AZ-900 Practice Test Bank: 200+ Questions

Section 1.1: AZ-900 exam purpose, audience, and certification value

AZ-900 is designed to validate foundational understanding of cloud computing and Microsoft Azure. It is intended for beginners, career changers, students, business stakeholders, and technical professionals who want a baseline credential in cloud concepts. You do not need hands-on administrator-level experience to pass, but you do need a working understanding of the language Microsoft uses to describe cloud services, Azure architecture, and governance capabilities.

From an exam-objective perspective, Microsoft is testing whether you can explain rather than implement. That distinction helps you set the right study depth. You are not expected to perform complex scripting, deploy enterprise-scale architectures, or troubleshoot production systems. Instead, you should recognize concepts such as shared responsibility, public versus private cloud, regions and availability zones, and the role of tools like Azure Monitor, Cost Management, and Azure Policy.

The value of the certification is practical. For newcomers, it establishes credibility and gives structure to cloud learning. For non-technical roles such as sales, project coordination, procurement, or management, it helps candidates speak accurately about Azure solutions and pricing models. For aspiring administrators, developers, and security professionals, it creates a strong vocabulary base for more advanced Microsoft certifications.

Exam Tip: Do not underestimate the business-facing language in AZ-900. Microsoft often frames questions in terms of cost, scalability, governance, or organizational need rather than deep technical configuration. If an answer sounds too advanced for a fundamentals exam, it may be a distractor.

A common trap is assuming AZ-900 is only about memorizing service names. In reality, the exam rewards understanding of why a service or concept fits a given situation. For example, you may know that Azure offers IaaS, PaaS, and SaaS, but the exam tests whether you can identify which model gives the customer more control or less management overhead. That is the kind of reasoning expected from a successful candidate.

Section 1.2: Official domain breakdown and what Microsoft expects

The AZ-900 blueprint is organized around three major areas: cloud concepts; Azure architecture and services; and Azure management and governance. Your preparation should mirror this structure because Microsoft writes questions directly against these published objectives. A disciplined study plan begins with domain mapping, not random review.

The cloud concepts domain covers topics such as shared responsibility, cloud models, and the benefits of cloud computing. Expect Microsoft to test whether you understand differences between public, private, and hybrid cloud, and whether you can connect concepts like elasticity, high availability, scalability, reliability, and fault tolerance to realistic outcomes. Consumption-based pricing is another important idea because it reflects the financial model of cloud services.

The Azure architecture and services domain is broader. It includes core architectural components such as regions, region pairs, availability zones, subscriptions, resource groups, and management groups. It also includes common services spanning compute, networking, storage, databases, and identity. Microsoft expects you to recognize the purpose of major services and choose the most appropriate one from a short list of options.

The management and governance domain focuses on cost management, service-level concepts, compliance tools, resource organization, and monitoring capabilities. Here, candidates often mix up Azure Policy, resource locks, Microsoft Purview, Cost Management, and Azure Monitor because the names are all familiar but their functions differ. Exam Tip: Learn each governance and monitoring tool by primary purpose. Ask yourself: does this tool enforce rules, report costs, monitor performance, or help with compliance and data governance?

A common exam trap is overreading the technical detail of a question while ignoring the objective it is really testing. If a question mentions a business requirement like reducing administrative effort, enforcing standards, or paying only for usage, the answer usually maps back to a specific domain concept. Strong candidates identify the tested objective first, then compare answer choices.

Section 1.3: Registration process, exam delivery options, and ID policies

Part of exam readiness is knowing how to register and what to expect before test day. Candidates typically schedule AZ-900 through Microsoft’s certification portal, where they select the exam, choose a delivery option, and book a date and time. Available delivery methods may include a test center appointment or an online proctored session, depending on region and provider availability.

For many learners, online delivery is convenient, but it comes with stricter environmental requirements. You usually need a quiet private room, a reliable internet connection, a working webcam and microphone, and a clean testing space. The check-in process may involve identity verification, room scans, and photos of your workspace. If your environment does not meet the rules, your session may be delayed or canceled.

Test center delivery can reduce some technical stress, but you still need to arrive prepared. Bring acceptable identification exactly as required by the exam provider. The name on your registration should match your ID. Even strong candidates can lose an exam attempt because of an avoidable identity mismatch or late arrival. Exam Tip: Review the current ID and check-in rules directly from the official provider before exam day, not from old forum posts or memory.

Scheduling strategy matters too. Book the exam early enough to create commitment, but not so early that you force yourself into panic studying. Many candidates perform best when they set a target date two to six weeks after starting a structured review plan. That gives enough time for domain coverage, practice-bank repetition, and correction of weak areas.

A common trap is treating registration as a final step. Instead, use it as part of your study discipline. Once your exam date is on the calendar, your practice sessions become more focused, and your review plan gains urgency. Administrative readiness is part of certification readiness.

Section 1.4: Scoring model, passing mindset, and question types

Microsoft exams typically use a scaled scoring model, and candidates often hear that a score of 700 is considered passing. What matters most is not chasing a raw percentage but understanding that different questions may vary in format and emphasis. Your goal is consistent performance across the published domains, not perfection in one area and neglect in another.

AZ-900 commonly includes traditional multiple-choice items and may also present scenario-based prompts, matching-style tasks, and true-or-false style statements. Even when the format changes, the underlying skill remains the same: identify the concept being tested and select the best-supported answer. The exam is not designed to trick you with obscure implementation detail, but it will test whether you can distinguish between closely related ideas.

Adopt a passing mindset built on accuracy and composure. You do not need to know every Azure service in depth. You do need enough confidence to recognize familiar terms, reject weak distractors, and avoid second-guessing yourself into changing correct answers. Candidates often lose points by overcomplicating straightforward fundamentals questions.

Exam Tip: When reviewing practice results, do not just count right and wrong answers. Categorize mistakes. Did you miss the concept, confuse two services, misread a keyword such as “most appropriate,” or fall for an answer that was true but incomplete? This is how you improve exam judgment.

A major trap is assuming the exam rewards memorization alone. In reality, Microsoft expects conceptual understanding. For example, if a question asks about reducing upfront costs or paying only for what is used, the tested idea is consumption-based pricing. If the question emphasizes company and provider responsibilities, the tested idea may be shared responsibility. The more clearly you connect wording patterns to objectives, the stronger your score will be.

Section 1.5: Study strategy for beginners using practice banks and review cycles

Beginners often ask whether they should read first or practice first. For AZ-900, a blended approach works best, but practice should begin earlier than most candidates expect. Start with a quick overview of the official domains so you know the landscape. Then begin targeted practice-bank work in small sets. When you miss a question, pause to study the concept behind it and record the reason for the mistake.

A strong review cycle looks like this: learn the domain objective, answer a focused set of questions, review explanations deeply, revisit weak concepts, and then retest after a short delay. This process builds both recall and recognition. It also reveals patterns in your mistakes. You may discover, for instance, that you understand cloud benefits well but keep confusing management tools or core architectural components.

Organize your study plan by domain. One practical beginner schedule is to devote separate blocks to cloud concepts, Azure architecture and services, and management and governance, with cumulative review at the end of each week. Use short daily sessions if you are new to cloud terminology. Consistency matters more than long, irregular cramming sessions.

Exam Tip: Keep a “confusion list” of commonly mixed-up terms, such as Azure Policy versus resource locks, or regions versus availability zones. Review this list frequently. Many AZ-900 errors come from vocabulary collisions rather than lack of effort.

Practice banks are especially valuable because they expose Microsoft-style wording and distractor patterns. However, do not memorize answer letters. Instead, ask why each incorrect choice is wrong. If you can explain that clearly, you are building transferable exam skill. The goal is not to recognize one exact question, but to recognize the tested concept in any wording. Over time, this practice-first strategy builds confidence, fills weak spots, and improves readiness before test day.

Section 1.6: How to read questions, eliminate distractors, and manage time

Reading the question correctly is a core AZ-900 skill. Start by identifying the actual requirement before looking at the choices. Ask: is this question about cost, responsibility, governance, architecture, service purpose, or cloud model? Underline the decision word mentally, especially phrases like “best,” “most appropriate,” “minimize management,” or “pay only for what you use.” These terms tell you what Microsoft is prioritizing.

Distractors on AZ-900 are often plausible because they refer to real Azure services or true statements that do not fully answer the question. Eliminate options that are too broad, too advanced, or aimed at a different objective. For example, a monitoring tool is not the right answer to an enforcement problem, and a governance tool is not the right answer to a pricing question. The exam frequently rewards precise fit over general usefulness.

Use a simple elimination process. First, remove any choice that clearly belongs to another domain. Second, compare the remaining answers against the exact wording of the requirement. Third, choose the answer that satisfies the need with the least assumption. Exam Tip: If two answers both seem correct, look for the one that matches Microsoft’s preferred terminology and the scope described in the question.

Time management matters, even on a fundamentals exam. Move steadily. Do not spend excessive time wrestling with one item early in the exam. Mark difficult questions if the interface allows it, continue forward, and return later with a fresh view. Often a later question triggers recall that helps with an earlier one.

A final trap is panic caused by unfamiliar wording. If you see a long scenario, break it down into keywords and map it to a known objective. Most AZ-900 questions become easier when reduced to their core tested concept. Calm reading, systematic elimination, and disciplined pacing will convert knowledge into exam performance.

Section 2.1: Describe cloud concepts and the value proposition of cloud computing

Cloud computing refers to the delivery of computing services such as servers, storage, databases, networking, analytics, and software over the internet. For AZ-900, you should understand cloud computing as a model that enables on-demand access to resources without requiring an organization to build and maintain all infrastructure itself. Microsoft exam questions often focus on the business advantages of this model rather than low-level technical design.

The value proposition of cloud computing includes high availability, scalability, elasticity, agility, fault tolerance, and disaster recovery support. High availability means services remain accessible even when components fail. Scalability means increasing or decreasing resources to meet demand. Elasticity goes a step further by allowing systems to respond automatically to rapid changes in workload. Agility refers to the speed with which resources can be provisioned and deployed. These terms are easy to confuse, and the exam may use them as distractors.

Exam Tip: If a question describes resources being added because long-term demand has increased, think scalability. If it describes automatic adjustment during temporary spikes, think elasticity. Microsoft likes to test the difference.

Cloud computing also supports global reach. Instead of building datacenters in multiple regions, organizations can use a cloud provider's worldwide infrastructure. This lowers the barrier to entering new markets and improves performance for geographically distributed users. Another major benefit is speed. Development teams can deploy environments in minutes rather than waiting weeks or months for hardware procurement and setup.

Common exam traps include confusing cloud concepts with guaranteed cost savings in every scenario. The cloud can reduce certain costs, especially by avoiding overprovisioning and large upfront purchases, but poor planning can still result in unnecessary spending. So if an answer says the cloud always costs less in every situation, that is too absolute and likely incorrect.

What the exam is really testing here is whether you understand why organizations choose the cloud and how cloud characteristics support business needs. When reading answer choices, look for wording tied to flexibility, speed, resilience, and service-based delivery rather than hardware ownership. Those are the core ideas behind the value proposition of cloud computing.

Section 2.2: Shared responsibility model and cloud security basics

The shared responsibility model is one of the most important AZ-900 concepts because it appears in many forms across the exam. The core idea is simple: security and management responsibilities are divided between the cloud provider and the customer. However, the exact division changes depending on whether the service model is IaaS, PaaS, or SaaS. Candidates often memorize the phrase but fail to apply it in scenarios, which is where the exam becomes challenging.

In general, the provider is responsible for the physical datacenter, physical hosts, network infrastructure at the provider level, and foundational platform components. The customer remains responsible for items such as data, identities, endpoint security, and access management. In IaaS, the customer manages more, including operating systems and many network configurations. In PaaS, the provider manages more of the platform, reducing customer operational work. In SaaS, the provider manages almost everything except the customer’s data usage, configuration choices, and user access.

Exam Tip: If a question asks who is responsible for the physical servers in Azure, the answer is Microsoft. If it asks who is responsible for account permissions, user data classification, or identity access, the answer remains the customer, even in SaaS scenarios.

Cloud security basics on AZ-900 are not deeply technical. The exam usually tests broad principles: defense in depth, least privilege, identity-based access, and data protection. The key point is that moving to the cloud does not remove the customer's need to secure accounts, manage permissions, classify data, and configure services properly. This is a common trap. Some candidates assume the provider handles all security once workloads are moved to Azure. That is incorrect.

Another common distractor is language suggesting that responsibilities are equal in all service models. They are not. The provider’s share generally increases as you move from IaaS to PaaS to SaaS. Questions may describe a company wanting to reduce patching effort or avoid OS maintenance. That wording points toward a model where more responsibility shifts to the provider.

On the exam, identify the asset being discussed: physical infrastructure, host OS, guest OS, application, data, or identity. Then ask who controls it in the named service model. That simple process is the fastest way to choose the correct answer under time pressure.

Section 2.3: Compare IaaS, PaaS, and SaaS for AZ-900 scenarios

Service models are among the most tested topics in the cloud concepts domain. AZ-900 expects you to differentiate Infrastructure as a Service, Platform as a Service, and Software as a Service, especially through business scenarios. The exam rarely asks for definitions alone. Instead, it gives clues about management level, developer needs, speed of deployment, or user access patterns.

IaaS provides the most control. The provider supplies core compute, storage, and networking resources, while the customer manages the operating system, applications, runtime, data, and many configurations. This model fits scenarios where organizations need maximum flexibility or want to migrate existing servers with minimal redesign. If a scenario mentions virtual machines, custom network control, or OS-level administration, IaaS is likely the correct answer.

PaaS reduces operational overhead by providing a managed platform for application development and deployment. The provider manages the infrastructure, operating systems, and often runtime environment, while the customer focuses on the application and data. PaaS is commonly the best answer when the scenario emphasizes developer productivity, rapid deployment, API hosting, or minimizing maintenance tasks such as patching operating systems.

SaaS delivers complete software applications over the internet. End users simply consume the application, usually through a web browser or client interface, while the provider manages the underlying infrastructure and application platform. This is the best fit when the scenario describes using ready-made productivity tools, email, CRM, or collaboration software without building or maintaining the application.

Exam Tip: Ask yourself what the organization wants to stop managing. If they want to stop managing hardware but still control the OS, choose IaaS. If they want to stop managing OS and middleware, choose PaaS. If they want to stop managing the application entirely and just use it, choose SaaS.

A classic exam trap is choosing the most modern-sounding model instead of the one that matches the requirement. PaaS is not automatically better than IaaS. If the company requires direct control of the operating system, PaaS is wrong. Likewise, SaaS is not the answer if the organization needs to build a custom application platform. Microsoft often rewards precise matching, not broad enthusiasm for managed services.

The exam is testing your ability to link requirements to management boundaries. Read scenario wording carefully and focus on control versus convenience. That distinction usually reveals the best answer.

Section 2.4: Compare public, private, and hybrid cloud models

Deployment models describe where cloud resources are hosted and how they are accessed. For AZ-900, you need to compare public, private, and hybrid clouds. These models are straightforward in theory, but exam questions often add business constraints such as regulation, legacy systems, or phased migration plans. Your task is to identify which model best aligns with those constraints.

A public cloud is owned and operated by a third-party provider and delivered over the internet to multiple customers. Azure is a public cloud platform. Public cloud environments usually offer the greatest scalability, fastest provisioning, and strongest alignment with consumption-based pricing. They are ideal when organizations want to avoid managing physical infrastructure and need rapid access to resources.

A private cloud is dedicated to a single organization. It may be hosted on-premises or by a third party, but it is not shared in the same way as public cloud infrastructure. Private cloud is often associated with greater control, custom configuration, and support for strict security or compliance requirements. However, it usually comes with higher management effort and potentially higher costs.

Hybrid cloud combines public cloud resources with private cloud or on-premises infrastructure. This model is common in real-world organizations because it supports gradual migration, application portability, regulatory needs, and scenarios where some workloads must remain local. If a question mentions integrating on-premises systems with cloud services, retaining certain data locally while expanding into the cloud, or transitioning in phases, hybrid cloud is often the best answer.

Exam Tip: The presence of both on-premises and cloud resources in the same scenario is your strongest clue for hybrid cloud. Do not let distractors about general flexibility pull you toward public cloud if the question clearly requires mixed environments.

A frequent trap is assuming private cloud always means more secure. While private cloud can offer more direct control, security depends on implementation, governance, and configuration. Another trap is treating hybrid cloud as a temporary state only. On the exam, hybrid may be a long-term strategic model, not just a migration step.

What the exam tests is your ability to align deployment choice with organizational needs. Public emphasizes scale and provider-managed infrastructure. Private emphasizes dedicated environments and control. Hybrid emphasizes integration across both worlds. Focus on those business drivers and the correct answer becomes much easier to identify.

Section 2.5: Consumption-based model, CapEx vs OpEx, and pricing logic

The consumption-based model is central to cloud economics and a regular AZ-900 topic. In this model, organizations pay for what they use rather than buying and maintaining all infrastructure upfront. This shifts spending from capital expenditure, or CapEx, toward operational expenditure, or OpEx. Microsoft expects you to understand this distinction conceptually and apply it to practical business decisions.

CapEx refers to large upfront investments in physical assets such as servers, networking equipment, and datacenter facilities. These costs are usually planned in advance and incurred before the assets are fully used. OpEx refers to ongoing operational spending, such as monthly cloud resource usage, subscriptions, support, and utility-like service consumption. Cloud models often reduce the need for large CapEx commitments because resources can be provisioned as needed.

On the exam, pricing logic is usually tested through scenarios. If a company wants to avoid overbuying infrastructure for uncertain demand, the consumption-based model is a strong fit. If a startup wants to launch quickly without major hardware purchases, cloud OpEx is likely the intended answer. If a business experiences seasonal spikes, cloud pricing supports scaling resources up and down rather than maintaining peak-capacity hardware year-round.

Exam Tip: Consumption-based pricing does not mean unlimited spending without control. Azure still requires budgeting, monitoring, and cost management. Be cautious of answer choices that imply the cloud automatically eliminates all cost concerns.

A common exam trap is assuming OpEx is always cheaper than CapEx. The better interpretation is that OpEx improves flexibility, aligns spending to usage, and reduces large upfront commitments. Whether total cost is lower depends on architecture, governance, and usage patterns. Another trap is confusing reserved capacity, subscriptions, or licenses with abandoning the consumption model entirely. The exam generally stays at a fundamentals level: pay for use, reduce upfront investment, and gain cost flexibility.

Microsoft-style questions may also test your understanding of predictability versus variability. Traditional on-premises models often emphasize predictable asset ownership with significant upfront investment. Cloud emphasizes variable usage and the ability to respond quickly. The correct answer is usually the one that matches the organization's financial and operational goals, not the one that sounds cheapest in every case.

Section 2.6: Exam-style practice set for Describe cloud concepts

This section is designed to strengthen your test-taking approach for the Describe cloud concepts domain. Instead of adding direct quiz items here, focus on the reasoning patterns AZ-900 uses. Microsoft often frames cloud concept questions around a short scenario with one or two critical clues. Your job is to identify those clues quickly and ignore extra wording that does not affect the answer.

Start with a four-part elimination method. First, identify whether the question is asking about benefit, responsibility, service model, or deployment model. Second, highlight any management clue such as operating system control, application development focus, or ready-to-use software access. Third, look for environment clues such as on-premises integration, dedicated infrastructure, or internet-delivered shared services. Fourth, assess whether the pricing objective centers on avoiding upfront cost or matching resources to variable demand.

Exam Tip: On AZ-900, absolute words like “always,” “never,” or “completely” are often warning signs. Cloud concepts are usually about trade-offs and shared boundaries. Overly broad statements are frequently distractors.

Here are common distractor patterns to watch for. One pattern mixes up scalability and elasticity. Another presents PaaS as if it still requires full operating system administration. A third suggests that moving to the cloud removes all customer security responsibilities. A fourth claims hybrid cloud is only for temporary migrations. Each of these statements sounds plausible at first glance, which is why they appear in exam answers.

To identify the best answer, translate the scenario into plain language. For example, if the requirement is “use software without managing infrastructure,” think SaaS. If the requirement is “keep some systems on-premises while extending into the cloud,” think hybrid. If the requirement is “reduce hardware purchasing and pay based on usage,” think consumption-based OpEx. This translation habit is one of the fastest ways to improve your score.

For structured review, create a one-page comparison grid covering public/private/hybrid, IaaS/PaaS/SaaS, CapEx/OpEx, and provider/customer responsibilities. Revisit it before practice sessions. The cloud concepts domain is highly pattern-based, so repeated comparison is more effective than isolated memorization. Master this domain now, and later Azure architecture and governance topics will feel far more intuitive.

Section 3.1: Describe Azure architecture and services through regions, region pairs, and availability zones

Azure’s global infrastructure is a core AZ-900 topic because it explains where services run and how Microsoft designs for availability and disaster recovery. A region is a geographical area containing one or more datacenters connected through a low-latency network. On the exam, if a question asks where you deploy services to be physically located near users or to meet data residency requirements, the answer usually involves choosing an Azure region.

Availability zones are separate physical locations within an Azure region. Each zone has independent power, cooling, and networking. Their purpose is high availability inside a single region. If a workload must remain available even if one datacenter location in that region fails, availability zones are the tested concept. A common trap is to think zones are the same as regions. They are not. Regions are geographic deployment locations; zones are physically separate locations inside certain regions.

Region pairs are another exam favorite. Microsoft pairs many Azure regions within the same geography to support disaster recovery and platform updates. If a question discusses broad resilience across regional failure, planned recovery design, or prioritized recovery in a large outage, region pairs are the key concept. Region pairs are not used to organize resources and are not the same thing as availability zones. They relate to business continuity across regions.

Exam Tip: If the scenario is about surviving a datacenter-level issue within one area, think availability zones. If it is about surviving a regional outage, think region pairs. If it is about choosing where to place workloads close to users or data, think regions.

The exam may also test your understanding of geographies. A geography is a market boundary, typically preserving data residency and compliance boundaries. While AZ-900 stays at a high level, you should recognize that regions belong to broader geographies. That matters when Microsoft asks about compliance-sensitive placement of data and services.

Best-answer logic matters here. For example, if the requirement is low latency for users in Europe, a European region is the direct answer. If the requirement is redundancy across physically separate facilities in one region, zones fit better. If the requirement is broader disaster recovery planning across two regions, region pairs are more appropriate. Read carefully for the failure scope being described. Microsoft often hides the clue in one phrase such as “within the same region” or “across regions.”

Section 3.2: Resources, resource groups, subscriptions, and management groups

One of the most tested AZ-900 fundamentals is how Azure organizes services logically. A resource is an individual manageable item in Azure, such as a virtual machine, storage account, database, or virtual network. This is the lowest common unit in the organizational model. If a question asks what you actually deploy or configure, it is usually describing a resource.

A resource group is a container that holds related resources for an Azure solution. Resources in a resource group often share a lifecycle, such as being deployed, updated, or deleted together, though Azure allows flexibility. AZ-900 questions often use resource groups to test whether you know they are management containers, not billing units and not physical boundaries. Resources in a single resource group can exist in different regions, which is another common trap for beginners.

A subscription is primarily a billing and access boundary. It groups resource usage for charging and also provides a scope for policies and permissions. On the exam, when the scenario mentions separate billing for departments, environments, or projects, subscription is often the best answer. Many learners confuse subscriptions with resource groups. Remember: resource groups organize resources; subscriptions separate billing and administration at a broader level.

Management groups sit above subscriptions and allow governance across multiple subscriptions. Large organizations use them to apply policies and manage compliance at scale. If a question describes a company with many subscriptions that wants centralized control, management groups are usually the correct answer. This is a classic AZ-900 hierarchy question.

Exam Tip: Memorize the logical hierarchy from top to bottom: management groups, subscriptions, resource groups, resources. Microsoft loves asking what can contain what.

The exam may also test the difference between moving resources and reorganizing management. Not every resource movement scenario is the same, but AZ-900 focuses on conceptual understanding rather than technical constraints. Your job is to know the purpose of each layer. A useful way to identify the right answer is by asking: is the question about governance across many subscriptions, billing separation, organizing related services, or the actual deployable service itself? Those clues usually map directly to management group, subscription, resource group, and resource respectively.

Section 3.3: Core compute services including virtual machines, containers, and App Services

Compute services answer the question, “Where and how will this application run?” For AZ-900, you should clearly distinguish between virtual machines, containers, and Azure App Service. These offerings are often presented together in answer choices because they all host workloads, but they do so at different levels of control and management.

Azure Virtual Machines provide infrastructure as a service. They let you run Windows or Linux machines in Azure with significant control over the operating system and installed software. If a scenario requires custom software, administrative access to the OS, or migration of a traditional server workload, virtual machines are often the best fit. Microsoft commonly tests this by describing “lift-and-shift” style hosting needs.

Containers package an application and its dependencies into a portable unit. On AZ-900, the key idea is lightweight, consistent deployment. You do not need deep orchestration knowledge, but you should know that containers are not the same as full virtual machines. They are typically faster to start and more efficient for modern application deployment. If the scenario highlights portability, microservices, or rapid scaling of application components, containers become strong candidates.

Azure App Service is a platform as a service offering for hosting web apps, APIs, and mobile back ends. It reduces infrastructure management because Microsoft manages much of the platform. If the question emphasizes hosting a website or API without managing servers, App Service is usually the best answer. This is one of the easiest points on the exam if you watch for wording about “managed web hosting” or “minimal administrative overhead.”

Exam Tip: If the scenario needs OS control, choose virtual machines. If it needs application packaging and portability, think containers. If it needs managed web or API hosting, think App Service.

A common trap is over-selecting the most powerful option. Yes, a web app can run on a VM, but if the requirement is simply to host a web application with minimal infrastructure management, App Service is the better exam answer. AZ-900 rewards choosing the most direct cloud-native fit, not the option with the greatest technical flexibility. Another trap is assuming containers automatically mean serverless or fully managed; the exam usually keeps the container concept focused on packaging and deployment efficiency rather than deep operations detail.

Know the broad service model too. Virtual machines align with IaaS. App Service aligns with PaaS. Containers may appear in several Azure service contexts, but for AZ-900 the tested concept is often that they package apps more efficiently than full VMs and support modern app architectures. Focus on purpose, not implementation depth.

Section 3.4: Core networking services including virtual networks, VPN, DNS, and ExpressRoute

Networking questions in AZ-900 usually test whether you understand secure connectivity, name resolution, and communication boundaries. Azure Virtual Network, or VNet, is the foundational networking service. It enables Azure resources to communicate with each other, with the internet when appropriate, and with on-premises environments. If a question asks how Azure resources are logically isolated and connected, VNet is the starting point.

VPN in Azure typically refers to encrypted connectivity over the public internet between Azure and another network, such as an on-premises environment. It is a practical choice when secure hybrid connectivity is needed without dedicated private circuits. If the exam scenario mentions secure communication over the internet, VPN is likely the correct answer.

ExpressRoute provides a dedicated private connection between on-premises infrastructure and Microsoft cloud services. This is not the public internet path. It is commonly associated with higher reliability, predictable performance, and private connectivity requirements. On the exam, if the wording includes dedicated, private, or not using the public internet, ExpressRoute should stand out immediately.

DNS, or Domain Name System, translates names into IP addresses. Azure DNS allows hosting DNS domains in Azure. AZ-900 questions use DNS to test your understanding that users and systems often reach services by name, while networking relies on addresses underneath. Do not overcomplicate it. If a question asks how to resolve a friendly domain name to the correct endpoint, DNS is the concept being tested.

Exam Tip: The fastest way to separate VPN and ExpressRoute is to ask whether the connection uses the public internet. VPN does; ExpressRoute does not.

A common trap is choosing ExpressRoute any time the question says “secure.” VPN is also secure because it uses encryption. ExpressRoute is preferred when the question stresses private dedicated connectivity. Another trap is forgetting that VNet is the broad network boundary for Azure resources, while DNS is not a connectivity service by itself; it is a name resolution service. If the scenario is about allowing resources to communicate, think VNet. If it is about connecting Azure to on-premises, think VPN or ExpressRoute depending on the path. If it is about translating names, think DNS.

Microsoft often builds distractors by mixing service categories. For example, a storage service will appear in a networking question, or a compute service in a connectivity question. Filter answer choices by the exact function described. Networking objectives are easier once you identify whether the requirement is isolation, hybrid connectivity, or name resolution.

Section 3.5: Core storage services including blob, disk, files, archive, and redundancy options

Storage is one of the most exam-rich AZ-900 topics because Microsoft can test both service type and resilience choices. Azure Blob Storage is designed for massive amounts of unstructured object data, such as images, documents, backups, logs, and media. If a scenario involves storing large volumes of unstructured data or serving content, Blob Storage is often the correct answer.

Azure Disk Storage provides persistent disks for Azure virtual machines. These are block storage volumes used by VMs for operating systems and application data. If the workload is a virtual machine and the question asks what storage supports that VM, disk storage is the right match. This distinction is important because beginners often choose Blob Storage anytime they see “data,” even when the workload specifically involves VM disks.

Azure Files offers fully managed file shares accessible through standard protocols. On AZ-900, think shared file access across systems, especially when applications expect file-share semantics. If users or servers need a traditional shared file store, Azure Files is usually the best answer.

Archive storage refers to a low-cost tier for data that is rarely accessed and can tolerate retrieval delay. If a scenario focuses on long-term retention with infrequent access and cost savings, archive should stand out. Microsoft likes to test whether you can distinguish hot, frequently accessed storage from archival data patterns.

Redundancy options are equally important. Locally redundant storage keeps copies within a single datacenter. Zone-redundant storage spreads copies across availability zones in a region. Geo-redundant options replicate to a secondary region for broader durability. On the exam, the wording about fault scope is critical. Local protection points to LRS-style thinking, zone-level resilience points to ZRS, and regional disaster resilience points to geo-redundant options.

Exam Tip: First identify the storage type, then identify the redundancy need. Microsoft may hide two separate decisions in one scenario.

A common trap is assuming the highest redundancy is always the best answer. In real life, cost and requirements matter, and AZ-900 reflects that. If the requirement only mentions protection within a datacenter, do not jump to geo-redundant storage. Likewise, if the requirement is VM operating system storage, do not choose Files or Blob just because they sound familiar. Match the service to the access pattern and the resilience scope. This approach will help you eliminate distractors quickly and choose the best answer with confidence.

Section 3.6: Exam-style practice set for Azure architecture, compute, networking, and storage

This final section is about how to think like the exam, not how to memorize isolated facts. AZ-900 questions in this chapter’s domain often follow a predictable structure: identify the category first, then the scope, then the best-fit Azure service or component. If you can classify the scenario correctly, the answer becomes much easier. For example, ask whether the problem is about physical resiliency, logical organization, application hosting, connectivity, or data storage. That first step eliminates many distractors before you even read the choices in detail.

For architecture questions, watch for scope words such as “within a region,” “across regions,” “billing,” “governance,” or “related resources.” These map to availability zones, region pairs, subscriptions, management groups, and resource groups. For compute questions, focus on the workload style: full OS control suggests virtual machines, portable app packaging suggests containers, and managed web application hosting suggests App Service. For networking, look for the difference between private dedicated connectivity and encrypted internet-based connectivity. For storage, identify whether the data is object data, VM storage, shared files, or long-term archival content.

Exam Tip: Microsoft often includes answer choices that are technically possible but not the best cloud-native answer. AZ-900 is a best-answer exam, so choose the option that most directly satisfies the requirement with the least unnecessary management.

Another pattern is the use of familiar words in the wrong category. A question about DNS may include VNet and VPN because they are all networking terms, but only DNS handles name resolution. A question about resource organization may include regions and availability zones, but those are physical architecture concepts, not administrative containers. Stay disciplined about the exact function being tested.

As you review this chapter, make sure you can explain each of these pairings from memory: regions versus availability zones, resource groups versus subscriptions, VMs versus App Service, VPN versus ExpressRoute, Blob versus Disk versus Files, and local redundancy versus zone versus geo redundancy. If you can do that clearly, you are covering the main AZ-900 exam objectives in this chapter.

Your goal in practice is not just to get questions correct; it is to learn why distractors are wrong. That habit builds confidence and speed. By the time you sit for the exam, you should be able to recognize these service families immediately and map them to the problem described without overthinking edge cases. That is exactly the kind of practical readiness AZ-900 rewards.

Section 4.1: Azure identity, access, and security basics with Microsoft Entra ID

For AZ-900, Microsoft Entra ID is one of the most important identity services to recognize. It is Microsoft’s cloud-based identity and access management service. On the exam, expect to connect Entra ID with user identities, authentication, single sign-on, application access, and identity-based security controls. If a scenario mentions employees signing in to cloud apps with one account, controlling who can access resources, or integrating identities across Microsoft services, Entra ID is a strong answer candidate.

You should clearly separate authentication from authorization. Authentication answers the question, “Who are you?” Authorization answers the question, “What are you allowed to do?” Exam writers often test this distinction. Signing in with a username and password, multifactor authentication, or passwordless methods relates to authentication. Assigning permissions to access subscriptions, resource groups, or resources relates to authorization. Azure role-based access control, or Azure RBAC, is the main authorization model for Azure resources.

Another tested concept is the difference between Entra ID and Active Directory Domain Services. At the fundamentals level, remember that Entra ID is a cloud identity service, while traditional Active Directory is associated with on-premises directory services and domain-joined environments. Microsoft may include hybrid scenarios to see whether you understand that organizations can connect on-premises identities with cloud identities.

Key terms to know include multifactor authentication, conditional access, single sign-on, managed identities, and RBAC. Multifactor authentication improves sign-in security by requiring more than one verification method. Conditional access applies access rules based on conditions such as user, location, device, or risk. Managed identities allow Azure resources to authenticate to other services without storing credentials in code. RBAC assigns permissions through built-in roles such as Reader, Contributor, or Owner.

• Use Entra ID for identity, sign-in, and app access.
• Use RBAC for resource permissions in Azure.
• Use multifactor authentication to strengthen sign-in security.
• Use conditional access for policy-driven access control.
• Use managed identities to avoid embedded secrets.

Exam Tip: If the scenario is about managing access to Azure resources, think RBAC. If the scenario is about users signing in to applications, think Microsoft Entra ID. The exam may place both in answer choices to see if you can tell identity from permission assignment.

A common trap is assuming every security-related statement points to a firewall or encryption service. Many AZ-900 questions are actually about identity-based security, which starts with who can sign in and what they can do after sign-in. When the requirement mentions least privilege, controlled access, or role assignment, focus on identity and access management first.

Section 4.2: Azure database services including relational and non-relational choices

Database service selection is a classic AZ-900 skill. The exam expects you to recognize when a workload needs a relational database and when a non-relational service is a better fit. Relational databases store structured data in tables with rows and columns, support defined schemas, and are commonly queried with SQL. In Azure, important relational choices include Azure SQL Database, Azure Database for MySQL, and Azure Database for PostgreSQL. If the scenario mentions transactions, relationships between tables, or a familiar SQL-based application, think relational.

Azure SQL Database is a fully managed relational database service based on the SQL Server engine. It is commonly the best answer when the requirement is a managed cloud SQL database without the overhead of maintaining the full underlying server infrastructure. The exam may contrast Azure SQL Database with SQL Server on Azure Virtual Machines. At the fundamentals level, the key distinction is managed platform service versus self-managed virtual machine deployment.

For non-relational scenarios, Azure Cosmos DB is the major service to know. It is a globally distributed NoSQL database service designed for high availability, low latency, and flexible data models. If a question refers to document data, massive scale, worldwide distribution, or multiple APIs and consistency models, Cosmos DB is often the intended answer. It is not a replacement for every relational workload, and that difference is exactly what the exam tests.

You should also recognize basic storage-oriented options that may appear as distractors. Azure Blob Storage stores unstructured object data such as images, video, backups, and documents. It is not a relational database. Azure Table Storage stores structured NoSQL key-attribute data but is simpler than Cosmos DB. At the fundamentals level, the most important comparison remains SQL-style relational versus Cosmos DB-style non-relational.

Exam Tip: Words like joins, tables, schema, and transactional usually indicate relational databases. Words like JSON, document, globally distributed, and low-latency at scale usually indicate Azure Cosmos DB.

A common trap is selecting a virtual machine because it can technically host a database. AZ-900 usually prefers managed services when the scenario emphasizes simplicity, reduced administration, or built-in cloud management. Another trap is confusing storage with databases. Not all data storage is a database service, and not all databases are suitable for analytics or massive unstructured content. Read the business need carefully before selecting the service category.

Section 4.3: Analytics and data services for beginner AZ-900 understanding

AZ-900 does not expect deep data engineering knowledge, but it does expect you to recognize core analytics service purposes. The big idea is that analytics services help organizations process, transform, query, and gain insight from data beyond basic operational storage. If a question mentions large-scale analysis, enterprise reporting, data integration, or big data processing, you should think analytics rather than standard databases alone.

Azure Synapse Analytics is one of the key services to know. At a fundamentals level, you should associate it with enterprise analytics, data warehousing, and combining big data and data integration capabilities. If a scenario describes bringing together data for large-scale analysis or reporting across an organization, Synapse is often the right match. The exam may not ask you to design pipelines, but it may ask you to identify the analytics platform category.

Azure Data Factory is another important beginner-level service. It is used for data integration and data movement. If the need is to orchestrate and transform data from different sources, Data Factory is relevant. This differs from storage and differs from reporting tools. Understanding that distinction helps with service-selection questions.

You may also encounter Azure Databricks in fundamentals content. Associate it with Apache Spark-based analytics and large-scale data processing. You do not need advanced Spark knowledge for AZ-900. You simply need to know that Databricks supports big data analytics and collaborative data workloads. Microsoft may place it next to Azure SQL Database or Blob Storage as distractors to see whether you understand that analytics processing is a separate function.

Streaming and visualization concepts can also appear. Azure Stream Analytics is used for real-time stream processing, such as analyzing telemetry or event data as it arrives. Power BI, although not an Azure infrastructure service in the same sense, is often associated with visualizing and reporting on data insights. A scenario about dashboards and business reporting may lean toward reporting tools rather than raw data storage.

• Synapse Analytics: enterprise analytics and data warehousing.
• Data Factory: data integration and orchestration.
• Databricks: Spark-based big data analytics.
• Stream Analytics: real-time event and telemetry analysis.

Exam Tip: If the requirement is “store application data,” choose a database or storage service. If the requirement is “analyze data from many sources” or “build enterprise reporting,” choose an analytics service. The exam often tests this exact boundary.

A common trap is choosing the service that stores the data instead of the service that analyzes it. Storage is where data lives; analytics is how value is extracted from it. Keep those roles separate when reading the scenario.

Section 4.4: AI, machine learning, and cognitive services at a fundamentals level

At the AZ-900 level, you are not expected to build models, tune algorithms, or compare deep learning frameworks. Instead, you must recognize the difference between prebuilt AI capabilities and custom machine learning platforms. This is a very common service-selection area. Microsoft wants you to know when an organization simply wants to add AI features and when it wants to develop, train, and deploy its own predictive models.

Azure AI services, historically called Cognitive Services in many study materials, provide prebuilt AI capabilities through APIs. These include vision, speech, language, and decision-related capabilities. If a company wants to analyze images, convert speech to text, detect sentiment, translate text, or extract information from forms without building a model from scratch, Azure AI services are likely the intended answer. These are ideal for organizations that want AI functionality quickly.

Azure Machine Learning is the platform to associate with building, training, deploying, and managing custom machine learning models. If the scenario emphasizes data scientists, model training, experiments, or custom prediction workflows, think Azure Machine Learning rather than prebuilt AI APIs. The exam may present both services to test whether you understand convenience versus customization.

You should also recognize Azure AI Bot Service at a basic level for conversational bot scenarios. If a requirement mentions a chatbot or virtual assistant interface, a bot service may be involved. However, read carefully: a bot may use language services underneath, but the exam may be testing the conversational application layer rather than the text-analysis capability alone.

Exam Tip: Prebuilt AI capability equals Azure AI services. Custom model lifecycle equals Azure Machine Learning. If the organization wants to add OCR, translation, speech recognition, or image tagging quickly, do not overcomplicate the answer by selecting machine learning.

A frequent exam trap is the word “AI.” Nearly any modern service can be marketed as intelligent, but AZ-900 uses precise categories. Another trap is choosing a development platform when the requirement is actually an API-based AI service. Stay focused on whether the need is ready-made intelligence or custom model creation. That distinction appears often in fundamentals exams.

From an exam-readiness perspective, memorize the service families and their typical keywords: vision for images, speech for audio, language for text understanding, and machine learning for custom model development. That level of clarity is usually enough to eliminate distractors and identify the best answer.

Section 4.5: Developer and IoT services including DevOps concepts and event-driven tools

This section brings together several exam-tested areas that often appear in short scenario questions: app hosting, serverless processing, DevOps practices, and IoT connectivity. Even though these topics seem broad, the AZ-900 objective is still the same: recognize what the service is for. Azure App Service is a core platform for hosting web apps, REST APIs, and mobile back ends without managing the underlying infrastructure. If a scenario wants a managed platform for web applications, App Service is often the intended answer.

Azure Functions is a key serverless service. It is event-driven and runs code in response to triggers, such as HTTP requests, timers, or messages. If the exam describes lightweight code execution without managing servers and with billing aligned to execution, Functions is a strong fit. Logic Apps is also important for workflow automation and integration. It is commonly used when the requirement is to automate business processes or connect services using low-code workflows.

For developer workflow and DevOps concepts, know the general idea of Azure DevOps and GitHub integration. DevOps is about improving collaboration between development and operations through practices such as continuous integration and continuous delivery. The exam may not ask you to build a pipeline, but it may ask which service supports planning, source control, builds, testing, and release automation. Associate that need with Azure DevOps tools. GitHub Actions may also appear in modern Azure-related contexts as an automation and CI/CD option.

On the IoT side, Azure IoT Hub is the main service to recognize for connecting, monitoring, and managing IoT devices at scale. If the scenario mentions telemetry from sensors, secure device communication, or remote device management, think IoT Hub. Azure Event Hubs is different: it is for large-scale event ingestion and streaming. Exam items may place IoT Hub and Event Hubs together as distractors because both involve events, but only IoT Hub is specifically for device connectivity and management.

Exam Tip: If the requirement is “host a web app,” choose App Service. If it is “run code in response to an event,” choose Functions. If it is “automate a workflow,” choose Logic Apps. If it is “connect and manage devices,” choose IoT Hub.

A common trap is overusing virtual machines as the answer to every application need. While VMs are flexible, AZ-900 usually rewards recognition of managed platform services and serverless tools. Another trap is confusing event processing with IoT device management. Events can come from many systems, but IoT Hub specifically centers on devices. That wording difference matters on test day.

Section 4.6: Exam-style practice set for identity, databases, AI, and app services

When you face an AZ-900 service-selection item, use a structured elimination method. First, identify the category in the scenario: identity, database, analytics, AI, developer platform, serverless, or IoT. Second, underline the keywords that reveal the business need. Third, eliminate answers that are real Azure services but belong to the wrong category. This process is especially useful because Microsoft often uses believable distractors instead of obviously wrong choices.

For identity scenarios, ask yourself whether the need is sign-in, conditional access, multifactor authentication, or permissions to Azure resources. Sign-in and identity governance point toward Microsoft Entra ID. Permissions to subscriptions and resources point toward Azure RBAC. If the wording emphasizes least privilege, role assignment, or Reader versus Contributor, the exam is probably testing authorization rather than authentication.

For database questions, decide whether the workload is relational or non-relational. Relational means tables, structured schema, and transactional workloads. Non-relational means flexible models, documents, or globally distributed low-latency access. Azure SQL Database is a common best answer for managed relational needs. Azure Cosmos DB is the common best answer for globally distributed NoSQL needs. Blob Storage often appears as a distractor for database questions because it stores data but is not a relational database engine.

For AI questions, watch for the difference between use AI and build AI. If the requirement is to add image recognition, text analysis, speech processing, or translation with minimal development overhead, Azure AI services fit. If the requirement is to train and deploy custom predictive models, Azure Machine Learning fits. The exam frequently tests this distinction because both answer choices sound advanced and modern.

For app service questions, determine whether the scenario wants managed hosting, code execution on demand, or automated workflows. Managed web application hosting maps to Azure App Service. Event-triggered serverless code maps to Azure Functions. Workflow and integration automation map to Logic Apps. Device connection and management maps to IoT Hub. If you map the requirement to the service purpose before looking at the answer list, you reduce the chance of being misled by brand names.

Exam Tip: On fundamentals exams, the correct answer is usually the service most directly designed for the stated need, not the service that could be adapted with extra engineering effort. Think “native fit,” not “possible fit.”

As part of your structured review plan, build a one-line memory hook for each major service. For example: Entra ID equals identity, RBAC equals permissions, Azure SQL Database equals managed relational, Cosmos DB equals global NoSQL, Synapse equals analytics, Azure AI services equals prebuilt AI, Machine Learning equals custom models, App Service equals web hosting, Functions equals serverless code, and IoT Hub equals devices. These quick associations are exactly what help you answer Microsoft-style questions accurately under time pressure.

Section 5.1: Describe Azure management and governance with Azure Policy, RBAC, and resource locks

Azure management and governance questions frequently test whether you can separate compliance controls from access controls. Azure Policy evaluates resources against rules and can help enforce organizational standards. Typical examples include requiring certain tags, allowing only specific resource locations, or restricting the types of resources that can be deployed. In exam language, if the scenario says an organization wants to make sure deployments follow company standards, Azure Policy is usually the correct answer.

Azure RBAC is different. RBAC controls who can perform actions on Azure resources. If a question asks how to allow a user to manage virtual machines but not billing, or how to grant read-only access, RBAC is the right concept. Think of RBAC as permissions assigned to users, groups, or identities at scopes such as management group, subscription, resource group, or resource. The exam may include built-in roles such as Owner, Contributor, and Reader as easy distractors. Remember that Owner includes access management permissions, Contributor can manage resources but not grant access, and Reader can view but not modify.

Resource locks protect resources from accidental deletion or modification. A Delete lock prevents deletion, while a Read-only lock prevents changes and deletion. This is a common trap area because candidates sometimes choose Policy when the real issue is preventing accidental change. Policy can govern what should be deployed or whether something is compliant; a lock is the cleaner answer when the scenario is specifically about protecting an existing resource from accidental administrative action.

• Azure Policy: enforce standards and assess compliance
• RBAC: assign permissions to users and identities
• Resource locks: prevent accidental deletion or modification

Exam Tip: If the question asks how to stop users from creating nonapproved resources, think Azure Policy. If it asks how to stop even authorized admins from accidentally deleting a specific resource, think resource locks. If it asks who should be able to manage or view something, think RBAC.

Another exam pattern is scope. Governance tools often operate at different levels. Policy and RBAC can be assigned at broad scopes and inherited downward. That means a policy applied at the subscription level can affect resource groups and resources within it. Microsoft may test this idea indirectly by asking for the most efficient way to standardize governance across many resources. Broad scope assignment is often the clue.

The exam tests recognition, not implementation detail. You do not need to memorize JSON policy syntax for AZ-900. You do need to know the business purpose of each tool and identify the best-fit answer when several Azure services sound plausible.

Section 5.2: Cost management concepts including pricing calculators, TCO, and budgets

Cost management is a high-value AZ-900 objective because it connects directly to cloud adoption decisions. Microsoft expects you to know the difference between estimating future cloud costs, comparing cloud with on-premises ownership costs, and controlling spending after deployment. The Azure pricing calculator is used to estimate the expected cost of Azure services before you deploy them. If a scenario asks you to predict monthly charges for virtual machines, storage, or bandwidth, the pricing calculator is the best match.

The Total Cost of Ownership (TCO) calculator serves a different purpose. It helps compare the cost of running workloads on-premises versus moving them to Azure. This includes infrastructure, power, cooling, maintenance, and operational expenses. A common exam trap is choosing the pricing calculator when the scenario is really about migration justification or comparing current datacenter cost with Azure. In that case, the TCO calculator is the better answer.

Budgets are part of cost governance after resources exist. They help organizations track spending against a threshold and trigger alerts when spending reaches a defined amount. Budgets do not automatically cap usage in the way some candidates assume. The exam may test this subtlety. A budget can notify you, support oversight, and help avoid surprises, but it is not the same as shutting services off. Be careful with answer choices that imply hard enforcement unless the wording explicitly supports that behavior through other tools or automation.

Azure Cost Management is the umbrella idea for analyzing, monitoring, and optimizing cloud spend. At the fundamentals level, understand that organizations use it to review costs, find spending trends, and improve efficiency. Microsoft often frames these items in practical business language rather than technical administration language.

• Pricing calculator: estimate Azure service costs before deployment
• TCO calculator: compare on-premises costs with Azure costs
• Budgets: set spending thresholds and receive alerts

Exam Tip: Watch the timeline in the question. If the organization is planning and estimating, think pricing calculator. If it is evaluating migration economics, think TCO. If it is already consuming Azure and wants alert-based spend control, think budgets or Cost Management.

Another tested concept is consumption-based pricing. Azure charges are often based on usage, which means costs can change as demand changes. That flexibility is a benefit, but it also requires governance. This is why AZ-900 places cost topics near management topics: good cloud administration includes not only deployment, but also cost visibility, trend analysis, and preventive oversight.

When answer choices include reserved terms or advanced purchasing options, do not overcomplicate the question. At this level, focus on the core tool and its purpose. Microsoft wants you to match the scenario to the right category of cost tool, not perform finance-level optimization math.

Section 5.3: Service level agreements, lifecycle, and preview versus general availability

AZ-900 includes foundational service lifecycle knowledge because business and technical teams need to understand what kind of support and reliability to expect from Azure services. A service level agreement, or SLA, describes Microsoft’s commitment to uptime or availability for a service. Exam questions may ask which service arrangement provides higher availability or may test whether you understand that some Azure services have specific uptime guarantees documented in SLAs.

At the fundamentals level, remember the practical meaning of an SLA: it sets expectations for service availability. A common trap is assuming that every Azure service automatically has the same SLA or that all deployment options are equal. Microsoft may also present combined-service scenarios. Even if you are not asked to calculate exact percentages, recognize the principle that overall availability depends on the architecture and the services used.

Lifecycle language matters too. Microsoft distinguishes between services or features in preview and those that are Generally Available (GA). Preview means the feature is available for evaluation and testing but may have limited support, may change, and may not carry the same guarantees as a GA service. GA means the service is production-ready and fully released. If a question asks which option is more appropriate for critical production workloads, GA is usually the safer and more exam-correct choice.

Exam Tip: Preview is not the same as unsupported, but for AZ-900 the key takeaway is that preview features are typically not the best answer for business-critical production scenarios when GA is an option.

Another exam pattern is service retirement and updates. Microsoft wants you to understand that cloud services evolve continuously. Organizations must stay informed about changes, deprecations, and retirement notices. This connects to governance because operational planning includes knowing whether a service is stable, current, and supported. Questions may not dive deeply into retirement policy details, but they may ask you to identify the type of service stage or support commitment described.

Be cautious with wording such as “full support,” “production-ready,” or “best for testing new functionality.” These phrases often signal lifecycle stage. Match them carefully: production-ready aligns with GA; testing and evaluation align with preview. Similarly, if the scenario focuses on guaranteed uptime, think SLA rather than monitoring or Advisor. Advisor gives recommendations, but it does not define contractual availability commitments.

Strong AZ-900 candidates treat lifecycle and SLA questions as vocabulary-plus-judgment items. Learn the terms, then apply them to realistic business choices.

Section 5.4: Monitoring tools including Azure Monitor, Service Health, and Advisor

Monitoring is another area where Microsoft relies on close distinctions between services. Azure Monitor is the central service for collecting, analyzing, and acting on telemetry from Azure and sometimes on-premises or hybrid resources. It helps track performance metrics, logs, and alerts. If the scenario is about observing resource health, analyzing performance, or generating alerts based on conditions, Azure Monitor is the first service to consider.

Azure Service Health is more specific. It provides information about Azure service issues, planned maintenance, and advisories that may affect your subscribed services and regions. This means it is not mainly about your application’s internal performance metrics; it is about Microsoft platform events and how they affect your resources. Exam questions often contrast Azure Monitor with Service Health. If the problem is “my VM CPU is high,” think Azure Monitor. If the problem is “Azure is experiencing an outage in my region,” think Service Health.

Azure Advisor provides personalized recommendations to improve reliability, security, performance, operational excellence, and cost. It is recommendation-driven, not just telemetry-driven. This makes it a favorite distractor in AZ-900 because candidates may confuse recommendations with monitoring. Advisor does not replace Monitor. Instead, it analyzes your configuration and usage patterns to suggest improvements.

• Azure Monitor: metrics, logs, alerts, and observability
• Service Health: Azure platform incidents, maintenance, and advisories
• Azure Advisor: best-practice recommendations for optimization

Exam Tip: Ask what kind of information is needed. Internal resource telemetry points to Azure Monitor. Microsoft service disruption information points to Service Health. Improvement guidance points to Advisor.

The exam also checks whether you understand these tools in practical administrative workflows. For example, an organization may use Azure Monitor to trigger alerts, Service Health to stay informed about regional incidents, and Advisor to reduce cost or improve reliability. The tools are complementary, not interchangeable.

A common trap is choosing Service Health for any “health” wording. Read carefully. If the question is about the health of Azure services themselves, Service Health fits. If it is about the behavior of deployed resources, such as latency, failed requests, or performance thresholds, Azure Monitor is more likely the correct answer. Likewise, if the question asks which service can identify underutilized resources and suggest savings, Azure Advisor is the better match.

For AZ-900, you do not need to master Kusto queries or deep log analytics configuration. Focus on purpose, scope, and the differences among these services. That recognition skill is exactly what the exam rewards.

Section 5.5: Deployment and management tools including portal, Cloud Shell, ARM, and Bicep basics

Microsoft expects AZ-900 candidates to know the basic ways Azure resources are deployed and managed. The Azure portal is the web-based graphical interface used to create, manage, and monitor resources. It is often the most straightforward answer when the scenario involves basic administration through a browser. Do not overthink portal questions; if ease of use and visual management are emphasized, the portal is usually correct.

Azure Cloud Shell provides browser-accessible command-line management with tools such as PowerShell and Azure CLI. It is useful when a question focuses on command-line administration without requiring local installation. A common exam trap is assuming Cloud Shell is a separate deployment engine. It is not. It is an environment for running commands and scripts against Azure.

Azure Resource Manager (ARM) is the deployment and management framework for Azure. ARM templates allow infrastructure to be defined as code using declarative JSON. At the AZ-900 level, the important concept is repeatable, consistent deployment. If the scenario asks how to deploy the same environment repeatedly and predictably, ARM templates are a strong answer. The exam may use the phrase “infrastructure as code,” which should point you in this direction.

Bicep is a newer, simpler language that makes it easier to define Azure resources declaratively and then deploy them through ARM. For fundamentals, know that Bicep offers a cleaner authoring experience than raw ARM JSON while still working within the ARM deployment model. If answer choices include both ARM and Bicep, Microsoft may be checking whether you know they are related rather than unrelated competitors.

Exam Tip: Portal = graphical management. Cloud Shell = browser-based CLI or PowerShell. ARM templates = repeatable declarative deployments in JSON. Bicep = simplified declarative authoring for ARM deployments.

The exam may also test the difference between manual and repeatable deployment. Manual creation in the portal can be quick for one-off tasks, but infrastructure as code is better for standardization, consistency, and automation. This links directly back to governance. Standardized deployments reduce configuration drift and support compliance goals.

Be careful with terms like imperative versus declarative. You are unlikely to be tested deeply, but declarative means defining the desired state. ARM templates and Bicep fit that model. In scenario questions, if the organization wants the same resources deployed every time with less manual variation, choose the declarative deployment approach rather than a purely manual method.

Section 5.6: Exam-style practice set for management, governance, cost, and monitoring

This final section is not a quiz, but a strategy guide for governance-focused question patterns. Microsoft AZ-900 items in this domain often present short business requirements and ask which Azure service best meets them. Your success depends on sorting tools by job function. Start by identifying whether the scenario is about permissions, compliance, protection, monitoring, recommendations, estimation, or lifecycle status. Once you classify the need, the answer set becomes much easier to eliminate.

For governance scenarios, the biggest confusion points are Azure Policy, RBAC, and locks. Remember the quick test: standards and compliance equal Policy; access permissions equal RBAC; prevention of accidental changes equals locks. For cost scenarios, distinguish planning from operations. Planning costs before deployment points to the pricing calculator. Comparing current datacenter expenses with cloud migration points to TCO. Ongoing spend oversight points to budgets and Cost Management.

For monitoring scenarios, separate telemetry from platform notifications from recommendations. Azure Monitor is telemetry and alerts. Service Health is Azure incident and maintenance visibility. Advisor is recommendations. Many wrong answers on the exam are not absurd; they are partially true. That is why reading the exact requirement matters. The test rewards precision.

Lifecycle questions are often simpler than they first appear. Preview is for evaluation and may have limited guarantees. General Availability is production-ready. SLA questions focus on availability commitments, not general monitoring. Deployment questions often ask whether the organization needs a graphical interface, command-line access, or repeatable infrastructure as code. Match portal, Cloud Shell, ARM, and Bicep accordingly.

• Look for the main objective word in the scenario
• Eliminate answers that solve a related but different problem
• Prefer the most direct Azure-native fit over a broad or vague choice
• Watch for distractors built from familiar service names

Exam Tip: On AZ-900, the best answer is usually the service designed primarily for that task, not a service that could support the task indirectly. For example, Azure Advisor may mention cost and reliability, but it is still primarily a recommendation engine, not a budgeting tool or uptime contract.

As part of your structured review plan, revisit any area where you confuse similar services. Create mini-comparisons such as Policy versus RBAC, Monitor versus Service Health, and pricing calculator versus TCO. That kind of contrast review is one of the fastest ways to improve exam readiness before test day. Confidence in this domain comes from recognizing patterns, avoiding common traps, and consistently choosing the most precise answer.

Section 6.1: Full-length mixed mock exam aligned to all official domains

Your full-length mixed mock exam should mirror the real AZ-900 experience as closely as possible. That means a varied sequence of items covering cloud concepts, Azure architecture and services, and Azure management and governance without warning about which domain appears next. This is important because the real exam rewards mental flexibility. You may move from a pricing question to an identity question, then to a governance tool, then to a resiliency concept. Practicing in mixed order trains your brain to classify the question first before reaching for an answer.

When taking Mock Exam Part 1 and Mock Exam Part 2, think in terms of domain recognition. Ask yourself what the item is actually measuring. Is it asking about cloud value propositions, such as elasticity or consumption-based pricing? Is it testing architectural awareness, such as the role of regions, subscriptions, resource groups, or core compute and networking services? Or is it checking your understanding of governance, such as policy enforcement, compliance resources, cost visibility, or monitoring? This classification step prevents you from being pulled toward distractors from adjacent topics.

Because AZ-900 is a fundamentals exam, scenario wording is often lightweight but deliberate. One or two words can determine the best answer. Terms such as “automatically scale,” “enforce,” “monitor,” “compliant,” “predictable cost,” “high availability,” or “least administrative effort” usually point to specific service categories or cloud concepts. Read for intent, not just keywords. The wrong answer often contains a familiar Azure product that sounds useful but does not solve the exact problem named in the prompt.

Exam Tip: In a full mock, do not spend too long on one item. AZ-900 questions are usually designed to be answered from recognition and foundational understanding. If you are stuck, eliminate obviously wrong options, choose the best remaining answer, mark the pattern mentally, and continue.

Your score from the full mock should be broken down by domain and by error type. Strong candidates do not just ask, “What did I get wrong?” They ask, “Why did I get it wrong?” Typical causes include confusing two similar services, missing a negative word such as “not,” applying advanced technical assumptions to a foundational question, or forgetting the difference between a service’s purpose and a broader category. Use the full-length mock as both a performance test and a diagnostic instrument.

Section 6.2: Detailed answer review with rationale and distractor analysis

The most valuable part of any mock exam is the answer review. A score alone does not build exam readiness; rationale does. For every missed item, and even for questions you guessed correctly, study why the correct answer is right and why the distractors are attractive but wrong. This is especially important for AZ-900 because Microsoft-style distractors are often not absurd. They are usually plausible technologies placed in the wrong context.

Begin your review by grouping mistakes into patterns. If you repeatedly confuse Azure Policy with resource locks, that signals a governance distinction problem. If you mix up Azure Monitor and Microsoft Cost Management, that reflects a tool-purpose problem. If you choose IaaS when the scenario is really about abstracting infrastructure management, you may need to revisit cloud service models. The point is to convert errors into categories you can fix, not to memorize isolated corrections.

Rationale review should always include the exam objective behind the item. For example, if the answer depends on understanding shared responsibility, the tested concept is not just security in general. It is whether you know how responsibility changes across on-premises, IaaS, PaaS, and SaaS. If the answer depends on resiliency, identify whether the exam is really targeting availability zones, regions, region pairs, or the broader idea of fault tolerance. This objective-first review makes your studying more transferable across future questions.

Exam Tip: When reviewing distractors, ask why Microsoft included each one. Usually it is because many candidates hold a partial truth about that option. Learn the boundary of each service. Boundary awareness is often what separates a correct answer from a tempting distractor.

Also review your correct answers critically. If you answered correctly for the wrong reason, that is still a weakness. Confidence should come from clear recognition of service purpose and exam wording, not lucky elimination. A final review chapter is the ideal time to refine your thought process so that on exam day you can recognize patterns quickly and avoid being trapped by familiar but imprecise answer choices.

Section 6.3: Weak-domain remediation for Describe cloud concepts

If your weak spot analysis shows trouble in Describe cloud concepts, focus on the foundational comparisons that Microsoft returns to again and again. This domain includes shared responsibility, cloud models, cloud service types, and pricing logic. Many candidates lose points here because the material feels basic, so they study it casually. In reality, these concepts are highly testable because they reveal whether you understand what cloud computing changes and what it does not change.

Start with cloud models: public, private, and hybrid. Be able to identify them from business language rather than definitions alone. If a scenario mentions full provider ownership and internet-delivered services, think public cloud. If it emphasizes dedicated infrastructure for one organization, think private cloud. If it involves integrating on-premises resources with cloud services, think hybrid. The exam may not ask for textbook wording; it often tests whether you can classify a real-world description correctly.

Next, review IaaS, PaaS, and SaaS through responsibility boundaries. IaaS gives the customer the most control and also the most management responsibility among the three cloud service models. PaaS removes much of the platform administration burden. SaaS delivers the finished application with the least infrastructure management by the customer. Shared responsibility questions often combine these ideas, so know how security, maintenance, and configuration responsibilities shift.

Consumption-based pricing, OpEx versus CapEx, elasticity, scalability, and high availability are also common targets. Watch for wording traps. Scalability is not exactly the same as elasticity, and predictable long-term ownership is not the same as pay-as-you-go flexibility. The exam expects you to recognize business benefits of cloud adoption, not calculate advanced financial scenarios.

Exam Tip: If two choices both seem cloud-related, choose the one that most directly matches the operational or business outcome in the scenario. AZ-900 often rewards concept precision over broad familiarity.

A practical remediation strategy is to create a one-page comparison sheet for cloud models and service types. Include who manages what, typical use cases, and common distractor pairings. Then revisit your mock exam misses and map each one to the comparison sheet. This method strengthens recall and helps you answer by understanding rather than by memorization.

Section 6.4: Weak-domain remediation for Describe Azure architecture and services

This domain is often the broadest for candidates because it covers core architectural components and common Azure services. If this is your weakest area, do not try to memorize every Azure product. For AZ-900, focus on service categories, primary use cases, and how major architectural elements relate to each other. The exam is testing recognition of purpose, not deep engineering design.

Start with the structural hierarchy: management groups, subscriptions, resource groups, and resources. Many test takers know the terms but confuse their scope. Understand that subscriptions organize billing and access boundaries, resource groups hold related resources, and resources are the actual service instances. Regions and availability zones are also essential. The exam commonly tests high availability and resiliency through these concepts, so know the difference between geographic presence and isolated datacenter locations within a region.

Then review the major service families. For compute, know the purpose of virtual machines, containers, and serverless offerings. For networking, understand virtual networks, load balancing concepts at a foundational level, and connectivity basics. For storage, distinguish among blobs, files, queues, and disks by workload type. For identity, recognize Azure Active Directory, now commonly referred to as Microsoft Entra ID, as the identity and access service rather than a general infrastructure component. For database and analytics categories, understand broad purpose instead of advanced administration.

Common traps in this domain come from selecting a real Azure service that is helpful but not the best fit. For example, an answer may offer a storage product when the scenario is really about identity, or a networking tool when the key requirement is application hosting simplicity. Read the core need carefully: hosting, authentication, storage type, geographic resiliency, or managed platform experience.

Exam Tip: Build quick mental labels for services. Instead of trying to remember every feature, remember each service’s primary job. On AZ-900, primary job recognition is usually enough to eliminate distractors.

Remediation works best when you organize services by category and attach one sentence of purpose to each. Then revisit missed questions and ask which single requirement in the scenario should have led you to the correct category. This trains the exact best-answer logic the exam expects.

Section 6.5: Weak-domain remediation for Describe Azure management and governance

If your scores are weakest in management and governance, focus on tool purpose and administrative intent. This domain includes cost management, policy enforcement, compliance resources, security posture awareness, and monitoring capabilities. These topics often appear together, which is why candidates confuse them. The fastest way to improve is to sort them by what action they are meant to support: monitor, control, secure, audit, or optimize cost.

Start with cost-related tools and concepts. Know that Microsoft Cost Management helps analyze and track spending. Understand the role of tags at a high level for organization and reporting. Recognize the difference between reducing waste and enforcing technical compliance. Then move to governance tools such as Azure Policy and resource locks. Azure Policy is about enforcing or auditing standards. Locks are about preventing accidental deletion or modification. These are related but not interchangeable, and Microsoft frequently tests that distinction.

For compliance and trust, know the purpose of resources such as the Service Trust Portal. For security posture, understand the high-level role of Microsoft Defender for Cloud. For monitoring, know the purpose of Azure Monitor and how it differs from governance or cost tools. Questions in this domain often include several administrative products in one answer set. The right answer is usually the tool that directly aligns with the requested outcome.

Be careful with broad words like “secure,” “manage,” or “optimize.” They can point to several Azure services. Look for the specific verb in the scenario. “Enforce” suggests policy. “Prevent deletion” suggests a lock. “Track spending” suggests cost management. “Collect and analyze telemetry” suggests monitoring. “Review compliance documentation” suggests trust and compliance resources.

Exam Tip: Governance questions often test whether you can separate prevention, visibility, and guidance. Different Azure tools may contribute to all three, but only one usually matches the primary action in the prompt.

A strong remediation method is to create a table with columns for Tool, Primary Purpose, What It Does Not Primarily Do, and Common Distractors. This is especially effective for AZ-900 because many wrong answers are only wrong by one degree of purpose. Clarifying that purpose sharply improves answer accuracy.

Section 6.6: Final review strategy, confidence check, and exam day success tips

Your final review should be light on new studying and heavy on reinforcement. In the last phase before the exam, revisit only the highest-yield material: cloud model comparisons, shared responsibility, core Azure architectural components, common service purposes, and governance tool distinctions. Read your weak spot notes, review rationale from missed mock items, and confirm that you can now explain why the correct answer is correct. This is what turns passive familiarity into active exam readiness.

Confidence checking is also important. Ask yourself whether you can classify a question by domain within a few seconds. Can you identify when an item is really about pricing versus governance, or architecture versus identity? Can you explain the difference between a region and an availability zone, or between Azure Policy and a resource lock, without hesitation? If not, target those exact distinctions one more time. Last-minute review should sharpen boundaries, not expand scope.

The Exam Day Checklist lesson should become a practical routine. Verify your test appointment, identification requirements, and testing environment if you are taking the exam remotely. Get proper rest and avoid cramming unfamiliar details. On the day itself, read every question carefully, especially modifiers such as “best,” “most appropriate,” “minimize,” “enforce,” or “automatically.” These words often determine the correct answer. Use elimination confidently. If one choice is too broad and another precisely addresses the stated need, the precise option is usually the better pick.

Exam Tip: If you feel uncertain during the exam, return to fundamentals. AZ-900 rewards clear understanding of purpose and responsibility more than niche technical detail. Do not talk yourself out of a straightforward answer because it seems too simple.

Finally, remember what this chapter is designed to build: not just a passing score, but calm, repeatable performance. Complete the full mock, review the rationale deeply, remediate weak domains, and walk into the exam with a plan. Candidates who succeed on AZ-900 usually do not know every possible fact. They know the official objectives, they recognize Microsoft question patterns, and they trust their best-answer logic. That is the mindset to carry into exam day.