible for user access and data handling policies.

Exam Tip: If the word "guest operating system" appears, be careful. In IaaS, that is usually the customer's responsibility. In SaaS, customers generally do not manage any operating system layer at all.

A common trap is believing that moving to the cloud automatically transfers responsibility for security compliance to Microsoft. That is not correct. Microsoft provides secure platforms and compliance information, but customers are still responsible for how they use services, how they protect accounts, and how they govern data. Another trap is treating security as a single task. The exam may separate physical security, platform maintenance, application code, and data governance into different responsibility areas. Read each answer choice closely and think layer by layer.

Section 3.3: Core Azure architectural components: regions, region pairs, and availability zones

Azure architecture begins with understanding how Microsoft organizes its global infrastructure. The exam expects you to know the purpose of regions, region pairs, and availability zones, and to identify which concept best supports availability, resiliency, or geographic deployment requirements. These terms sound similar, so Microsoft frequently uses them to test precision.

An Azure region is a geographic area containing one or more datacenters connected through a low-latency network. Organizations choose regions based on factors such as legal requirements, proximity to users, service availability, and disaster recovery planning. If a scenario says a company wants to deploy resources near European customers or keep data within a specific broad geography, a region-based answer may be correct. Regions are foundational because many resources are created in a selected region.

A region pair is a Microsoft-defined relationship between two regions within the same geography in most cases. Region pairs support certain disaster recovery and update sequencing benefits. You do not need deep operational detail for AZ-900, but you should know that region pairs are designed to improve resiliency planning. If a question refers to large-scale outage planning across paired Azure locations, region pairs are the intended concept.

Availability zones are physically separate datacenter locations within an Azure region. They are designed to provide fault isolation within that region. If a workload must remain available even if one datacenter in the region fails, distributing resources across availability zones is often the best answer. This is a common exam clue. Availability zones are not the same as regions; zones are subdivisions within certain regions.

• Region: broad geographic deployment location
• Region pair: paired regions for resiliency considerations
• Availability zone: isolated datacenter locations within a region for high availability

Exam Tip: If the question asks for protection from a single datacenter failure within one region, choose availability zones. If it asks about geographic distribution or broader disaster recovery between locations, think regions or region pairs instead.

A frequent trap is choosing availability zones when the question actually asks about different geographic areas. Another trap is assuming every Azure region supports availability zones. The exam may not force you into unsupported edge cases, but it does expect you to know that not all services and all regions have identical capabilities. Focus on the role of each architectural component rather than memorizing every regional detail.

Section 3.4: Resources, resource groups, subscriptions, and management groups

Azure uses a clear organizational hierarchy, and AZ-900 regularly tests whether you can distinguish the purpose of each layer. The four key terms are resources, resource groups, subscriptions, and management groups. Understanding how they relate makes governance, billing, and access control questions much easier to answer.

A resource is an individual Azure item you create and manage, such as a virtual machine, storage account, virtual network, or database. It is the actual service object. On the exam, if the wording refers to a specific deployable service instance, the answer is likely resource. Resources are placed into resource groups for organization.

A resource group is a logical container for resources. It helps organize related Azure resources that share a lifecycle, permissions model, or deployment pattern. For example, an application's web app, database, and storage may be placed in the same resource group if they are managed together. Resource groups are a very common exam topic because they are central to practical Azure administration. You can apply access control and some management features at the resource group scope.

A subscription is primarily a billing and access boundary. It helps separate environments, departments, or projects and provides a scope for quotas and policies. If the scenario mentions billing, account structure, or separating workloads into different charging units, subscription is often the right choice. A company may have multiple subscriptions under one organization.

Management groups sit above subscriptions and allow governance at scale across multiple subscriptions. Large enterprises use them to organize subscriptions and apply policy or compliance structures broadly. On AZ-900, if the scenario says an organization needs to manage several subscriptions consistently, management groups are the correct concept.

Exam Tip: Think of the hierarchy from smallest practical object to largest governance container: resource, resource group, subscription, management group. Many questions can be solved by identifying where billing ends and where organizational control expands.

A common trap is saying that a resource group is a billing boundary. It is not. Billing is tied to subscriptions. Another trap is assuming all related resources must be in the same resource group. They do not have to be, although many deployment designs group related resources together for easier management. The exam usually tests the typical purpose, not rare edge-case designs.

Section 3.5: Azure portal, Azure Marketplace, and introductory service navigation

AZ-900 does not require deep hands-on administration, but it does expect you to recognize basic Azure interfaces and how users discover and deploy services. The Azure portal is the web-based management interface for Azure. It provides a graphical way to create, configure, monitor, and manage resources. For first-time candidates, this is important because many architecture questions mention where administrators interact with resources at a high level.

Within the Azure portal, you can search for services, view dashboards, browse resource groups, create new resources, and review subscriptions. Even if you are not tested on step-by-step portal actions, familiarity with the portal helps you interpret scenario wording. If a question describes creating a virtual machine, reviewing a storage account, or navigating to a subscription, the portal is the most natural environment associated with those activities.

Azure Marketplace is another term that appears in basic architecture and service navigation questions. It is a catalog of solutions, applications, and services from Microsoft and third-party vendors that can be deployed into Azure. The Marketplace helps organizations discover prebuilt offerings instead of building everything from scratch. If a question asks where a company can find partner-provided images or packaged solutions for deployment in Azure, Azure Marketplace is likely correct.

Introductory service navigation also means recognizing major categories such as compute, networking, storage, and databases. Azure Virtual Machines fits compute, Virtual Network fits networking, Storage Accounts fit storage, and Azure SQL Database fits databases. Even when the question is not directly asking for service categories, knowing them helps eliminate wrong answers that come from a different domain.

Exam Tip: When you see a question about finding or deploying a third-party solution into Azure, think Azure Marketplace, not resource group or subscription. Resource groups organize deployed resources; Marketplace is where offerings are discovered.

A common trap is confusing the Azure portal with Azure itself. The portal is one management interface, not the cloud platform as a whole. Another trap is treating Marketplace as a billing container or governance tool. It is neither. It is a source of deployable services and solutions. On the exam, choose the answer that matches the function being described: management interface, solution catalog, or organizational container.

Section 3.6: Exam-style practice set on cloud concepts and architecture fundamentals

This section is designed to help you think like the exam without listing direct quiz items. The AZ-900 test frequently combines service models and architecture basics in one scenario. For example, you may read about a company that wants to deploy an application globally, minimize server administration, and improve resilience. That single scenario may require you to recognize PaaS for reduced management, regions for geographic presence, and availability zones for intra-region fault tolerance. Mixed-domain thinking is exactly what this chapter's lesson sequence is preparing you to do.

To evaluate any scenario, start by identifying what the organization is really asking for. Is the core issue control versus convenience? That points to IaaS, PaaS, or SaaS. Is the issue availability within a location or across broad geography? That points to availability zones, regions, or region pairs. Is the issue cost tracking, deployment grouping, or enterprise governance? That points to subscriptions, resource groups, or management groups.

One effective study strategy is to create your own comparison table while reviewing practice items. Place similar terms side by side and note their exam triggers. For instance, write "resource group = logical organization and lifecycle management" and "subscription = billing and quota boundary." Doing this helps prevent the most common mistake in fundamentals exams: selecting an answer that sounds related but belongs to a different layer of the platform.

Exam Tip: On mixed questions, do not rush to the first familiar Azure term. Instead, identify the task being tested: service model, responsibility split, resiliency component, or organizational scope. Then choose the Azure concept that directly solves that task.

Another trap in practice sets is overthinking. AZ-900 is a fundamentals exam. The correct answer is usually the concept that most directly matches the stated requirement, not an advanced design pattern. Avoid importing expert-level assumptions unless the scenario clearly requires them. Your goal is to map clear business statements to official cloud and Azure terminology. If you can do that consistently, your accuracy on practice tests will improve, and your confidence on the real exam will rise with it.

Section 4.1: Azure Virtual Machines, containers, and Azure Virtual Desktop

Azure compute questions often begin with the broadest category: how should a workload run in Azure? For AZ-900, you should clearly separate three common options in this space: Azure Virtual Machines, containers, and Azure Virtual Desktop. Azure Virtual Machines are infrastructure as a service. They provide virtualized computing resources with control over the operating system, installed software, and configuration. When a question describes lift-and-shift migration, custom line-of-business applications, administrative access, or the need to manage the OS directly, virtual machines are usually the correct answer.

Containers package an application and its dependencies so it can run consistently across environments. In exam scenarios, containers are associated with portability, rapid deployment, microservices, and consistent application behavior. The key distinction from VMs is that containers are more lightweight and focus on the application rather than the full operating system. AZ-900 does not require deep orchestration knowledge, but you should understand that containers are ideal when teams want to deploy apps efficiently and consistently.

Azure Virtual Desktop is different from both. It is a desktop and application virtualization service that allows users to access Windows desktops and apps remotely. If a scenario mentions remote employees needing secure access to desktop environments, centralized desktop management, or delivering Windows experiences from Azure, Azure Virtual Desktop is the likely answer. It is not simply a synonym for VMs; it is a service designed for virtual desktop delivery.

Exam Tip: If the requirement is about end-user desktops, choose Azure Virtual Desktop. If the requirement is about running a server workload with OS control, choose Azure Virtual Machines. If the requirement is about packaging and deploying application components efficiently, choose containers.

A common exam trap is selecting VMs anytime compute is mentioned. Microsoft often places VM answers alongside more specialized services. Read carefully: are users accessing a desktop, are developers deploying app components, or is IT hosting a traditional server? Those are different patterns. Another trap is assuming containers are always the best modern answer. On AZ-900, the best answer is not the most advanced one; it is the one that matches the stated need most directly.

Section 4.2: Azure App Service, serverless computing, and Azure Functions

Platform services appear frequently on AZ-900 because they represent a major cloud benefit: reducing infrastructure management. Azure App Service is a platform as a service offering for hosting web apps, REST APIs, and mobile back ends. If a question emphasizes rapid web application deployment without managing servers or operating systems, Azure App Service is a strong fit. The test often checks whether you understand that App Service lets developers focus on code while Azure handles much of the underlying platform maintenance.

Serverless computing is a cloud execution model where the cloud provider dynamically manages infrastructure and customers pay based on actual execution or consumption. In AZ-900 terms, serverless is important because it represents event-driven, on-demand compute. Azure Functions is the core service you should associate with this model. Azure Functions runs code in response to triggers such as timers, HTTP requests, or messages. The service is ideal for short-lived tasks, automation, data processing events, and lightweight business logic that does not require a permanently running server.

The exam often tests the distinction between App Service and Azure Functions. App Service is typically for hosting a full web application or API with an always-available application model. Azure Functions is usually the better choice for discrete units of code that run when triggered. Both reduce infrastructure management, but they solve different application patterns.

Exam Tip: When a scenario says “run code in response to an event” or “execute logic only when needed,” think Azure Functions. When it says “host a web app” or “deploy an API without managing servers,” think Azure App Service.

A common trap is confusing serverless with “no servers exist.” Servers still exist, but Azure manages them for you. Another trap is assuming all application hosting in Azure is App Service. If the exam wording centers on event-driven behavior, intermittent execution, or consumption-based execution, Azure Functions is usually the cleaner answer. Watch for phrases like trigger, event, automatic execution, and pay only when code runs.

Section 4.3: Virtual networks, subnets, DNS, VPN Gateway, and ExpressRoute

Azure networking basics are foundational in the Describe Azure architecture and services domain. An Azure virtual network, often called a VNet, is the fundamental networking boundary for Azure resources. It enables Azure resources such as virtual machines to communicate securely with one another, the internet, and on-premises networks when configured appropriately. In exam questions, if you see wording about private communication between Azure resources, network isolation, or organizing IP address ranges, virtual networks are central to the answer.

Subnets are smaller network segments within a virtual network. Their purpose is to organize and separate resources logically within the VNet. On the exam, think of subnets as subdivisions that help structure deployments rather than as separate networks outside the VNet. DNS, or Domain Name System, maps names to IP addresses. AZ-900 will not test deep DNS administration, but it may ask you to identify DNS as the service that enables name resolution.

Hybrid connectivity is another favorite exam topic. VPN Gateway enables encrypted connectivity between Azure and on-premises environments over the public internet. ExpressRoute provides private, dedicated connectivity between on-premises infrastructure and Microsoft cloud services. The exam often asks which one is more appropriate for dedicated private connectivity, predictable performance, or avoiding internet-based transport. That answer is ExpressRoute.

Exam Tip: Use this shortcut: VPN Gateway equals secure connection over the internet; ExpressRoute equals private dedicated connection that does not traverse the public internet in the same way.

A common trap is choosing ExpressRoute just because it sounds more premium. If the scenario only requires secure hybrid connectivity and does not specifically call for private dedicated connectivity, VPN Gateway may be the better fit. Another trap is confusing a VNet with a subnet. A VNet is the larger private network space in Azure; a subnet is a segment inside it. Microsoft likes this distinction because it checks whether candidates understand architectural hierarchy.

Section 4.4: Load balancing options and traffic distribution concepts

AZ-900 expects you to recognize that Azure offers multiple ways to distribute traffic, and that the right choice depends on scope and traffic type. At a high level, load balancing spreads requests across resources to improve availability, performance, and scalability. The exam is less concerned with configuration details and more interested in whether you can identify the purpose of each option.

Azure Load Balancer is typically associated with distributing network traffic at the transport layer within a region. It is a strong fit when the question describes balancing traffic across virtual machines. Application Gateway is more focused on web traffic and application delivery features. Azure Front Door is commonly associated with global HTTP/HTTPS traffic distribution, acceleration, and entry-point optimization across regions. Traffic Manager distributes traffic using DNS-based methods and can route users based on performance, priority, weighted distribution, or geographic methods.

The exam often includes these services together as distractors. To answer correctly, identify whether the scenario is regional or global, whether the workload is general network traffic or web application traffic, and whether distribution is connection-based or DNS-based. If the question highlights global user routing and web application acceleration, Front Door becomes more likely. If it focuses on directing users to endpoints using DNS policies, Traffic Manager is a better match.

Exam Tip: When you see “global routing,” stop and rule out purely regional options first. When you see “web traffic,” look closely at Application Gateway or Front Door instead of defaulting to Azure Load Balancer.

A common trap is assuming all traffic distribution tools are interchangeable. They are not. Microsoft tests whether you understand broad categories: regional load balancing, application-aware web distribution, and global endpoint routing. You do not need protocol-level depth for AZ-900, but you do need to match service purpose to workload description accurately.

Section 4.5: Selecting the right compute and network services for scenarios

This section brings together the chapter’s main exam skill: matching workloads to core Azure services. Microsoft often writes scenario questions with only a few clues. Your success depends on recognizing the clue words and eliminating answers that solve adjacent but different problems. For example, a company migrating a legacy server application that requires administrator control points to Azure Virtual Machines. A development team deploying a web app with minimal infrastructure management points to Azure App Service. An event-triggered automation process points to Azure Functions. Remote users needing cloud-hosted desktops points to Azure Virtual Desktop.

On the networking side, private communication among Azure resources points to a virtual network. Dividing a network into smaller logical segments points to subnets. Resolving hostnames to IP addresses points to DNS. Connecting on-premises sites securely over the internet points to VPN Gateway. Requiring a dedicated private connection with more predictable enterprise connectivity points to ExpressRoute. Distributing traffic across servers or endpoints points to one of the load-balancing or traffic-routing options, with the exact choice depending on regional versus global scope and application type.

Exam Tip: In scenario questions, first classify the problem: compute, desktop delivery, web hosting, event-driven execution, private networking, hybrid connectivity, or traffic distribution. Then choose the Azure service in that category that most directly fits the wording.

Common traps include picking a real Azure service that is too broad, too advanced, or simply from the wrong category. Another trap is being distracted by business language such as “modernize” or “optimize.” The exam still expects a straightforward service match. Focus on operational needs: full OS control, managed web hosting, triggered code execution, desktop access, network segmentation, or hybrid connectivity. If you can map those needs quickly, you will answer many architecture and services questions correctly even when the wording changes.

Section 4.6: Exam-style practice set for Describe Azure architecture and services

As you review this domain, practice should focus less on memorizing isolated definitions and more on building pattern recognition. The AZ-900 exam commonly presents short business scenarios and asks which Azure service best satisfies them. To prepare effectively, study services in contrast sets. Compare Azure Virtual Machines with containers, then compare App Service with Azure Functions, then compare VPN Gateway with ExpressRoute, and finally compare load-balancing services by scope and purpose. This style mirrors how the exam distinguishes foundational understanding from guesswork.

When reviewing practice items, ask why each wrong answer is wrong. That is one of the fastest ways to improve your exam judgment. For example, if a scenario is clearly about desktop delivery, understand why Azure Virtual Desktop beats a generic VM option. If the requirement is event-driven execution, understand why Azure Functions is stronger than App Service. If connectivity must be private and dedicated, understand why ExpressRoute beats VPN Gateway. These distinctions are exactly what the Describe Azure architecture and services objective measures.

Exam Tip: If two answer choices seem close, return to the nouns in the scenario: desktops, servers, websites, events, network segments, private connectivity, or global traffic. Those nouns usually reveal the correct service family.

In your final review, focus on the official purpose statement for each service rather than advanced features. AZ-900 rewards clean conceptual understanding. If you can identify what a service is for, what problem it solves, and what nearby service it is commonly confused with, you are well prepared for architecture and services questions in this part of the exam.

Section 5.1: Azure storage services, redundancy options, and migration basics

Azure storage is a frequent AZ-900 exam topic because it covers several data types and several business needs. You should be able to distinguish object storage, disk storage, and file storage. Azure Blob Storage is used for massive amounts of unstructured data such as images, video, logs, backups, and documents. Azure Disk Storage provides persistent disks for Azure virtual machines. Azure Files offers managed file shares that can be accessed using standard file-sharing protocols, making it useful when applications expect a shared file system.

Another important concept is storage tiers. Hot, cool, and archive tiers are about access frequency and cost. Hot storage is for data accessed frequently. Cool storage is cheaper for data accessed less often, but retrieval costs more. Archive is the lowest-cost tier for long-term retention, but access is slower and rehydration may be required. A common trap is assuming archive is always best because it costs the least. On the exam, if data must be accessed quickly or frequently, archive is usually the wrong answer.

You also need to recognize redundancy options at a high level. Locally redundant storage keeps copies within a single datacenter. Zone-redundant storage spreads copies across availability zones in a region. Geo-redundant storage replicates to a secondary region. Read-access geo-redundant storage adds read access to the secondary location. The exam usually tests business continuity logic rather than replication internals. If the scenario stresses regional resilience, look for a geo-based option. If it stresses protection within a region, zone redundancy may be the better match.

Migration basics also appear in foundational form. Azure Migrate is the broad service used to discover, assess, and help migrate on-premises resources to Azure. Azure Data Box is associated with transferring very large volumes of data when network upload is impractical. Azure File Sync helps extend on-premises file servers with Azure Files. Exam Tip: If the problem is about evaluating and planning migration, Azure Migrate is often the right direction. If the problem is about physically moving huge datasets, think Data Box.

To identify correct answers, ask what kind of data is being stored and what business requirement matters most:

• Unstructured objects and backups: Azure Blob Storage
• Shared file access over standard protocols: Azure Files
• Persistent VM storage: Azure Disk Storage
• Long-term low-access retention: archive tier
• Regional disaster recovery emphasis: geo-redundant options

A common exam trap is mixing up storage type with redundancy type. Blob, disk, and files describe what is being stored. LRS, ZRS, GRS, and RA-GRS describe how copies are protected. The exam expects you to keep these categories separate.

Section 5.2: Azure database services and analytics service overview

AZ-900 expects broad recognition of Azure data platforms rather than advanced design skills. Start with the relational versus non-relational distinction. Azure SQL Database is a managed relational database service based on the SQL model. It is a strong match when the scenario mentions structured tables, relationships, transactions, or SQL queries. Azure Database for MySQL and Azure Database for PostgreSQL provide managed services for those open-source database engines. These are often the correct answer when the scenario specifically requires compatibility with those platforms.

Azure Cosmos DB is the key non-relational service to know. It is designed for globally distributed, highly responsive applications and supports multiple data models. If the prompt includes terms like globally distributed, low latency, NoSQL, or flexible schema, Cosmos DB is a high-probability answer. A classic trap is choosing Azure SQL Database simply because SQL sounds familiar. The exam often places Cosmos DB and SQL Database side by side to see if you can recognize relational versus NoSQL requirements.

For analytics, understand the difference between operational databases and analytical platforms. Azure Synapse Analytics is associated with large-scale analytics, data integration, and enterprise data warehousing scenarios. Microsoft Fabric may appear in broader Azure ecosystem discussions, but for AZ-900, Synapse is the core analytics service to recognize. The exam may also refer to data lakes at a high level through Azure Data Lake Storage capabilities built on Blob Storage.

Another useful distinction is between databases that run application transactions and services that analyze large data volumes for reporting and insights. If the scenario describes app records, users, orders, or transactions, think operational database. If it describes reporting across huge datasets, warehousing, or business intelligence pipelines, think analytics. Exam Tip: The exam often rewards category recognition more than product detail. First decide whether the need is relational, open-source relational, NoSQL, or analytics, and then match the service.

Use this reasoning pattern:

• Structured relational app data: Azure SQL Database
• Need for MySQL or PostgreSQL engine compatibility: corresponding Azure Database service
• Globally distributed NoSQL applications: Azure Cosmos DB
• Large-scale analytics and warehousing: Azure Synapse Analytics

A common trap is overthinking service overlap. At the AZ-900 level, Microsoft wants you to identify the primary service purpose, not debate architecture tradeoffs. Choose the service that most clearly fits the stated requirement category.

Section 5.3: Azure identity services, Microsoft Entra ID, and authentication basics

Identity, access, and security basics are essential in AZ-900 because they connect directly to secure cloud operations. The most important service here is Microsoft Entra ID, formerly Azure Active Directory. Microsoft Entra ID is Azure's cloud-based identity and access management service. It supports user identities, group identities, application identities, single sign-on, and integration with many cloud applications. If the exam asks about managing user sign-in or giving employees access to cloud apps, Microsoft Entra ID is a prime answer.

You must also distinguish authentication from authorization. Authentication answers the question, “Who are you?” Authorization answers, “What are you allowed to do?” This is one of the most commonly tested conceptual distinctions. Multi-factor authentication strengthens authentication by requiring additional verification factors. Role-based access control, or RBAC, is about authorization by assigning roles that grant permissions to Azure resources.

On the exam, watch for wording traps. If a scenario says users must sign in once to access multiple applications, that points to single sign-on in Microsoft Entra ID. If it says a user should only be able to view resources but not modify them, that points to authorization through RBAC. If it says increase sign-in security with an additional prompt, think MFA. Exam Tip: Authentication and authorization are not interchangeable. Microsoft often places both terms in answer choices because many candidates confuse them.

You should also know the value of Conditional Access at a high level, though AZ-900 treats it conceptually. Conditional Access applies access decisions based on signals such as user, location, device, or risk. The exam may present this as a policy-driven access control approach. Similarly, Zero Trust may appear as a security principle based on verifying explicitly, using least privilege, and assuming breach.

Another recurring distinction is between identity management and governance controls. Microsoft Entra ID manages identities and sign-in. Azure Policy enforces standards on resources. Resource locks protect resources from accidental changes. These all support security, but they are not the same thing. If the exam asks about access to applications, identity is the core area. If it asks about standards for deployments, governance is the core area.

To identify the best answer, classify the need first:

• User sign-in and cloud identity: Microsoft Entra ID
• Verify identity: authentication
• Grant permissions: authorization
• Extra sign-in protection: MFA
• Access based on roles: Azure RBAC

This section is foundational because many later governance topics assume you already understand the difference between proving identity and controlling permissions.

Section 5.4: Describe Azure management and governance: cost management, tags, and SLAs

Management and governance questions in AZ-900 often sound simple, but they test whether you understand how Azure environments are controlled in real organizations. Azure Cost Management helps monitor, allocate, and optimize spending. It is used to analyze where costs come from, view trends, set budgets, and identify opportunities to reduce waste. If the scenario asks how to track or control Azure spending across subscriptions or services, Cost Management is the likely fit.

Tags are another common exam topic. Tags are name-value pairs applied to resources for organization. They are useful for cost reporting, resource categorization, and administrative tracking. For example, tags can label resources by department, environment, owner, or project. A trap here is assuming tags enforce behavior. They do not. Tags organize and classify. Azure Policy enforces. If the question asks how to identify resources belonging to Finance or Production, tags are a strong answer. If it asks how to require every resource to have such labels, Azure Policy becomes relevant.

You should also understand service-level agreements, or SLAs. An SLA is Microsoft's financial commitment regarding service uptime. Higher availability percentages generally correspond to lower tolerated downtime. Exam questions may compare single VM solutions with architectures that use availability zones or multiple instances. The key principle is that better resilience design can support a higher uptime expectation. Exam Tip: AZ-900 may not ask you to calculate exact downtime from memory, but it often expects you to know that redundant designs generally improve availability compared to single-instance designs.

Cost questions often include distractors related to performance or security. Stay focused on the management objective. If the stated need is budget visibility, choose the tool that measures and reports spending, not the one that secures access or deploys resources. Likewise, if the need is simply to categorize resources for billing or ownership reports, tags are better than RBAC, locks, or Policy.

Remember these high-yield mappings:

• Monitor and analyze spend: Azure Cost Management
• Classify resources by business metadata: tags
• Understand uptime commitment: SLA
• Improve availability posture: design with redundancy, not just cost controls

A frequent trap is confusing what a tool can influence versus what it can report. Cost Management helps analyze and govern spending, but it does not automatically redesign workloads. Tags help identify resources, but they do not stop users from deleting them. The exam rewards precise understanding of each tool’s purpose.

Section 5.5: Azure Policy, resource locks, Microsoft Purview, Service Trust Portal, and compliance features

This section brings together several governance controls that are easy to confuse on the exam. Azure Policy is used to create, assign, and manage policies that enforce rules for resources. It can require certain configurations, deny noncompliant deployments, or audit environments against standards. If the requirement is to make sure resources follow company rules, such as allowed locations or required tags, Azure Policy is the correct category.

Resource locks serve a different purpose. A lock protects a resource from accidental deletion or modification. Delete locks prevent deletion. Read-only locks prevent changes. The important exam distinction is that locks do not replace permissions. A user may have permission to manage a resource, but a lock can still block destructive action. Exam Tip: If the scenario says prevent accidental deletion, think resource lock before you think RBAC or Policy.

Microsoft Purview is the service associated with data governance, data cataloging, data discovery, and compliance-oriented visibility across data estates. At the AZ-900 level, know that Purview helps organizations understand and govern their data, especially where data exists and how it should be classified. It is not the same as Cost Management, Policy, or identity management. Questions may use phrases such as data estate, data governance, catalog, or classification.

The Service Trust Portal is another foundational exam item. It provides access to compliance documentation, audit reports, privacy information, and details about how Microsoft cloud services address security and regulatory expectations. If a company needs official Microsoft compliance resources or reports, the Service Trust Portal is the right answer. A common trap is choosing Microsoft Purview when the requirement is actually to view Microsoft compliance documentation rather than govern the company’s own data.

These tools often appear together because they all relate to governance, but they answer different needs:

• Enforce standards on Azure resources: Azure Policy
• Prevent accidental delete or modification: resource locks
• Govern and discover organizational data: Microsoft Purview
• Access Microsoft's compliance and audit documentation: Service Trust Portal

To avoid mistakes, ask yourself whether the action is enforce, protect, govern data, or review compliance evidence. That one decision usually narrows the answer immediately. The exam is testing your ability to tell apart similar-sounding governance services by purpose, not by implementation detail.

Section 5.6: Exam-style practice set for architecture, management, and governance

In this final section, focus on how AZ-900 questions are typically constructed. The exam usually gives a short business requirement and asks you to identify the most appropriate Azure service or governance feature. Your success depends on reading for the deciding phrase. For storage, that phrase may be unstructured data, shared files, archive retention, or disaster recovery. For databases, it may be relational, PostgreSQL compatibility, or globally distributed NoSQL. For governance, it may be enforce standards, prevent deletion, classify costs, or review compliance documents.

A strong method is to eliminate answers by category mismatch. If the scenario is about sign-in, remove storage services immediately. If it is about preventing accidental deletion, remove identity services and cost tools. If it is about compliance reports from Microsoft, remove Purview and Cost Management. This elimination technique is especially useful when several answer choices are legitimate Azure services but only one matches the specific objective described.

Here are practical patterns to rehearse mentally as you prepare:

• If the need is user identity and access to cloud apps, start with Microsoft Entra ID.
• If the need is assign permissions to Azure resources, think RBAC.
• If the need is enforce standards like allowed regions or required tags, think Azure Policy.
• If the need is stop accidental deletion, think resource locks.
• If the need is cost analysis and budgeting, think Azure Cost Management.
• If the need is organize resources by owner, environment, or department, think tags.
• If the need is Microsoft compliance documentation, think Service Trust Portal.

Exam Tip: The most common AZ-900 trap is choosing a tool that seems related but operates at the wrong layer. For example, RBAC controls permissions, but it does not enforce deployment standards. Tags identify resources, but they do not stop noncompliant deployments. Locks prevent deletion or change, but they do not classify cost data.

As part of your study strategy, build flash comparisons rather than isolated definitions. Compare Blob Storage versus Files, Azure SQL Database versus Cosmos DB, authentication versus authorization, tags versus Policy, and Policy versus locks. These comparison pairs reflect how the exam is written. The objective is not just to know what each service is, but to know why one is right and the other is wrong in a specific context.

This chapter’s architecture, management, and governance topics complete a major portion of the AZ-900 service-selection skill set. Review them until you can identify the correct service from scenario clues quickly and confidently. That speed matters because the easiest points on the exam often come from foundational recognition questions exactly like these.

Section 6.1: Full-length AZ-900 mock exam set A

Use the first full-length mock exam as a diagnostic benchmark, not just a score report. Set A should be completed in one uninterrupted sitting to simulate the mental endurance required on test day. Even though AZ-900 is a fundamentals exam, attention drift is one of the most common causes of missed items. This first set should cover all major objective areas: cloud concepts, Azure architecture and services, and Azure management and governance. Your goal is to identify whether you can shift smoothly between pricing models, compute services, storage choices, identity concepts, and governance tools without losing context.

When working through the mock, classify each item mentally before answering. Ask yourself: Is this a concept definition question, a scenario-matching question, or a feature-comparison question? That quick classification helps you avoid a major trap: answering based on keywords alone. For example, if you see terms related to compliance, your instinct might jump to Microsoft Purview or the Service Trust Portal, but the item could actually be testing Azure Policy or resource locks depending on whether the task is discovery, documentation, enforcement, or change prevention.

Exam Tip: During your first mock attempt, do not pause after every uncertain question to research it. That weakens the diagnostic value. Mark your confidence level instead: high, medium, or low. Later, compare wrong answers with your confidence labels. High-confidence misses usually reveal dangerous misconceptions, while low-confidence misses reveal expected study gaps.

Set A should also train you to watch for wording precision. AZ-900 frequently distinguishes between capital expenditure and operational expenditure, between IaaS/PaaS/SaaS responsibilities, and between cloud models such as public, private, and hybrid. These are foundational topics that often appear easy, which is exactly why candidates read too quickly. The mock should help you build discipline in noticing small qualifiers such as “best,” “most appropriate,” “customer is responsible,” or “automatically provides.”

After finishing Set A, do not judge performance only by total percentage. Review by objective category. If your cloud concepts score is strong but architecture and services performance is inconsistent, that tells you the problem is likely service differentiation rather than general Azure understanding. If governance questions are weak, check whether you are confusing tools that monitor, tools that document, and tools that enforce. This first mock is your baseline for the final phase of preparation.

Section 6.2: Full-length AZ-900 mock exam set B

Mock exam Set B should be taken after you have reviewed Set A, but before you begin deep remedial study. The reason is simple: you want a second measurement of your exam behavior, not just your memory of the previous review. Set B should feel like a clean rehearsal of the real certification experience. Approach it with the same timing rules, the same concentration, and the same commitment to finishing in one sitting.

This second full-length set is especially useful for testing recovery from common errors seen in Set A. For example, did you improve your ability to distinguish Azure regions from availability zones? Are you now more precise when selecting between Azure virtual machines, containers, and serverless services? Can you reliably separate governance tools such as Azure Policy, resource locks, cost management features, and trust/compliance resources? The exam often tests these side by side because it wants to verify conceptual boundaries, not memorized buzzwords.

Another purpose of Set B is stress management. Candidates often perform worse on a second practice exam because they become overly cautious after reviewing mistakes. That can lead to overthinking simple items. Exam Tip: If two answer choices both sound possible, go back to the exact objective being tested. AZ-900 usually rewards the option that directly matches the defined capability, not the one that is broadly related. “Related” is how distractors are built.

Set B should also validate your pacing system. Notice how long you spend on uncertain items. If you repeatedly invest too much time in one question, you are likely sacrificing easier points elsewhere. Practice answering, marking for review when needed, and moving on. Confidence under exam conditions comes from process, not from feeling certain on every item.

When scoring Set B, compare not only raw score but also consistency. Did your weak domains remain weak? Did you fix one domain but regress in another? Strong final preparation depends on trend analysis. If both mock exams show the same confusion pattern, treat that as a priority objective-level issue. If performance varies widely, the problem may be exam technique rather than content mastery. Set B should therefore be viewed as a confirmation tool for both knowledge and execution.

Section 6.3: Detailed answer explanations and distractor analysis

The most valuable part of any mock exam is not the score; it is the answer review. In AZ-900 preparation, detailed explanations teach you how Microsoft frames distinctions between similar services and concepts. Every missed question should be reviewed in three layers: why the correct answer is correct, why your selected answer is wrong, and why the remaining distractors were included. That last step is where many candidates improve fastest because distractors are usually designed around common misunderstandings from the official objectives.

Suppose you missed a question in the governance domain. Do not stop at learning the correct term. Ask what clue would have separated Azure Policy from a resource lock, or Cost Management from the Service Trust Portal. Azure Policy governs compliance with defined rules. Resource locks prevent deletion or modification. Cost Management analyzes and optimizes spending. The Service Trust Portal provides access to compliance and trust documentation. These distinctions are testable because they represent different categories of control and information.

Exam Tip: If an explanation contains a phrase like “enforces,” “prevents,” “documents,” “recommends,” or “classifies,” highlight that verb mentally. AZ-900 questions often hinge on the action a service performs. Matching the verb to the correct Azure capability is a reliable way to eliminate distractors.

Distractor analysis is equally important in core architecture and services. A wrong answer may be attractive because it belongs to the same broad family. For example, multiple compute options may appear plausible, but only one matches the scenario’s management level, scaling model, or hosting requirement. Likewise, storage distractors often test whether you understand access method, redundancy behavior, or intended workload rather than simply recognizing a storage product name.

Build an error log as you review. Group errors into categories such as terminology confusion, service comparison confusion, missed qualifier words, and time-pressure mistakes. This turns review into a repeatable study system instead of a one-time correction. Over time, you will notice that many incorrect answers come from a small number of recurring patterns. Once those patterns are visible, your final review becomes far more efficient and targeted.

Section 6.4: Weak-domain review by official objective name

After both mock exams, review your weakest areas using Microsoft’s official objective names rather than your own informal labels. This matters because the exam blueprint is organized by those domains, and objective-based review helps ensure complete coverage. The three major areas for AZ-900 are Describe cloud concepts, Describe Azure architecture and services, and Describe Azure management and governance. If you map every missed item to one of these names, your remediation becomes exam-aligned instead of random.

For Describe cloud concepts, focus on the foundations that candidates often dismiss too quickly: benefits of cloud computing, shared responsibility, elasticity, scalability, fault tolerance, disaster recovery, and consumption-based pricing. Common traps include mixing OpEx with CapEx, confusing horizontal versus vertical scaling, or assuming the provider always manages everything in every service model. The exam frequently checks whether you understand who is responsible in on-premises, IaaS, PaaS, and SaaS contexts.

For Describe Azure architecture and services, build a comparison mindset. Know how regions, region pairs, availability zones, subscriptions, and resource groups differ in purpose. Then review compute, networking, storage, and database services with attention to what each service is for, not just what category it belongs to. Exam Tip: If this domain is weak, create side-by-side comparison notes. The exam often rewards the candidate who can distinguish related services quickly.

For Describe Azure management and governance, be especially precise with governance vocabulary. Azure Policy, resource locks, tags, cost management capabilities, Microsoft Purview, and the Service Trust Portal can all appear in scenario form. This domain tests whether you can connect business needs such as compliance, visibility, cost control, and change prevention to the correct Azure feature. A common trap is choosing the option that sounds most security-oriented, even when the actual requirement is governance or documentation.

Finish this review by selecting one weak objective and writing a one-page summary from memory. If you cannot explain it clearly without notes, it is not yet exam-ready. Objective-name review keeps your preparation focused, measurable, and aligned to what the certification actually tests.

Section 6.5: Time management, question triage, and confidence tactics

Good AZ-900 candidates know the material. Passing candidates also manage the exam itself. Time management is not about racing; it is about protecting your attention for the questions that deserve it. Use a triage system from the start. Answer high-certainty questions promptly. For medium-certainty items, make your best choice, mark them if the interface allows, and move on. For low-certainty questions, eliminate obvious wrong answers, select the best remaining option, and return only if time permits.

This method works because AZ-900 typically includes many questions that should be answered efficiently if your preparation is solid. Spending too long on one governance wording issue or one service comparison can cost you multiple straightforward points elsewhere. The exam is broad, so your strategy should favor steady accumulation of correct answers. Exam Tip: Never leave easy definition-based points on the table because you were trapped in a single difficult scenario item for too long.

Confidence tactics are equally important. Confidence is not pretending to know everything; it is trusting a disciplined process. When you feel uncertain, slow down and identify the tested concept first. Is the question really about pricing, responsibility, service type, redundancy, governance, or trust documentation? Once you identify the concept category, the answer set often becomes much easier to evaluate.

Watch for emotional traps. Candidates often change correct answers because a later question introduces related terminology and creates doubt. Unless you misread the original question or spot a clear logic error, avoid unnecessary answer changes. Your first answer is not always right, but changing answers without strong evidence usually reflects anxiety rather than reasoning.

Finally, use mini-resets. If you notice mental fatigue, pause briefly, breathe, and refocus on one question at a time. The goal is calm accuracy. AZ-900 does not require advanced configuration knowledge, so most points are won by reading carefully, mapping the question to the correct objective area, and avoiding panic-driven mistakes.

Section 6.6: Final review plan and test-day success checklist

Your final review should be structured, light, and confidence-building. Do not spend the last study session trying to relearn the entire course. Instead, review objective summaries, comparison notes, weak-domain flash points, and your mock exam error log. The final 24 hours should reinforce pattern recognition: cloud models, service types, core Azure components, compute/network/storage/database distinctions, and governance tools such as Azure Policy, locks, tags, cost analysis features, Microsoft Purview, and the Service Trust Portal.

Create a compact checklist for exam day. Confirm your registration details, identification requirements, exam delivery method, and technical setup if testing remotely. Prepare your workspace in advance if required. If you are testing at a center, plan travel time so you arrive early and avoid unnecessary stress. Exam Tip: Administrative problems create preventable anxiety that can reduce performance before the first question even appears.

• Review official objective names one final time.
• Skim a one-page comparison sheet of commonly confused Azure services and governance tools.
• Read your top recurring mistake patterns from both mock exams.
• Sleep adequately instead of cramming late.
• Eat and hydrate appropriately before the exam.
• Begin the exam with a pacing and triage plan already decided.

On test day, remind yourself what AZ-900 is measuring: foundational understanding and correct identification of Azure concepts and services. You do not need perfect recall of every detail. You need clear thinking, accurate reading, and steady execution. During the exam, start strong by banking the easy points. Use elimination aggressively on uncertain items. Return to marked questions only after securing the rest.

When the exam ends, trust the preparation you have completed. This chapter is designed to make your final stage of study practical and exam-focused. If you have completed both mock sets, analyzed distractors, reviewed weak domains by official objective, and rehearsed your exam-day process, you are approaching the AZ-900 the right way: prepared, organized, and ready to pass.