AZ-900 Practice Test Bank: 200+ Questions

Section 1.1: AZ-900 exam purpose, audience, and certification value

AZ-900 is Microsoft’s entry-level Azure certification exam. Its purpose is to confirm that a candidate understands foundational cloud concepts and can recognize core Azure services, pricing principles, governance tools, and management capabilities. This exam is not intended to prove deep engineering skill. Instead, it validates broad awareness and accurate service recognition. That distinction matters because many first-time candidates either underestimate the exam as “just basics” or overcomplicate it by studying like an administrator or architect.

The intended audience includes students, career changers, sales professionals, project managers, business analysts, technical support staff, and aspiring cloud engineers. It is also useful for IT professionals who have experience in other platforms but need Azure-specific fundamentals. On the exam, Microsoft often frames topics in practical business language. For example, a question may focus on cost predictability, governance, availability, or deployment flexibility rather than detailed configuration steps. That is why foundational understanding is more important than memorizing portal screens.

Certification value comes from signaling cloud literacy. AZ-900 demonstrates that you can discuss cloud models, consumption-based pricing, Azure resource categories, and basic governance concepts in a credible way. It can support entry into more advanced Azure studies such as administrator, security, data, or AI-focused paths. It also helps non-technical professionals participate more effectively in cloud conversations. Employers often view AZ-900 as evidence that a candidate has learned the language of Azure, even if they are not yet a hands-on specialist.

Exam Tip: On the test, the wrong answers are often more advanced than necessary. If one option sounds like a specialized or expert-level feature while another matches a basic cloud principle directly, the fundamentals-level answer is usually the better choice.

A common trap is assuming that because AZ-900 is introductory, every question is obvious. In reality, the exam tests whether you can separate similar ideas: IaaS versus PaaS, CapEx versus OpEx, governance versus monitoring, or authentication versus authorization. The best preparation mindset is to aim for precise understanding, not shallow familiarity. If you can explain what a service or concept is for, when it is used, and how it differs from nearby alternatives, you are studying at the right level for the exam.

Section 1.2: Exam registration process, scheduling options, and identification requirements

Registering for AZ-900 is straightforward, but candidates should still treat the logistics seriously. You typically begin through Microsoft’s certification page, where the exam listing provides current information about language availability, exam providers, pricing, and scheduling. From there, you choose a delivery option, create or confirm your certification profile, and select an appointment time. Always verify the official exam details close to your booking date because delivery policies and processes can change.

Most candidates choose between testing at a physical test center or taking the exam online with remote proctoring. A test center can be a strong choice if you want a controlled environment with fewer home-technology risks. Online delivery offers convenience, but it requires careful preparation. You may need to run a system check, ensure webcam and microphone access, confirm a stable internet connection, and prepare a quiet testing space. If anything in your setup is unreliable, that convenience can quickly become stress on exam day.

Identification requirements are especially important. Your registration name should match your government-issued identification exactly or closely enough to meet the testing provider’s rules. Mismatches can delay or prevent admission. If you test online, you may also need to present identification to the proctor and show your room or desk area. Remove unauthorized materials in advance. Do not assume a casual setup will be accepted.

Exam Tip: Schedule your exam only after you can consistently perform well on practice questions by objective area, not just by total score. Readiness should be measured by domain confidence, not optimism.

Another important strategy is appointment timing. Choose a time of day when your focus is naturally strongest. Beginners often book too early because they want a deadline, then rush the final week. A better method is to build your study plan first, identify realistic review milestones, and then schedule your exam with enough buffer for revision. Also review rescheduling and cancellation policies ahead of time. Knowing the rules reduces pressure and helps you make rational decisions if your preparation timeline changes.

From an exam-coach perspective, logistics are part of performance. Candidates who prepare their testing environment, identification, and appointment details in advance free up mental energy for the exam itself. Administrative mistakes are avoidable, and there is no reason to lose confidence before the first question appears.

Section 1.3: Question formats, time limits, scoring model, and passing expectations

AZ-900 typically includes a variety of question formats rather than one single style. You may see traditional multiple-choice items, multiple-response items, matching-style tasks, and scenario-based prompts. Microsoft can update item design over time, so the exact presentation may vary. The key exam skill is not mastering a format mechanically but reading carefully enough to identify what the question is truly testing. Many candidates lose points because they rush through familiar-looking questions and miss a keyword such as “best,” “most cost-effective,” or “responsibility of the customer.”

The exam has a limited time window, so pacing matters. You do not need to answer at an extreme speed, but you do need a disciplined rhythm. Questions in a fundamentals exam are usually shorter than advanced role-based exams, yet they still require attention to wording. A strong strategy is to move steadily, avoid getting stuck, and use elimination. If two options are clearly wrong, reduce the decision to the remaining plausible choices and compare them against the exact requirement in the prompt.

Microsoft uses a scaled scoring model, and a passing score is commonly presented as 700 on a scale of 100 to 1000. Candidates should understand that scaled scoring does not mean every question contributes equally in a simple visible way. Your goal is not to calculate points during the test. Your goal is to maximize correct reasoning across all domains. Because the exam is fundamentals-focused, broad consistency is more valuable than deep strength in only one area.

Exam Tip: Do not assume that a longer or more technical answer is the better answer. In AZ-900, concise options that match a cloud concept directly are often correct because the exam tests recognition of fundamentals, not design complexity.

A common trap is misunderstanding “passing expectations.” Candidates sometimes think they can compensate for weak domain knowledge by guessing through one section and relying on another. That is risky. Since the exam objectives span cloud concepts, architecture and services, and management and governance, your study plan should produce balanced readiness. Another trap is overinterpreting unofficial score reports or practice percentages. Practice tests are useful when they reveal patterns in your mistakes, not when they merely produce a number.

The mindset for scoring should be calm and methodical. Read the scenario, identify the tested concept, eliminate distractors, and choose the answer that most directly satisfies the requirement. Confidence on AZ-900 comes from recognition and precision, not from speed alone.

Section 1.4: Official domain overview: Describe cloud concepts; Describe Azure architecture and services; Describe Azure management and governance

The official AZ-900 blueprint is organized into three major domains, and understanding this map is one of the most important steps in your preparation. First, Describe cloud concepts covers cloud computing principles such as high availability, scalability, elasticity, reliability, predictability, security, governance, and manageability. It also includes cloud service models like IaaS, PaaS, and SaaS, deployment models such as public, private, and hybrid, shared responsibility concepts, and the basics of consumption-based pricing. This domain tests whether you understand why organizations use cloud services and how responsibility changes depending on the model.

Second, Describe Azure architecture and services is broader and usually central to the exam. Here you need to identify core architectural components such as regions, region pairs, availability zones, subscriptions, management groups, and resource groups. You also need foundational awareness of compute, networking, storage, identity, and related solution categories. That does not mean advanced implementation detail. Instead, Microsoft expects you to recognize what services are for and when they fit a business or technical need. For example, know the difference between virtual machines, containers, serverless options, virtual networking, and identity services at a conceptual level.

Third, Describe Azure management and governance focuses on how organizations control, secure, monitor, and optimize their Azure environments. This includes governance tools, policy concepts, compliance ideas, cost management, service-level thinking, and monitoring capabilities. Questions in this area often test whether you can distinguish between tools that enforce rules, tools that track spending, and tools that provide operational insight. Beginners often confuse these categories because they all sound administrative. The exam expects clean separation of purpose.

Exam Tip: When mapping domains, ask yourself three questions for every topic: What is it? What problem does it solve? How is it different from similar Azure options? That three-part test is ideal for AZ-900 readiness.

From a study standpoint, domain mapping prevents wasted effort. If a topic feels highly specialized, deeply command-line driven, or configuration-heavy, verify whether it belongs in AZ-900 depth. The exam rewards breadth with clarity. A practical plan is to create three major notebooks or note sections that mirror the official domains. Under each, list the tested concepts and add brief comparison notes. This structure will make later revision and practice analysis much easier.

Section 1.5: Study planning, note-taking, revision cycles, and practice test strategy

A beginner-friendly AZ-900 study plan should be structured, realistic, and repeatable. Start by dividing your preparation into the three official domains. Give the largest block of time to Azure architecture and services, but do not neglect cloud concepts or governance topics. A balanced plan often works better than a cram-heavy approach because AZ-900 rewards consistent recognition across the full objective list. If you are new to cloud, begin with cloud concepts first so that later Azure-specific services make sense in context.

Note-taking should be active rather than decorative. Avoid copying product descriptions word for word. Instead, create compact notes in a compare-and-contrast style. For each concept or service, write: definition, purpose, common exam clue words, and likely confusion point. For example, if two services sound similar, your notes should highlight the difference in one sentence. This style directly supports exam performance because it trains the elimination skills you need during the test.

Revision works best in cycles. Study a topic, summarize it in your own words, revisit it after a short delay, and then test it. A useful rhythm is learn, review, practice, and revisit. Each cycle should include weak-area correction. Do not simply reread material you already know. If practice results show repeated mistakes in governance, pricing, or identity, shift your next review block toward those objectives. This is how practice tests become diagnostic tools instead of confidence theater.

Exam Tip: Use practice tests late enough to measure understanding, but early enough to fix patterns. The best time to start full mixed practice is after you have covered all domains once and built summary notes.

Your practice strategy should include both domain-focused sets and full-length mixed reviews. Domain-focused practice helps you isolate confusion. Mixed practice helps you switch quickly between topics, which mirrors exam conditions. After each session, analyze every wrong answer and every lucky guess. A guess that happened to be correct still reveals a weak area. Keep an error log with columns such as objective, mistaken assumption, correct concept, and memory cue. This log often becomes your highest-value revision resource in the final week.

Finally, build a readiness checkpoint before booking or sitting the exam. You should be able to explain major concepts clearly, recognize core Azure service categories, and stay calm while eliminating distractors. Readiness is not perfection. It is steady performance, controlled reasoning, and familiarity with the exam blueprint.

Section 1.6: Common beginner mistakes and how to avoid them on exam day

The most common beginner mistake is studying Azure as an unorganized list of products instead of as an exam blueprint. When candidates do this, they may know many service names but still struggle to answer basic objective-driven questions. Avoid this by tying every study session to one of the official domains and by asking what the exam is likely to test: purpose, category, benefit, limitation, or comparison. A second major mistake is confusing similar concepts such as responsibility versus ownership, authentication versus authorization, or governance versus monitoring. These distinctions appear frequently because they reveal whether you truly understand the material.

Another trap is overreliance on memorization without scenario reasoning. AZ-900 often frames concepts in business terms. If you have only memorized definitions, you may miss the right answer when the wording changes. Practice recognizing clue words that point to cost control, compliance, scalability, elasticity, availability, or managed service responsibility. Candidates also lose marks by reading too quickly. One missed word can completely change the requirement. Slow down just enough to identify the exact ask before reviewing the options.

Exam Tip: If two answers look correct, ask which one fits the requirement most directly at the fundamentals level. The exam usually rewards the clearest conceptual match, not the most feature-rich option.

On exam day, poor logistics can create avoidable stress. Do not arrive late, test on an unreliable device, or ignore identification rules. If testing online, prepare your room and technology in advance. During the exam, manage your attention. Do not panic if a question feels unfamiliar. Use elimination, focus on keywords, and move forward. A fundamentals exam is not won by perfection on every item. It is won by steady, disciplined choices across the full question set.

Finally, avoid the emotional mistake of changing many answers without a clear reason. Your first choice is often correct when it is based on solid recognition of a concept. Change an answer only if you identify a specific misread or recall a definite fact that contradicts your original selection. Trust your preparation, stay objective, and remember the real goal of AZ-900: demonstrating that you can understand and communicate Azure fundamentals with confidence.

Section 2.1: Defining cloud computing and the shared responsibility model

Cloud computing is the delivery of computing services over the internet. These services include servers, storage, databases, networking, analytics, and software. For AZ-900, the exam does not require a complex engineering definition. Instead, it expects you to recognize that cloud computing allows organizations to access IT resources on demand, scale as needed, and pay according to usage or subscription models. In simple terms, cloud computing shifts organizations away from buying and maintaining all infrastructure themselves.

A major exam objective tied to this definition is the shared responsibility model. This model explains which tasks are handled by the cloud provider and which remain with the customer. In a public cloud environment, the provider is responsible for the physical datacenter, physical hosts, and foundational infrastructure. The customer is still responsible for how services are configured, for protecting their data, and for managing access appropriately. This is a frequent exam topic because it connects cloud concepts to security, governance, and operational planning.

The key pattern to memorize is that customer responsibility decreases as you move from IaaS to PaaS to SaaS. In IaaS, the customer still manages operating systems, apps, and much of the configuration. In PaaS, the provider manages more of the platform, so the customer focuses mainly on applications and data. In SaaS, the provider manages almost everything except the customer’s data, identities, and usage configurations. The exam often tests this as a comparison rather than a detailed table.

Common trap: candidates sometimes assume that moving to the cloud means the provider handles all security. That is incorrect. Security remains shared. Even in SaaS, customers are still responsible for account security practices, data classification, and correct access permissions.

Exam Tip: If a question asks who is responsible for physical security in a public cloud datacenter, the answer is the cloud provider. If it asks who is responsible for data access settings or account management, that responsibility stays with the customer.

What the exam is really testing here is whether you understand that cloud does not eliminate responsibility; it redistributes it. When reading answer choices, look for words like physical hardware, operating system, application, data, and identity. Those terms usually reveal where the responsibility line is being drawn.

Section 2.2: Compare public, private, and hybrid cloud models

AZ-900 expects you to compare the three primary cloud deployment models: public cloud, private cloud, and hybrid cloud. A public cloud is owned and operated by a third-party provider and delivers resources over the internet to multiple customers. Azure is a public cloud platform. For exam purposes, public cloud is usually associated with high scalability, fast provisioning, and reduced need to manage physical hardware.

A private cloud is a cloud environment used by a single organization. It may be hosted in an organization’s own datacenter or by a third party, but the environment is dedicated to one customer. Private cloud is commonly associated with greater control, custom requirements, and certain compliance or legacy workload needs. However, it often comes with higher management overhead and less elasticity than public cloud.

Hybrid cloud combines public and private cloud resources, allowing data and applications to move between environments as needed. This is one of the most tested deployment concepts because many real organizations are not fully public cloud. Hybrid cloud supports phased migration, regulatory constraints, disaster recovery design, and integration with existing on-premises systems. If a scenario mentions keeping some resources on-premises while extending others to the cloud, hybrid cloud is usually the correct answer.

Common exam trap: some learners confuse hybrid cloud with multicloud. Hybrid means combining on-premises or private infrastructure with public cloud. Multicloud means using services from more than one public cloud provider. AZ-900 may focus more on hybrid, so do not automatically choose a multivendor interpretation when the question clearly describes mixed on-premises and cloud deployment.

Exam Tip: Watch for scenario clues. “Maximum control” points toward private cloud. “Pay as you go” and “rapid scalability” point toward public cloud. “Keep sensitive systems on-premises while connecting to cloud services” points toward hybrid cloud.

The exam tests your ability to select the best-fit model. Public cloud is not always the answer simply because it is the default Azure context. Match the model to the business requirement, not to brand familiarity.

Section 2.3: Compare IaaS, PaaS, and SaaS service models

The three core cloud service models are IaaS, PaaS, and SaaS, and they appear repeatedly on AZ-900. Infrastructure as a Service, or IaaS, provides foundational computing resources such as virtual machines, storage, and networking. The customer still manages the operating system, middleware, runtime, applications, and data. IaaS is the right mental model when the scenario requires high control and customization.

Platform as a Service, or PaaS, gives customers a managed platform for developing and deploying applications. The provider manages the underlying infrastructure, operating system, and runtime environment, while the customer focuses mainly on the application and data. PaaS is often the tested answer when a scenario emphasizes developer productivity, reduced infrastructure management, or faster application deployment.

Software as a Service, or SaaS, delivers complete applications over the internet, usually through a browser or subscription-based access model. The provider manages the application and nearly all supporting layers. The customer simply uses the software and manages limited configuration, access, and their own data. SaaS is often associated with productivity suites, email platforms, and CRM systems.

A classic exam trap is confusing “less management” with “less capability.” SaaS minimizes management but also provides the least infrastructure control. IaaS provides the most control but requires the most administration. PaaS sits in the middle. On the test, read carefully for phrases like manage virtual machines, build applications without managing servers, or use a complete software solution.

Exam Tip: If the requirement is to deploy an application quickly without patching operating systems, PaaS is often the best answer. If the requirement is to run a custom environment with full OS control, choose IaaS. If the requirement is simply to consume software, choose SaaS.

What the exam is testing here is your ability to distinguish levels of management responsibility and control. Do not memorize only names. Memorize the pattern: more control means more responsibility; less management means less direct control.

Section 2.4: Benefits of high availability, scalability, elasticity, agility, and reliability

Cloud benefits are a favorite AZ-900 topic because they connect technical features to business outcomes. High availability means systems are designed to remain accessible, even when failures occur. In exam language, it means minimizing downtime. Reliability is closely related, but it focuses more broadly on the ability of a system to perform as expected over time. If a question emphasizes consistent operation despite disruptions, think about reliability and high availability together, but choose the term that most precisely matches the prompt.

Scalability refers to the ability to increase resources to meet higher demand. This can happen vertically, by adding more power to an existing resource, or horizontally, by adding more instances. Elasticity goes further: it means resources can automatically expand and contract based on demand. On the exam, if demand increases and then later decreases, elasticity is usually the better answer because it includes both scale-out and scale-in behavior.

Agility is another core cloud benefit. It means an organization can provision and reconfigure resources quickly. Instead of waiting weeks for hardware procurement and setup, cloud resources can often be deployed in minutes. This supports faster experimentation, quicker time to market, and simpler response to changing business needs.

Common trap: learners sometimes treat scalability and elasticity as interchangeable. They are related, but not identical. Scalability means the environment can grow. Elasticity means it can grow and shrink dynamically as needed.

Exam Tip: When you see “automatic adjustment based on demand,” think elasticity. When you see “designed to stay operational despite failure,” think high availability or reliability. When you see “rapid deployment of resources,” think agility.

The exam is not usually measuring engineering implementation details here. It is testing whether you can map business language like uptime, flexibility, performance under changing demand, and quick deployment to the correct cloud benefit.

Section 2.5: Consumption-based pricing, OpEx vs CapEx, and cloud economics

One of the biggest business shifts in cloud computing is the move toward consumption-based pricing. In this model, organizations pay for resources as they use them rather than purchasing all infrastructure upfront. Azure commonly uses pay-as-you-go pricing, which aligns costs more closely with actual demand. This is an essential AZ-900 concept because Microsoft wants candidates to understand why cloud appeals to both technical and financial decision-makers.

CapEx, or capital expenditure, refers to upfront spending on physical infrastructure such as servers, networking hardware, and datacenter space. OpEx, or operational expenditure, refers to ongoing spending for services and usage over time. Public cloud often shifts cost patterns from CapEx toward OpEx. Instead of buying hardware in advance for peak demand, an organization can consume resources when needed and stop paying when those resources are no longer required.

This does not mean cloud is always cheaper in every scenario. The exam is usually testing flexibility, predictability of scaling, and reduction of upfront investment rather than absolute cost savings in all cases. Be careful with answer choices that use extreme wording such as “always less expensive” or “eliminates all costs.” Those are usually traps.

Another benefit of cloud economics is avoiding overprovisioning. In traditional environments, organizations often buy more hardware than immediately needed to prepare for growth. In cloud models, they can provision closer to current demand and expand when required. That improves financial efficiency and supports experimentation with less risk.

Exam Tip: If the question emphasizes no large upfront purchase, think OpEx and consumption-based pricing. If it emphasizes buying hardware and owning assets, think CapEx. If it emphasizes paying only for what is used, the tested concept is usually consumption-based pricing.

What the exam is looking for is your understanding that cloud changes both technical operations and budgeting strategy. Focus on the relationship between variable usage, reduced upfront commitment, and faster access to resources.

Section 2.6: Exam-style practice set for Describe cloud concepts with answer review

This chapter does not include direct quiz items in the text, but you should still prepare for the way AZ-900 frames cloud concept questions. Most items in this domain are short, practical, and keyword-driven. They test recognition of the best cloud model, service model, pricing model, or cloud benefit for a business requirement. To perform well, train yourself to identify what the question is really asking before reading all answer options too deeply.

A good exam workflow is: first, identify the objective being tested; second, underline mentally the critical business requirement; third, eliminate answers that are true in general but not the best match; and fourth, verify that the remaining answer aligns with the exact wording. For example, if the requirement is reduced infrastructure management, eliminate IaaS before deciding between PaaS and SaaS. If the requirement is keeping some systems on-premises, eliminate public-only answers and focus on hybrid cloud.

Common traps in this domain include confusing scalability with elasticity, mixing cloud deployment models with service models, and assuming the provider is responsible for everything. Another trap is choosing an answer because it sounds more advanced. AZ-900 usually rewards the simplest concept that best fits the scenario. If the prompt asks about software delivered via subscription, SaaS is enough; do not overcomplicate it.

Exam Tip: Watch for absolute words such as “always,” “never,” and “all.” Fundamentals exams often use these to bait overconfident test-takers. Cloud concepts usually involve tradeoffs, shared responsibility, and best-fit choices rather than universal rules.

As you review practice questions from the test bank, keep a simple error log. Record whether each mistake came from a vocabulary confusion, a rushed reading error, or a false assumption. That study habit helps you improve much faster than merely re-reading notes. By the end of this chapter, your goal is not just to define cloud concepts, but to recognize them instantly in exam scenarios and choose the strongest answer with confidence.

Section 3.1: Azure regions, region pairs, availability zones, and geographies

Azure’s global infrastructure is a favorite AZ-900 topic because it introduces the physical layout behind cloud services. A region is a set of datacenters deployed within a specific geographic area. When the exam asks where Azure services are hosted, region is often the key term. Customers choose regions for reasons such as latency, data residency, compliance, and service availability. Not every Azure service is available in every region, so the exam may test your awareness that service availability can vary by location.

An availability zone is different from a region. Availability zones are physically separate datacenter locations within the same Azure region. They are designed to improve resiliency by isolating power, cooling, and networking. If the scenario mentions protection against datacenter-level failure within a single region, availability zones are usually the best match. Exam Tip: If the question says “within the same region,” think availability zones before you think region pairs.

Region pairs are another resilience concept. Azure pairs certain regions within the same geography to support disaster recovery and planned platform updates. This is broader than availability zones. Region pairs help with continuity across regions rather than inside one region. A common exam trap is confusing the two. Availability zones protect against a local datacenter issue; region pairs help support broader regional resiliency.

A geography is a larger market boundary that contains one or more Azure regions and typically preserves data residency and compliance boundaries. Questions may refer to geographies when discussing legal or regulatory requirements. If the scenario is about national or regional compliance rather than technical deployment design, geography is likely the tested concept.

• Region = local deployment area with one or more datacenters
• Availability zone = separate physical locations within one region
• Region pair = two paired regions for broader resiliency
• Geography = a larger data residency and compliance boundary

What the exam really tests here is your ability to match business language to infrastructure language. “Low latency to users” points toward region selection. “Protection from a datacenter outage” points toward availability zones. “Disaster recovery across regions” points toward region pairs. “Data residency requirements” points toward geographies. If you keep the scope of each term in mind, these questions become much easier.

Section 3.2: Resources, resource groups, subscriptions, management groups, and hierarchy

Azure also has a logical management structure, and AZ-900 frequently tests whether you understand this hierarchy. At the bottom are resources, which are individual service instances such as a virtual machine, storage account, or virtual network. A resource is the actual thing you deploy and manage. If the exam asks what represents a manageable Azure item created by a customer, the answer is usually resource.

Resource groups are logical containers for resources. They are used to organize related services that share a lifecycle, permissions model, or deployment purpose. For example, a web app, database, and storage account for one application might be placed in the same resource group. The exam often checks whether you know that a resource group can contain multiple resources, but a resource can belong to only one resource group at a time. This is a common trap.

A subscription sits above resource groups. It provides a billing boundary and access control boundary. In practical terms, usage charges are tied to the subscription, and Azure policies or limits may be applied at that level. If a question mentions billing, account segmentation, or separating environments for cost tracking, subscription is often the right choice. Exam Tip: Think “money and access boundary” when you see subscription.

Management groups are above subscriptions and are used to apply governance consistently across multiple subscriptions. Large organizations use them to create hierarchy and apply Azure Policy or role-based access controls at scale. Microsoft likes to test management groups as the enterprise governance layer rather than a deployment container.

The hierarchy generally looks like this:

• Management groups
• Subscriptions
• Resource groups
• Resources

The exam is not trying to turn you into an Azure administrator here. It is testing whether you know where things belong and what each layer controls. If the requirement is organizing services for one application, think resource group. If it is tracking charges or separating departments, think subscription. If it is enforcing policy across many subscriptions, think management group. Avoid the trap of selecting the most familiar term without checking the required scope.

Section 3.3: Core compute services: virtual machines, containers, App Service, and serverless

Compute questions on AZ-900 focus on choosing the right execution model. Azure Virtual Machines provide infrastructure as a service. They offer the most control because you manage the operating system, software, and many configuration choices. If a scenario requires custom OS settings, legacy software, or full administrative control, virtual machines are often the correct answer. The tradeoff is management overhead.

Containers package an application and its dependencies in a lightweight, portable format. They are useful when consistency across environments matters. AZ-900 may mention Azure Container Instances or Azure Kubernetes Service at a high level, but the key idea is that containers are more lightweight than full virtual machines. A common trap is assuming containers are always serverless. They are not the same thing.

Azure App Service is a platform as a service offering for hosting web apps, mobile back ends, and APIs. It abstracts away much of the infrastructure management. If the requirement is to deploy a web application quickly without managing servers, App Service is often the best fit. This is a classic AZ-900 distinction: virtual machines give maximum control, while App Service gives managed hosting convenience.

Serverless usually refers to services where code runs in response to events and Azure manages the infrastructure automatically. Azure Functions is the most common example for AZ-900. If the prompt describes event-driven execution, automatic scaling, or paying only when code runs, think serverless. Exam Tip: Watch for wording like “run code in response to a trigger” or “no server management required.” Those are strong clues for Azure Functions rather than VMs or App Service.

• VMs = most control, highest management responsibility
• Containers = portable application packaging
• App Service = managed web hosting platform
• Serverless/Functions = event-driven code execution

What the exam tests is service selection based on tradeoffs. More control usually means more management. More abstraction usually means less control but easier deployment. If you identify the need first, the answer becomes clearer. Do not choose a VM just because it sounds powerful. AZ-900 often rewards the managed option when the scenario does not require OS-level control.

Section 3.4: Core networking services: virtual networks, VPN, ExpressRoute, DNS, and load balancing

Networking questions at the AZ-900 level test fundamental connectivity concepts rather than advanced design. An Azure Virtual Network is the basic private network in Azure. It enables Azure resources such as virtual machines to communicate securely with each other, the internet, and on-premises environments when configured appropriately. If the question asks how resources communicate privately inside Azure, virtual network is the likely answer.

VPN Gateway connects an on-premises network to Azure over the public internet using encryption. This is important because the exam often contrasts it with ExpressRoute, which provides a private dedicated connection between on-premises infrastructure and Azure without traversing the public internet in the same way. If the scenario emphasizes higher reliability, more consistent performance, or private connectivity, ExpressRoute is usually the stronger match. If it emphasizes secure connectivity over the internet, VPN is usually correct.

Azure DNS hosts DNS domains and provides name resolution using Azure infrastructure. AZ-900 questions here are usually straightforward: if the requirement is translating domain names to IP addresses using Azure-managed DNS services, Azure DNS is the answer.

Load balancing is another tested concept. Azure offers services that distribute incoming traffic across multiple resources to improve availability and performance. At the fundamentals level, remember the purpose more than the detailed SKU list: load balancers help spread traffic and prevent a single backend from handling all requests. A common trap is confusing networking connectivity with traffic distribution. A virtual network connects resources; a load balancer distributes requests.

Exam Tip: Look for these clues: “private network” suggests virtual network, “encrypted over internet” suggests VPN, “dedicated private link” suggests ExpressRoute, “name resolution” suggests DNS, and “distribute incoming traffic” suggests load balancing.

What the exam is really doing in this topic is testing whether you can classify services by function. Connectivity, name resolution, and traffic distribution are separate networking purposes. Once you sort the requirement into the right category, most networking questions become easy elimination exercises.

Section 3.5: Core storage and database services: Blob, Disk, Files, Table, Azure SQL, and Cosmos DB

Storage and database service selection is heavily tested on AZ-900 because it reflects real-world cloud decision-making. Azure Blob Storage is object storage for large amounts of unstructured data such as images, documents, backups, media, and logs. When the scenario mentions files that are not part of a traditional file system structure for user sharing, Blob Storage is often the correct answer.

Azure Disk Storage provides persistent block storage for Azure virtual machines. Think of managed disks as the virtual hard drives attached to VMs. If the exam describes storage for a VM operating system or application data attached to a VM, disk storage is the better fit than Blob or Files.

Azure Files offers managed file shares that can be accessed using standard SMB protocols. If the requirement is shared file access across systems, especially with familiar file share semantics, Azure Files is usually correct. This is a common exam distinction: Blob is object storage, while Azure Files is file-share storage.

Azure Table Storage stores structured NoSQL key-attribute data. It is simpler than relational storage and useful for certain scalable NoSQL scenarios. On the exam, Table Storage may appear as the lightweight NoSQL storage option, but if the wording emphasizes global distribution and multiple consistency models, Azure Cosmos DB is the intended answer instead.

Azure SQL Database is a managed relational database service. It is the right choice for structured data, tables with relationships, and SQL queries. Azure Cosmos DB is a globally distributed NoSQL database designed for low latency and high scalability. Exam Tip: If the prompt includes phrases like “relational,” “transactional SQL,” or “structured schema,” choose Azure SQL. If it includes “globally distributed,” “NoSQL,” “planet-scale,” or “low-latency access worldwide,” choose Cosmos DB.

• Blob = unstructured object data
• Disk = persistent storage for VMs
• Files = managed file shares
• Table = simple NoSQL key-attribute storage
• Azure SQL = managed relational database
• Cosmos DB = globally distributed NoSQL database

The exam tests whether you can connect the data type and access pattern to the correct service. Do not get distracted by brand familiarity. Focus on whether the data is object, file, block, relational, or NoSQL. That classification is usually enough to eliminate the wrong answers quickly.

Section 3.6: Exam-style practice set for Describe Azure architecture and services fundamentals

This final section is about how to think through architecture and services questions under exam pressure. In this domain, Microsoft often presents short scenarios with several valid Azure terms. Your job is to identify the best answer, not just a technically possible one. Start by underlining the requirement category in your mind: location and resiliency, hierarchy and governance, compute model, networking function, or storage/database type.

For example, if a question describes a need for high availability inside a single region, you should immediately narrow to availability zones rather than region pairs. If it describes organizing resources that belong to one application deployment, resource groups should come to mind before subscriptions or management groups. If a scenario mentions running code only when an event occurs, serverless options should outrank virtual machines.

Exam Tip: Use keyword analysis aggressively. Terms such as “global,” “relational,” “private,” “event-driven,” “shared files,” “internet-based encrypted connection,” and “billing boundary” are often enough to point to the intended service. Microsoft writes many AZ-900 items so that one or two keywords separate the correct choice from close distractors.

Another useful technique is elimination by service role:

• If it stores data, it is not a networking service.
• If it organizes and governs resources, it is not a compute service.
• If it provides private connectivity, it is not a DNS service.
• If it distributes traffic, it is not the same thing as the network itself.

Also watch for scope traps. Management groups apply across subscriptions, while resource groups organize individual resources. Availability zones operate within a region, while region pairs operate across regions. Azure SQL is relational, while Cosmos DB is NoSQL. Many wrong answers are not completely false; they are simply the wrong scope or wrong architecture pattern.

As you practice, build a quick mental checklist: What is the requirement? What category does it belong to? Which Azure term matches that category most precisely? Which distractors are related but not exact? This approach will help you answer architecture and services questions with confidence and will strengthen your readiness for full AZ-900 mock exams later in the course.

Section 4.1: Azure identity services: Microsoft Entra ID, authentication, authorization, and conditional access basics

Identity is one of the most tested foundational topics in AZ-900 because it connects directly to secure access in Azure. Microsoft Entra ID, formerly Azure Active Directory, is Microsoft’s cloud-based identity and access management service. At the fundamentals level, you should recognize that Microsoft Entra ID helps organizations manage users, groups, applications, and sign-in access to cloud resources. It is not the same thing as a traditional on-premises Active Directory Domain Services deployment, even though exam items may place these choices side by side to test whether you can distinguish cloud identity from classic domain services.

Authentication answers the question, “Who are you?” Authorization answers, “What are you allowed to do?” This distinction appears constantly in entry-level cloud exams. If a scenario talks about verifying sign-in through a username, password, or multifactor authentication, that is authentication. If it talks about granting permissions to a subscription, resource group, or resource, that is authorization. Many candidates lose points because they treat the two words as interchangeable. The AZ-900 exam expects you to separate them clearly.

Conditional Access is another important concept. At a basic level, Conditional Access applies access decisions based on signals such as user identity, device state, location, or risk. For example, an organization might require multifactor authentication for administrators or block sign-ins from unexpected locations. You do not need to memorize advanced policy design for this exam, but you should understand the purpose: enforce access requirements when certain conditions are met.

Another key exam area is role-based access control, or RBAC. RBAC is used to assign permissions in Azure. If a question asks how to let someone manage virtual machines but not billing, or read resources without modifying them, RBAC is a strong clue. Microsoft Entra ID handles identity, while Azure RBAC helps control what an authenticated identity can do within Azure resources.

• Authentication = proving identity
• Authorization = granting permissions
• Conditional Access = applying access rules based on conditions
• RBAC = assigning access to Azure resources by role

Exam Tip: If the question includes words like sign-in, user identity, multifactor authentication, or single sign-on, start with Microsoft Entra ID. If it includes permissions, access to resources, Reader/Contributor/Owner, or least privilege, think Azure RBAC.

A common trap is confusing Microsoft Entra ID with Azure subscriptions or resource groups. Subscriptions organize billing and resource access scope. Resource groups organize related resources. Microsoft Entra ID manages identities. The exam may present all three in one scenario. Your task is to map each concept to its proper job.

Section 4.2: Core solutions: AI, machine learning, analytics, and IoT offerings at a fundamental level

AZ-900 does not require you to build AI models or engineer data pipelines, but it does expect you to identify broad Azure solution categories. The exam often tests whether you can tell the difference between AI services, machine learning services, analytics services, and IoT services. The key is to recognize the business need described in the scenario and match it to the right family of Azure offerings.

AI services are designed to add intelligent capabilities to applications, such as vision, speech, language, and decision support. If a question describes image recognition, speech transcription, translation, chatbot-style understanding, or text analysis, you should think of Azure AI service categories rather than infrastructure tools. Machine learning, by contrast, focuses on building, training, and deploying predictive models. When a scenario emphasizes training models with data, experimenting, or managing the machine learning lifecycle, Azure Machine Learning is a more likely fit than a prebuilt AI service.

Analytics services center on collecting, processing, querying, and visualizing data. The exam may describe very large datasets, business intelligence, dashboards, data processing, or deriving insights from structured and unstructured information. At the fundamentals level, think in broad terms: analytics tools help organizations make sense of data at scale. You are not usually being tested on detailed architecture choices between every Azure data product. Instead, the exam checks whether you can classify the need as analytics rather than AI or IoT.

IoT services relate to connected devices, telemetry, and communication between devices and the cloud. If a scenario mentions sensors, smart equipment, remote monitoring, or device-generated data flowing into Azure, you should think IoT. This is a frequent exam pattern: the same business problem may involve data, but if the source is connected devices, IoT is the stronger category clue.

Exam Tip: Look for the verb in the scenario. “Recognize,” “translate,” or “detect” often points to AI services. “Train,” “predict,” or “classify using custom data” suggests machine learning. “Analyze,” “query,” “report,” or “visualize” indicates analytics. “Monitor devices,” “collect sensor data,” or “connect equipment” points to IoT.

A common trap is assuming that any intelligent-looking workload must be Azure Machine Learning. On AZ-900, many scenarios are simpler and are better matched to prebuilt AI capabilities. Another trap is mistaking analytics for storage. Storage keeps data. Analytics extracts insight from data. Keep the distinction clear, and service selection questions become easier to eliminate.

Section 4.3: Security and management solutions: Defender for Cloud, Key Vault, and service trust concepts

This section brings together three ideas that are often tested together: posture management, secret protection, and trust in Microsoft cloud services. Microsoft Defender for Cloud is a cloud security posture management and workload protection solution. At the AZ-900 level, you should know that it helps assess the security state of Azure resources, provides recommendations, and helps strengthen security configurations. If a question asks for a service that identifies security weaknesses, improves compliance posture, or offers security recommendations across resources, Defender for Cloud is usually the target answer.

Azure Key Vault serves a very different purpose. It is used to securely store and manage secrets, encryption keys, and certificates. This difference matters. Defender for Cloud tells you about security posture and can recommend improvements; Key Vault stores highly sensitive material used by applications and services. Many learners mix these up because both are “security” services. The exam expects you to separate monitoring and recommendation from secure secret storage.

Service trust concepts also appear in fundamentals exams. Microsoft emphasizes trust through compliance offerings, privacy commitments, and documentation such as service trust resources. At a high level, you should understand that Azure provides information about security, privacy, compliance, and operational practices so customers can evaluate whether services meet organizational and regulatory requirements. You do not need to memorize legal text, but you should understand the concept of transparency and shared trust in cloud services.

Questions in this area may also connect back to the shared responsibility model. Microsoft is responsible for security of the cloud, while customers remain responsible for security in the cloud, depending on the service model. Defender for Cloud can help customers improve their part of that responsibility. Key Vault can help protect sensitive assets that customers manage.

• Defender for Cloud = security posture, recommendations, and protections
• Key Vault = secrets, keys, and certificates
• Service trust concepts = transparency around security, privacy, and compliance

Exam Tip: If the scenario mentions storing passwords, connection strings, certificates, or cryptographic keys, choose Key Vault. If it mentions identifying risks, hardening configurations, or improving secure score or recommendations, choose Defender for Cloud.

A classic trap is choosing Key Vault whenever the prompt includes the word “security.” Read carefully: security storage and security monitoring are not the same thing. The exam often uses broad wording to see whether you can identify the exact function being tested.

Section 4.4: Azure portal, Azure CLI, Azure PowerShell, Cloud Shell, and Azure Arc overview

AZ-900 expects you to recognize the main Azure management tools and know when each one is appropriate at a basic level. The Azure portal is the browser-based graphical interface for creating, configuring, and monitoring resources. It is beginner-friendly and ideal for visual exploration. If a scenario mentions using a web interface to manage Azure resources, the portal is the likely answer.

Azure CLI is a command-line tool designed for cross-platform use and is commonly favored by users who prefer shell commands, automation, or scripting in environments such as Bash. Azure PowerShell provides similar management capability but through PowerShell cmdlets, often preferred by administrators already working in PowerShell-based environments. The exam is usually not testing syntax. It is testing whether you know that both tools support command-line management, but one is CLI-oriented and one is PowerShell-oriented.

Azure Cloud Shell is a browser-accessible shell environment that lets you run Azure CLI or PowerShell without installing tools locally. This is a favorite fundamentals topic because it cleanly distinguishes local installation from an Azure-hosted command environment. If a question mentions managing Azure from a browser command line without preinstalling the tools, Cloud Shell is the correct match.

Azure Arc extends Azure management capabilities to resources outside traditional Azure boundaries, such as on-premises servers or resources in other environments. The exam typically tests Arc at the recognition level: it helps manage non-Azure or hybrid resources using Azure’s management approach. If a prompt refers to bringing external infrastructure under Azure management and governance, Arc is a strong clue.

Exam Tip: Match the management style first. GUI in a web browser points to Azure portal. Command-line automation points to Azure CLI or Azure PowerShell. Browser-based shell with no local setup points to Cloud Shell. Hybrid or multienvironment resource management points to Azure Arc.

Common traps include confusing Cloud Shell with the Azure portal. Cloud Shell can be launched from the portal, but it is specifically a shell environment for command execution. Another trap is assuming Azure Arc means “moving” resources into Azure. Arc is about management and control, not necessarily migration or hosting those resources directly in Azure.

Section 4.5: Infrastructure as code and deployment basics with ARM templates and Bicep

Infrastructure as code is a core cloud concept because it supports consistency, automation, and repeatable deployment. In Azure, ARM templates and Bicep are fundamental deployment technologies that appear in the exam objectives. Azure Resource Manager, or ARM, is the deployment and management service for Azure. ARM templates are JSON-based files that define the resources you want to deploy and their configuration. At the AZ-900 level, you should know that ARM templates help create resources in a repeatable and declarative way.

Bicep is a newer, simpler language for defining Azure deployments. It is designed to be easier to read and author than raw JSON templates while still supporting the same Azure Resource Manager deployment model. The fundamentals exam usually tests this distinction at a very high level: ARM templates are the original JSON-based format, while Bicep offers a cleaner authoring experience for the same general purpose.

Why does this matter for the exam? Because questions often describe a need to deploy the same environment repeatedly, standardize resource creation, reduce manual configuration errors, or version deployment definitions. Those are all strong infrastructure-as-code signals. In such cases, ARM templates or Bicep are stronger answers than the Azure portal because templates support consistency and automation better than clicking through screens manually.

You may also see the term “declarative.” Declarative deployment means you define the desired end state, and Azure handles the provisioning steps. That is different from scripting each step manually in an imperative style. You do not need advanced terminology beyond this, but understanding the difference can help you identify the correct answer.

• ARM templates: JSON-based, declarative Azure deployments
• Bicep: simpler language for authoring Azure deployments
• Main benefit: repeatable, consistent, automated provisioning

Exam Tip: If the scenario mentions standardization, repeatability, version control, or deploying identical environments many times, think infrastructure as code. If both ARM templates and Bicep appear as choices, remember that Bicep is the simpler authoring experience built for Azure deployments.

A common trap is choosing Azure CLI or PowerShell for every automation scenario. Those tools can automate tasks, but if the question specifically emphasizes defining infrastructure consistently as code, ARM templates or Bicep are usually the best match.

Section 4.6: Exam-style practice set for service selection, identity, and management tools

This final section is about how to think like the exam. AZ-900 service selection questions are usually short, but they are packed with keywords. Your job is to identify the dominant requirement, reject distractors that are related but not exact, and avoid reading extra assumptions into the scenario. At the fundamentals level, Microsoft is usually testing whether you know the primary purpose of each service.

For identity scenarios, look for whether the problem is about proving identity, assigning permissions, or enforcing sign-in conditions. Authentication maps to identity verification. Authorization maps to access rights. Conditional Access maps to rule-based sign-in requirements. For management tool scenarios, decide whether the user wants a graphical browser experience, command-line control, browser-based shell access, or hybrid resource management. For deployment scenarios, determine whether the need is manual management or repeatable infrastructure as code.

For service category questions, classify the workload before selecting a service family. Connected devices suggest IoT. Predictive custom models suggest machine learning. Prebuilt intelligent features such as speech or vision suggest AI services. Security recommendations suggest Defender for Cloud. Secret storage suggests Key Vault. These distinctions are simple on purpose, but the exam often places plausible distractors nearby to see if you can stay disciplined.

Exam Tip: Use elimination aggressively. If an answer manages access but the scenario is about storing secrets, eliminate it. If an answer deploys resources but the scenario is about sign-in control, eliminate it. Fundamentals exams reward narrowing choices by function.

Another useful strategy is keyword pairing. Pair “MFA,” “single sign-on,” or “sign-in” with Microsoft Entra ID. Pair “Reader,” “Contributor,” or “Owner” with RBAC. Pair “recommendations” or “posture” with Defender for Cloud. Pair “certificate,” “secret,” or “key” with Key Vault. Pair “browser shell” with Cloud Shell. Pair “repeatable deployment” with ARM templates or Bicep.

The biggest trap in this chapter is choosing an answer that is technically related to Azure but not the best fit for the stated requirement. Real Azure environments use many services together, but AZ-900 questions usually test one dominant concept at a time. Read carefully, identify the single most direct match, and trust the fundamentals. That discipline is what turns broad familiarity into exam confidence.

Section 5.1: Governance tools: Azure Policy, resource locks, tags, and management groups

Azure governance tools help organizations standardize deployments, reduce risk, and keep resources aligned with business rules. For AZ-900, you should know the purpose of four core tools: Azure Policy, resource locks, tags, and management groups. The exam commonly presents a business requirement and asks which feature best fits. Your task is to match the requirement to the tool, not to remember implementation detail.

Azure Policy is used to enforce or assess compliance rules across resources. It can require allowed locations, restrict resource types, ensure tags are present, or audit whether resources comply with standards. If the question says an organization wants to make sure resources follow rules automatically, Azure Policy is a strong answer. Policy is about governance at scale. It can deny noncompliant deployments, audit existing resources, or append settings in some scenarios. The key idea: Policy evaluates resources against rules.

Resource locks are more limited but very important. A lock protects resources from accidental change. There are two common lock types tested at the fundamentals level: delete locks and read-only locks. If a question asks how to prevent accidental deletion of a resource, choose a resource lock, not Azure Policy. This is one of the biggest exam traps in the chapter. Policy can govern behavior, but a lock specifically protects against unwanted modification or deletion.

Tags are metadata labels applied to Azure resources. They are commonly used for cost tracking, organization, automation, and reporting. Typical tag values might include department, environment, owner, or cost center. If the exam asks how to group costs by department without changing the resource hierarchy, tags are usually the best answer. Tags do not enforce compliance by themselves, although Azure Policy can require them.

Management groups sit above subscriptions in the Azure hierarchy. They allow you to organize multiple subscriptions and apply governance, such as policies and role-based access, at a higher level. If a company has many subscriptions and wants consistent governance across them, management groups are the correct tool. This is not the same as a resource group, which organizes resources within a subscription.

• Azure Policy: enforce or audit standards
• Resource locks: prevent accidental deletion or modification
• Tags: label resources for organization and cost reporting
• Management groups: organize subscriptions and apply governance at scale

Exam Tip: If the keyword is enforce standards, think Azure Policy. If the keyword is prevent deletion, think resource lock. If the keyword is track by department or environment, think tags. If the keyword is govern multiple subscriptions, think management groups.

A classic mistake is choosing resource groups when the requirement is about applying controls across several subscriptions. Resource groups are below subscriptions, while management groups are above them. Another trap is assuming tags can stop deployments. They cannot; they describe resources, but Azure Policy can require their presence.

Section 5.2: Cost management concepts: pricing factors, calculators, budgets, and total cost of ownership

Cost management is heavily tested in AZ-900 because Azure uses a consumption-based pricing model. You are expected to understand what affects cost, how Microsoft provides estimation tools, and how organizations can monitor and control spending. The exam does not usually expect complex calculations, but it does expect sound interpretation.

Pricing factors include resource type, usage amount, region, performance tier, storage redundancy option, outbound data transfer, and licensing model. For example, running a virtual machine longer increases cost, choosing a more powerful SKU increases cost, and storing data in a higher-performance or more redundant option may cost more. Geography also matters because services can have different prices in different Azure regions. Questions may describe two options and ask which would likely cost more. Focus on scale, duration, and premium features.

The Pricing Calculator is used before deployment to estimate Azure costs. This is the right tool when the scenario asks how a business can forecast monthly expenses for planned resources. The Total Cost of Ownership, or TCO, Calculator is different. It compares estimated on-premises costs with Azure costs to help justify migration decisions. This distinction appears often in exam-prep materials because both tools involve cost, but they serve different purposes.

Budgets are part of cost control. A budget lets an organization set a spending threshold and receive alerts when costs approach or exceed that amount. A budget does not automatically cap usage in the same way a prepaid phone plan might cap spending. That misunderstanding is a common trap. A budget is mainly for visibility and alerting, though organizations can pair budget alerts with automation workflows.

Azure Cost Management helps analyze current and historical spending, identify trends, and allocate costs. It works well with tags and scopes such as subscriptions and resource groups. If the exam asks how to review where money is being spent after resources are already deployed, Cost Management is likely the right answer.

Exam Tip: “Estimate before deployment” usually points to the Pricing Calculator. “Compare Azure with on-premises” points to the TCO Calculator. “Track and alert on spending” points to budgets and Cost Management.

Another trap is confusing price with total cost. Azure service price is one piece of the picture, but total cost may include support, networking, software licensing, operations, and migration impact. Read the scenario carefully. If a question references migration planning or business case analysis, TCO is more likely than simple pricing estimation.

Section 5.3: Service level agreements, service lifecycle, and preview vs generally available services

AZ-900 expects you to understand reliability commitments and the maturity of Azure services. This includes service level agreements, or SLAs, along with the difference between preview services and generally available services. Many students miss questions here because they remember the terms but not the business meaning.

An SLA is Microsoft’s commitment regarding service uptime and connectivity, usually expressed as a percentage over a billing period. The exam may test the concept rather than exact percentages. A higher SLA generally means a smaller acceptable amount of downtime. Questions often focus on how organizations can improve availability by designing for redundancy. For example, using multiple instances or distributing workloads can improve uptime expectations compared with relying on a single instance.

Be careful: an SLA is not the same thing as a service guarantee that your application will never fail. It is a contractual service commitment. Also, the overall solution availability depends on architecture. Even if a service has a strong SLA, poor design choices can still leave the application vulnerable.

The service lifecycle matters too. Preview services are available for evaluation and testing but typically come with limited or no SLA commitments and may not be recommended for production workloads. Generally available, or GA, services are fully released for production use, with standard support expectations. On the exam, if the requirement emphasizes production readiness, predictable support, or formal reliability commitment, GA is usually the safer choice.

Questions may ask which service stage is appropriate for experimentation. In that case, preview is likely correct. If the question is about minimizing operational risk in a business-critical environment, preview is likely the wrong answer. Microsoft wants you to understand that release maturity affects supportability and risk tolerance.

Exam Tip: Preview means try, test, evaluate. GA means stable, production-ready, and supported under normal release expectations.

A frequent trap is choosing preview because it sounds newer or more advanced. Newer does not mean better for production. Another trap is assuming SLA applies to every service equally. Some services may have different SLA conditions, and architecture decisions can influence the effective availability of your application. Read for keywords like uptime commitment, production workload, redundancy, or formal support.

Section 5.4: Monitoring tools: Azure Advisor, Service Health, Azure Monitor, and Log Analytics basics

Azure provides several monitoring-related tools, and AZ-900 often tests whether you can tell them apart. This is one of the most practical areas in the governance objective because each tool answers a different type of operational question. The names are familiar, which makes distractors effective.

Azure Advisor provides best-practice recommendations. It evaluates your deployed resources and suggests improvements related to reliability, security, performance, operational excellence, and cost. If a question asks which Azure service recommends ways to reduce cost or improve reliability, Azure Advisor is the correct answer. Advisor is not a raw telemetry platform; it is a recommendation engine.

Azure Service Health focuses on Azure platform issues and planned maintenance that may affect your services. It tells you about incidents, maintenance events, and advisories relevant to your subscriptions and regions. If a workload is impacted because of a Microsoft-side outage, Service Health is the right place to check. This differs from Azure Monitor, which collects and analyzes telemetry from your resources and applications.

Azure Monitor is the broad monitoring platform for metrics, logs, alerts, and insights. It helps track performance and health over time. If the requirement is to collect data from resources, trigger alerts, or visualize trends, Azure Monitor is the correct fit. In simple terms, Monitor watches what is happening in your environment.

Log Analytics is closely related. It is used to query and analyze log data, often through a Log Analytics workspace. On the exam, you do not need deep query syntax, but you should know that Log Analytics supports investigation and analysis of collected log data. Think of Azure Monitor as the broader monitoring service and Log Analytics as a major analysis component used with logs.

• Azure Advisor: recommendations for improvement
• Service Health: Microsoft service issues and planned maintenance
• Azure Monitor: metrics, logs, alerts, and telemetry
• Log Analytics: query and analyze log data

Exam Tip: If the question asks “What should you check when Azure itself has an outage in your region?” choose Service Health. If it asks “Which tool suggests cost-saving changes?” choose Advisor.

A common trap is confusing Service Health with Monitor alerts. Service Health tells you about Azure platform events; Azure Monitor helps you detect conditions in your own resources. Another trap is treating Advisor as a monitoring dashboard. Advisor recommends actions, but it does not replace telemetry collection and alerting.

Section 5.5: Compliance, privacy, and trust concepts in Azure governance

Compliance, privacy, and trust are important in AZ-900 because cloud adoption is not only a technical decision but also a legal and governance decision. Microsoft wants candidates to understand how Azure helps organizations meet regulatory and security expectations, even though the customer still retains responsibilities under the shared responsibility model.

Compliance refers to meeting standards, laws, and regulatory frameworks. Azure supports many compliance offerings and provides documentation and reports that organizations can use during audits and assessments. On the exam, you are not usually asked to memorize long lists of certifications. Instead, you are expected to know that Microsoft offers compliance resources and that customers can review trust and compliance information through Microsoft documentation and portals.

Privacy relates to how customer data is handled, stored, and processed. Trust in Azure is supported by transparency, security controls, privacy commitments, and compliance attestations. Questions in this area often test whether you know that Microsoft provides information to help customers evaluate Azure, but customers are still responsible for configuring services appropriately and meeting their own obligations.

From a governance perspective, compliance is not only about external regulations. Internal corporate standards also matter. This is where Azure Policy, management groups, access control, and monitoring all support a broader governance strategy. The exam sometimes blends these topics. A question may describe an organization that must align resource deployment with legal or internal policy requirements. The correct answer often combines the idea of governance enforcement and compliance support.

Exam Tip: If the question asks about Microsoft’s role in providing evidence, standards support, and trust documentation, think compliance resources and Azure trust-related information. If it asks who is responsible for configuring data access or resource settings, remember the customer still has responsibilities.

One trap is assuming that moving to Azure automatically makes an organization compliant. Azure provides tools, certifications, and support, but compliance is shared and depends on how services are used. Another trap is confusing security features with compliance status. Security controls help, but compliance also includes process, regulation, documentation, and governance.

Section 5.6: Exam-style practice set for Describe Azure management and governance

This final section is about test-taking strategy for management and governance questions. Since this book chapter does not include direct quiz items in the body, use this section as a method guide for how to approach the practice bank. In AZ-900, governance questions are usually short scenarios with one decisive keyword. Your goal is to identify that keyword, connect it to the right Azure feature, and eliminate the distractors.

Start with keyword analysis. If the scenario says enforce, require, restrict, or audit standards, Azure Policy should move to the top of your list. If it says prevent deletion or stop accidental changes, resource locks are stronger than Policy. If it says organize costs by department, owner, or environment, tags become the likely answer. If it says across multiple subscriptions, think management groups.

For pricing questions, separate planning tools from operational tools. Forecasting the cost of a future deployment points to the Pricing Calculator. Comparing on-premises expenses with Azure points to the TCO Calculator. Tracking current spending and receiving alerts points to budgets and Cost Management. For monitoring, separate Microsoft-side issues from customer-side telemetry. Service Health is about Azure platform events; Azure Monitor is about your resource metrics and logs; Advisor gives recommendations.

For SLA and lifecycle questions, look for words like production, preview, uptime, support, and availability. Production-ready usually suggests generally available services. Experimental or evaluation scenarios suggest preview. If a question mentions uptime commitments, think SLA and remember that architecture affects the real result.

Exam Tip: On AZ-900, the wrong answers are often partially true. Eliminate choices by asking, “Is this the best Azure service for the stated requirement?” not “Could this tool be related somehow?”

Common traps include confusing Azure Monitor with Azure Advisor, resource groups with management groups, and budgets with hard spending caps. Another trap is overthinking. Fundamentals questions are generally testing the primary purpose of a service. When torn between two answers, choose the one most directly aligned with the business requirement in the prompt.

As you practice the question bank, build a quick mental map: govern with Policy and locks, organize with tags and management groups, estimate with calculators, control with budgets, monitor with Monitor and Service Health, improve with Advisor, and evaluate reliability with SLA and lifecycle terms. That map mirrors how the exam domain is structured and will help you answer with confidence.

Section 6.1: Full-length mixed-domain mock exam set one

Your first full-length mixed-domain mock exam should be taken under realistic timing and without interruption. The purpose of set one is diagnostic. You are measuring not just your score, but your behavior: where you rush, where you overthink, and which domains produce uncertainty. Because AZ-900 mixes objectives, this practice set should force you to shift quickly among cloud concepts, Azure services, and governance topics. That switching is important because many candidates perform well in topic-by-topic review but lose accuracy when questions are interleaved.

As you complete the set, label each item mentally by domain before choosing an answer. For example, ask whether the item is really about cloud models, core architecture, a specific Azure service, resource organization, or cost and monitoring. This habit anchors your thinking to the exam objective and reduces distractor impact. When you identify a question as a governance item, you are less likely to be tempted by an answer that names a compute service. When you identify an identity-related question, you can immediately narrow your choices toward Microsoft Entra capabilities instead of networking or storage tools.

Exam Tip: If two answers look plausible, compare them against the exact requirement in the stem. Words like most cost-effective, best for compliance, automatically scales, or provides recommendations usually decide the outcome.

In this first set, pay special attention to classic AZ-900 traps:

• Confusing high availability with scalability
• Confusing Azure Policy with Azure RBAC
• Confusing Azure Monitor with Azure Service Health or Azure Advisor
• Confusing resource groups with subscriptions or management groups
• Confusing IaaS, PaaS, and SaaS when responsibility boundaries are tested

Do not review answers one by one immediately after each item. That breaks the simulation and inflates performance. Finish the entire set first, then mark three categories in your review notes: correct and confident, correct but guessed, and incorrect. The second category matters most, because guessed correct answers often reveal unstable understanding that can easily flip on the real exam. Set one is not your final judgment; it is your baseline for targeted correction before moving into the second mock exam.

Section 6.2: Full-length mixed-domain mock exam set two

The second full-length mixed-domain mock exam is not simply a repeat of the first. It is a validation exam. After reviewing set one, you should retake a fresh set to confirm whether your corrections actually improved performance. This is where exam confidence becomes data-driven. If your score rises and your number of uncertain guesses falls, you are building readiness. If your score stays flat, the issue is usually not memory but pattern recognition. That means you may still be missing the tested objective behind the wording.

Use set two to sharpen scenario reasoning. AZ-900 frequently asks you to identify the Azure service or concept that best matches a business need. The exam often gives straightforward needs rather than deeply technical requirements. Look for direct clues. References to global deployment and region selection point toward Azure geography and regional architecture. References to storing unstructured data point toward Blob Storage. References to secure sign-in across apps point toward identity services. References to budgeting, alerts, and spending visibility point toward cost management features rather than governance policy tools.

Exam Tip: In fundamentals exams, resist adding facts that are not stated. Answer from the scenario as written. If the item does not mention advanced networking or custom administration needs, a simpler managed service answer is often more likely.

During set two, track timing more carefully. Candidates who know the material still lose points when they linger too long on one uncertain item. Build the discipline to choose, flag mentally if needed, and move on. Most AZ-900 questions can be answered quickly if you identify the keyword and eliminate distractors. Long hesitation usually means you are comparing all options equally instead of ruling out obvious mismatches first.

Finally, compare your domain performance from set one and set two. A good final review does not only ask, “What was my score?” It asks, “Which domain is now stable, and which still breaks down under pressure?” This distinction matters because a passing candidate is usually not perfect everywhere; they are strong enough overall and avoid major collapse in any one tested area.

Section 6.3: Detailed answer rationales and objective-by-objective review

The value of a mock exam comes from the review process, not the score alone. Detailed answer rationales should be organized by objective so you can connect each mistake to the exam blueprint. If you miss a cloud concepts item, determine whether the error came from misunderstanding cloud models, shared responsibility, or pricing. If you miss an architecture and services item, identify whether the weakness is compute, networking, storage, identity, or resource hierarchy. If you miss a governance item, classify whether the issue is policy, compliance, cost management, or monitoring.

Strong review means explaining the wrong choices, not just memorizing the right one. For example, if a rationale confirms Azure Policy, you should also understand why Azure RBAC is different: RBAC controls who can do what, while Policy controls what is allowed or required for resources. If a rationale confirms Azure Monitor, you should know why Azure Service Health is not the same thing: Service Health focuses on Azure service issues and planned maintenance affecting your environment, while Monitor is broader telemetry and observability. These distinctions are exactly what the exam tests.

Exam Tip: Write one-line contrast notes during review. Example: “Advisor = recommendations, Monitor = metrics/logs, Service Health = Azure incidents, Policy = compliance rules, RBAC = permissions.” These quick contrasts are high-value memory anchors.

Your objective-by-objective review should also look for recurring reasoning errors. Common ones include selecting the most familiar product name, ignoring a limiting keyword such as managed or serverless, and confusing organizational scope levels. Microsoft often tests the hierarchy from management groups to subscriptions to resource groups to resources. If that hierarchy feels automatic, many questions become easier immediately.

A final best practice is to convert every incorrect answer into a mini-lesson. Instead of writing “got this wrong,” write “missed because I confused governance control with security monitoring,” or “chose IaaS when scenario clearly described a managed platform.” That level of reflection closes gaps faster than passive rereading.

Section 6.4: Identifying weak areas across cloud concepts, architecture, services, and governance

Weak spot analysis is the bridge between practice and improvement. Many candidates review by reading everything again, but that wastes time late in the preparation cycle. Instead, categorize your performance across the major AZ-900 domains and look for patterns. In cloud concepts, weak areas often include shared responsibility, distinguishing public/private/hybrid cloud, and understanding consumption-based pricing. In Azure architecture and services, common trouble spots are compute service selection, storage type recognition, network terminology, and the resource hierarchy. In governance, the usual weak areas are Azure Policy versus RBAC, cost management versus pricing calculators, and the different monitoring tools.

A useful method is to score yourself on confidence, not just correctness. A topic where you answer correctly but without confidence still needs review. That is especially true for similar services. If you frequently pause between virtual machines, containers, and serverless options, or between Blob Storage and managed disk storage, your conceptual map needs tightening. The exam does not require deep deployment knowledge, but it does expect you to know the primary purpose of each service family.

Exam Tip: Target weak areas with focused contrast review. Study services in pairs or groups that are commonly confused instead of reading isolated definitions.

Build a short remediation list using categories such as:

• Concept confusion: IaaS vs PaaS vs SaaS, OpEx vs CapEx
• Service confusion: VMs vs containers vs Azure Functions
• Governance confusion: Policy vs RBAC vs locks
• Monitoring confusion: Monitor vs Advisor vs Service Health
• Hierarchy confusion: management groups vs subscriptions vs resource groups

Once weak areas are identified, revisit only the related notes, course summaries, and missed rationales. Then test again with a small mixed review block. Improvement should be measurable. If not, simplify the topic to one sentence: what problem does this service or concept solve? That question often reveals whether you truly understand the item at the level AZ-900 expects.

Section 6.5: Final revision checklist, memory triggers, and last-week preparation plan

Your final revision should be structured, light enough to preserve confidence, and focused on high-yield objectives. In the last week, the goal is not volume; it is clarity. Start with a checklist tied directly to the exam domains. Can you explain cloud models in plain language? Can you define shared responsibility at a high level? Can you identify core Azure services for compute, networking, storage, and identity? Can you distinguish governance and monitoring tools without hesitation? If any answer is “not consistently,” that topic belongs on the front of your final review list.

Memory triggers are especially helpful at this stage. Use short phrases that force recall. For instance: “RBAC = who; Policy = what.” “Advisor recommends; Monitor observes.” “Management groups organize subscriptions above them.” “Blob = object storage.” “Functions = event-driven serverless code.” “Availability supports uptime; scalability supports growth.” These compressed reminders are easier to carry into the exam than long notes.

Exam Tip: In the last 48 hours, prioritize review of contrasts, definitions, and common traps. Avoid marathon study sessions that create fatigue and second-guessing.

A practical last-week plan looks like this:

• Seven to five days before: complete final full mock exam and analyze mistakes
• Four to three days before: review weak domains only, especially similar services and governance tools
• Two days before: read summary notes, memory triggers, and key comparisons
• One day before: light review only, confirm logistics, and rest

Also prepare mentally for the style of the exam. AZ-900 questions are often simpler than candidates fear, but only if read carefully. Many wrong answers come from reading too fast and answering what you expected rather than what was asked. Your final revision should therefore include deliberate reading practice: underline mentally the requirement, scope, and purpose in each scenario before deciding.

Section 6.6: Exam day timing, confidence strategies, and post-exam next steps

Exam day performance depends on routine as much as knowledge. Begin with a calm setup: arrive early if testing in person, or verify your environment and system requirements in advance if testing online. Have identification ready, remove distractions, and avoid last-minute cramming. The best mindset is steady recall, not panic review. You have already done the heavy lifting in your mock exams and targeted remediation.

During the exam, read each question carefully and identify the tested objective first. Then look for the deciding keyword. If you know the answer, choose it and move on. If unsure, eliminate clearly wrong choices before comparing the remaining options. This preserves time and reduces cognitive load. Avoid changing answers without a concrete reason. First instincts are often correct when they are based on practiced recognition rather than impulse.

Exam Tip: Confidence on AZ-900 comes from process. When uncertain, use the same sequence every time: identify domain, find keyword, eliminate mismatches, choose the best-fit answer.

Manage timing by keeping a steady pace. Do not let one difficult item consume the focus needed for several easier ones. A fundamentals exam usually contains many questions that can be answered efficiently if you stay disciplined. If anxiety rises, pause for one breath and return to the wording in the stem. The answer is usually in the requirement, not in advanced technical speculation.

After the exam, record your impressions while they are fresh. Whether you pass immediately or plan a retake, note which areas felt strongest and which still seemed uncertain. If you pass, your next step may be an associate-level Azure path or a role-based certification aligned to administration, data, security, or AI. If you do not pass, use the score report diagnostically rather than emotionally. Return to the weak domains, refresh your service contrasts, and retake another mixed mock set. Fundamentals mastery is built through precise review, and this chapter has given you the framework to finish strong.