AZ-900 Practice Test Bank: 200+ Questions

Section 1.1: AZ-900 exam purpose, audience, and certification value

AZ-900, Microsoft Azure Fundamentals, is designed to validate foundational knowledge of cloud computing and core Azure services. It is not a hands-on administrator exam, and it does not assume deep implementation experience. Instead, it tests whether you can describe concepts accurately, recognize appropriate Azure solutions, and understand how Azure fits into governance, pricing, compliance, and support discussions. This makes the exam ideal for beginners, career changers, students, technical sales professionals, project managers, and IT staff who need Azure literacy before moving into role-based certifications.

From an exam perspective, Microsoft is not asking whether you can deploy a production environment from memory. It is asking whether you can distinguish concepts such as elasticity versus scalability, capital expenditure versus operational expenditure, and IaaS versus PaaS versus SaaS. It also expects you to identify major Azure services and architectural components at a high level. Common traps happen when candidates overcomplicate the question and assume advanced administration knowledge is required. Usually, the test rewards the simplest correct conceptual match.

The certification has real value because it creates a common language around Azure. For employers, it signals that you understand cloud fundamentals and can participate in Azure-related conversations without confusing core services or governance tools. For learners, it provides a structured starting point before pursuing more advanced Azure certifications. Exam Tip: Do not dismiss AZ-900 as “just fundamentals.” Microsoft often uses closely related service names and feature descriptions, so a surface-level understanding can still lead to wrong answers. Learn the purpose of each major service well enough to eliminate distractors confidently.

Another important point is that AZ-900 maps to business and technical scenarios. Questions may describe an organization that wants lower upfront costs, faster deployment, better resiliency, or identity management across services. The exam then checks whether you can connect those needs to cloud benefits or Azure offerings. To prepare well, focus on understanding why a service exists, not only what it is called. That approach will pay off throughout the rest of this course.

Section 1.2: Official exam domains and weightings overview

The AZ-900 blueprint is your master study map. Microsoft organizes the exam into three major domains: Describe cloud concepts, Describe Azure architecture and services, and Describe Azure management and governance. Although Microsoft can revise percentages over time, the architecture and services domain typically carries the greatest weight, meaning it often deserves the largest share of your study time. However, that does not mean you should neglect cloud concepts or governance. Because AZ-900 is foundational, every domain contributes to your overall score.

The cloud concepts domain covers principles that appear repeatedly across the exam. Expect shared responsibility, cloud models such as public, private, and hybrid, and cloud service types including IaaS, PaaS, and SaaS. These are classic exam areas because Microsoft can test them through direct definition questions or through short business scenarios. A common trap is confusing who manages what in each service model. If the question asks about operating systems, runtime environments, or applications, read carefully to identify which layer belongs to the provider and which remains the customer’s responsibility.

The Azure architecture and services domain is broad. It includes core architectural components such as regions, region pairs, availability zones, subscriptions, management groups, and resource groups, along with major products in compute, networking, storage, and identity. Because this domain contains many service names, candidates often try to memorize isolated facts. A better strategy is to group services by purpose. For example, know which services provide compute, which connect networks, which store data, and which manage identity and access.

The management and governance domain includes cost management, service-level agreements, compliance concepts, resource governance, monitoring, and deployment tools. These topics are highly testable because they connect technical operations with business control. Exam Tip: When Microsoft asks about governance, think in terms of organizing, controlling, monitoring, and optimizing Azure resources. When it asks about architecture and services, think in terms of what the service does and when it is appropriate.

Your study plan should follow the blueprint directly. Spend the most time on the highest-weighted topics, but review all domains in cycles. Strong candidates do not study until topics feel familiar; they study until they can identify why each wrong answer is wrong.

Section 1.3: Registration process, delivery options, and identification requirements

Registering for AZ-900 is straightforward, but the details matter. Candidates typically schedule through Microsoft’s certification portal, which directs them to the exam delivery provider. During registration, you will select a language, date, and delivery method. Usually, you can choose either a test center appointment or an online proctored exam, depending on availability in your region. Select the option that best fits your environment and confidence level. A test center offers a controlled setting, while online proctoring offers convenience but requires strict compliance with workspace and identification rules.

If you choose online delivery, you must prepare your device, internet connection, webcam, microphone, and testing area in advance. Most delivery providers require a quiet private room, a clean desk, and no unauthorized materials nearby. You may be asked to scan the room or take photos before launch. These requirements are not minor technicalities. Candidates can be delayed or denied if the setup does not meet policy. At a test center, the environment is standardized, but you still need to arrive early and follow check-in procedures carefully.

Identification rules are especially important. Your registration name should match your government-issued identification exactly or as closely as required by the provider’s policy. Mismatches can create stressful delays or prevent admission. Review the current ID requirements before exam day rather than assuming your usual documents are acceptable. Exam Tip: Administrative mistakes can ruin a well-prepared attempt. Verify your account name, appointment time, time zone, and delivery instructions several days before the exam.

Another practical point is accommodations and scheduling flexibility. If you need exam accommodations, request them early because approvals can take time. Also, avoid scheduling your exam too soon after beginning study just because an open slot is available. Your goal is not simply to sit the exam; your goal is to pass with confidence. Choose a date that gives you enough time to complete the domains, review weak topics, and take full mock exams under timed conditions.

Section 1.4: Exam format, question types, scoring model, and passing strategy

AZ-900 is a Microsoft fundamentals exam, so expect a mix of straightforward conceptual items and scenario-based questions that test whether you can apply definitions correctly. You may see standard multiple-choice items, multiple-select questions, matching-style interactions, and short scenario sets. The precise number and style of questions can vary, and Microsoft may include unscored items. That uncertainty is one reason you should not try to calculate your result during the exam. Focus instead on answering each question accurately and consistently.

Microsoft uses a scaled scoring model, and the commonly published passing score is 700 on a scale of 100 to 1000. Candidates often misunderstand this and assume it means they need 70 percent raw accuracy. That is not necessarily how scaled scoring works. Different forms may vary, and not all items are weighted identically in the way candidates imagine. The practical takeaway is simple: aim well above the minimum. A passing strategy should target broad competence, not borderline survival.

Because this exam emphasizes recognition and distinction, success depends heavily on careful reading. Many wrong answers are near matches. One option may describe a real Azure service, but not the one that solves the exact problem in the prompt. Another may describe a cloud concept that is true in general, but too broad or too narrow for the scenario. Common traps include confusing Azure Policy with role-based access control, availability zones with regions, or CapEx/OpEx reasoning in cloud adoption questions.

Exam Tip: Before looking at answer choices, identify the category being tested. Is the question about cloud service models, identity, storage, governance, or pricing? This prevents you from being distracted by familiar but irrelevant terms. Then eliminate options that are technically real but conceptually mismatched.

Your passing strategy should include three habits: first, answer from definitions, not guesses; second, mark and move if you are stuck; third, use later review time to compare remaining choices against the exact wording of the prompt. AZ-900 rewards disciplined thinking much more than speed memorization.

Section 1.5: Time management, retake guidance, and test-day readiness

Time management on AZ-900 is usually less about racing and more about staying composed. Candidates who know the material often lose time by overthinking simple items or rereading questions after they have already identified the correct concept. Set a steady pace from the beginning. If a question seems confusing, isolate the key term or business requirement, choose the best available answer, mark it if the interface allows, and move on. Spending too long on one item can create pressure later and reduce accuracy on easier questions.

On the days leading up to the exam, shift your preparation from heavy content intake to light review and mental organization. Review your summary notes, core domain categories, and commonly confused services. Avoid cramming dozens of new details at the last minute. Fatigue and cognitive overload increase the chance of falling for distractors. For test-day readiness, confirm your appointment, identification, route or login steps, and allowed materials in advance. With online delivery, run the system check early rather than minutes before the session.

Retake planning also matters. Even though your goal is to pass on the first attempt, you should understand that retake policies exist and may involve waiting periods after unsuccessful attempts. Knowing this can reduce panic because one exam result does not define your long-term progress. However, do not rely on retakes as a strategy. The better approach is to treat your first attempt as the result of a complete preparation cycle.

Exam Tip: Build a calm pre-exam routine. Sleep well, arrive or log in early, and avoid intense last-minute discussions with other learners. Confidence comes from repetition and readiness, not from last-hour memorization.

If anxiety rises during the exam, return to the structure of the blueprint. Ask yourself which domain the question belongs to and what Microsoft is really testing. That simple reset can keep you from spiraling into second-guessing and help you finish the exam with a clear head.

Section 1.6: How to study with practice banks, rationales, and review cycles

A practice test bank is one of the best tools for AZ-900 preparation, but only if you use it correctly. The purpose of practice questions is not to memorize answer patterns. It is to expose your weak areas, reveal language traps, and teach you how Microsoft frames foundational concepts. Every time you answer a question, the real learning begins after you submit it. You should review not only why the correct answer is correct, but also why the distractors are wrong. That comparison builds the discrimination skill AZ-900 depends on.

Start with untimed topic-based practice after each study block. For example, after reviewing cloud concepts, answer a set focused on cloud models, shared responsibility, and service types. Then review all rationales carefully, especially on questions you answered correctly for the wrong reason or guessed on. Many candidates make the mistake of reviewing only their incorrect responses. That leaves hidden weaknesses untouched. A correct answer with weak reasoning is still a risk on exam day.

As your knowledge improves, move into mixed-domain sets to simulate the way the real exam jumps between topics. This helps train retrieval and context switching. Later, take full mock exams under timed conditions. Use your score reports to identify patterns: Are you missing governance tools? Confusing storage options? Rushing through identity questions? Those patterns should drive your next review cycle.

A strong review cycle follows a simple process: study a domain, practice questions, review rationales, revisit notes or official learning content, then retest on the same area a few days later. Exam Tip: Track mistakes by category, not just by score. A 78 percent mock score is less useful than knowing you repeatedly confuse Azure Policy, RBAC, and management groups.

Finally, space your review. Do not do all 200+ practice items in one pass and assume you are ready. Repetition over time improves retention and exposes whether knowledge is durable. The goal is to reach the point where you can read a Microsoft-style question, identify the domain immediately, eliminate distractors with confidence, and choose the best answer for the exact scenario presented. That is exam readiness.

Section 2.1: Describe cloud concepts and the value proposition of cloud computing

Cloud computing refers to delivering IT resources and services over the internet on demand. Instead of buying and maintaining every server, storage device, networking component, and software platform in a local datacenter, organizations can consume these capabilities from a cloud provider. For AZ-900, Microsoft wants you to understand why this model is attractive: speed, flexibility, reduced infrastructure management, global access, and the ability to align costs with usage.

The value proposition is usually framed in business terms. Organizations move to the cloud to reduce time-to-deploy, improve resilience, support remote work, expand globally, and avoid large upfront hardware investments. In exam language, this often appears as a company wanting to provision environments faster, respond to demand spikes, or reduce the burden of maintaining physical infrastructure. If the scenario focuses on faster innovation and less hardware maintenance, cloud is the direction Microsoft wants you to recognize.

Another important concept is that cloud enables standardization and repeatability. Services can be provisioned consistently, often through templates and portals, which improves operational efficiency. Although AZ-900 is not deeply technical, it expects you to know that cloud computing supports modern IT practices by making resources available quickly and predictably.

• On-demand access to computing resources
• Reduced need to purchase physical hardware
• Rapid deployment and global reach
• Flexible consumption based on current needs
• Provider-managed infrastructure at varying levels

A common exam trap is confusing “cloud” with “virtualization.” Virtualization is a technology that can be used in cloud environments, but cloud computing also includes service delivery, billing models, scalability, and managed operations. Another trap is assuming every benefit belongs to every cloud solution equally. For example, agility is common across cloud models, but a private cloud does not always deliver the same cost profile as a large public cloud platform.

Exam Tip: When a question asks for a general benefit of cloud computing, watch for answer choices like high availability, elasticity, agility, and global distribution. These are classic AZ-900 cloud themes. If the question instead asks about complete control over physical resources, that is usually not presented as a core cloud advantage.

To identify the correct answer on test day, ask yourself what problem the organization is trying to solve. If the need is speed and flexibility, cloud concepts are central. If the need is simply “run software,” then the exam may instead be steering you toward a specific service type such as SaaS.

Section 2.2: Shared responsibility model and cloud economics basics

The shared responsibility model is one of the most important foundational ideas in AZ-900. It means that security, management, and operational tasks are divided between the cloud provider and the customer. The exact division depends on the type of cloud service being used. In general, the cloud provider is always responsible for the physical datacenter, physical networking, and physical hosts. The customer remains responsible for what they place in the cloud, such as data, user access, and configuration decisions.

At the exam level, you do not need deep engineering detail, but you do need to understand the trend line: as you move from IaaS to PaaS to SaaS, the provider manages more and the customer manages less. This is why shared responsibility questions often overlap with service model questions. If a scenario says the organization still manages the operating system, that points away from SaaS and often toward IaaS. If the provider manages the platform and runtime, that aligns more with PaaS.

Cloud economics basics also appear in this objective. Traditional on-premises environments often require capital expenditure, or CapEx, meaning large upfront purchases such as servers and networking gear. Cloud computing commonly shifts spending toward operational expenditure, or OpEx, where organizations pay for what they use over time. Microsoft likes to test whether you can associate cloud adoption with reduced upfront capital spending and more flexible consumption.

However, be careful: cloud does not mean “free from responsibility” or “always lower total cost no matter what.” Customers still manage permissions, data classification, identity controls, workload design, and service selection. Poorly designed environments can become expensive. Overprovisioned resources, idle services, and unnecessary premium tiers can increase costs.

• Provider responsibility: physical infrastructure and foundational platform operations
• Customer responsibility: data, identities, access, and configuration choices
• CapEx: large upfront purchases
• OpEx: ongoing usage-based spending

Exam Tip: If the answer choice says the cloud provider is responsible for all security in every scenario, eliminate it. Shared responsibility means both parties always have roles, even if the provider manages more in higher-level service models.

A frequent trap is mixing “responsibility” with “ownership.” A provider may own the hardware, but the customer still owns governance decisions for their data and accounts. On the exam, identify who controls the layer being discussed: hardware, operating system, application, or data. That usually reveals the correct answer.

Section 2.3: Public cloud, private cloud, and hybrid cloud models

Deployment models describe where cloud resources run and how they are operated. The three models emphasized in AZ-900 are public cloud, private cloud, and hybrid cloud. Public cloud means services are offered over the internet by a third-party provider and shared across multiple customers at the platform level, while keeping each customer logically isolated. Azure is a public cloud platform. Public cloud is commonly associated with broad scalability, rapid provisioning, and reduced need to manage physical infrastructure.

Private cloud refers to cloud resources used exclusively by one organization. These resources may be hosted in the organization’s own datacenter or in a dedicated environment hosted by a third party. The key idea is exclusivity rather than location alone. Private cloud is often chosen when an organization needs more direct control, specific compliance handling, or custom infrastructure arrangements.

Hybrid cloud combines public cloud and private cloud environments, allowing data and applications to move between them or operate across both. This model is frequently the best answer when a business must keep some workloads on-premises while also benefiting from cloud scale or services. On AZ-900, hybrid cloud often appears in scenarios involving regulatory requirements, legacy applications, phased migration, or disaster recovery.

What does Microsoft test here? Mostly recognition. You should be able to match business requirements to the appropriate model. If a scenario says “some systems must remain on-premises,” think hybrid. If it says “exclusive use by one organization,” think private cloud. If it says “no need to maintain datacenter hardware” and “fast global deployment,” think public cloud.

• Public cloud: provider-owned, internet-accessible services, strong scalability
• Private cloud: dedicated to a single organization, more direct control
• Hybrid cloud: integrates public and private environments

Exam Tip: The word “hybrid” is often triggered by requirements such as gradual migration, regulatory retention of certain systems, or integration between on-premises and cloud resources. Do not choose private cloud just because a company has strict compliance needs if the scenario still mentions using cloud services alongside local systems.

A common trap is assuming private cloud automatically means on-premises only. It can be hosted elsewhere as long as it is dedicated to one organization. Another trap is treating public cloud as insecure by definition. AZ-900 does not frame public cloud that way. Microsoft instead emphasizes the provider’s large-scale security investment and operational maturity.

Section 2.4: Compare Infrastructure as a Service, Platform as a Service, and Software as a Service

The service models IaaS, PaaS, and SaaS describe how much of the technology stack the customer manages versus how much the provider manages. This is a favorite AZ-900 topic because it directly tests your understanding of abstraction and responsibility. The easiest way to remember them is by asking, “What is the customer still managing?”

Infrastructure as a Service, or IaaS, provides core infrastructure such as virtual machines, storage, and networking. The provider manages the physical datacenter and hardware, but the customer usually manages the operating system, middleware, applications, and data. This is the best fit when an organization wants flexibility and control similar to traditional servers without maintaining the physical hardware.

Platform as a Service, or PaaS, gives customers a managed platform for building and deploying applications. The provider manages infrastructure, operating systems, runtime, and much of the platform maintenance, while the customer focuses mainly on application code and data. PaaS is a strong answer when developers want to spend less time administering systems and more time developing applications.

Software as a Service, or SaaS, delivers a complete application over the internet. Users simply access the software, often through a browser or client app, while the provider manages nearly everything behind the scenes. Microsoft 365 is a classic example. On the exam, SaaS is usually indicated by language about end users consuming a ready-to-use application rather than building or hosting one.

• IaaS: most customer control, most customer management responsibility
• PaaS: focus on application development, reduced platform management
• SaaS: consume a finished application, minimal infrastructure management

Exam Tip: If the scenario mentions patching servers or choosing an operating system, it is not SaaS. If it mentions developers deploying code without managing the underlying OS, PaaS is usually the best answer. If it mentions complete application access for end users, think SaaS first.

Common traps include picking IaaS just because “it can do anything.” While technically flexible, it may not be the best answer if the scenario clearly emphasizes reducing management overhead. Another trap is confusing PaaS with SaaS. PaaS is for building or deploying applications; SaaS is for using applications. The phrase “develop and deploy” often signals PaaS, while “use” or “subscribe to” often signals SaaS.

Section 2.5: Consumption-based pricing, agility, elasticity, and scalability

This section covers several cloud benefits that appear repeatedly in AZ-900 answer choices. Consumption-based pricing means customers pay for the resources they use, typically based on measurable usage such as compute time, storage volume, or transactions. This supports cost flexibility and helps organizations avoid paying for large amounts of unused capacity in advance. On the exam, if a company wants to avoid large upfront infrastructure purchases, consumption-based pricing is a strong clue.

Agility is the ability to deploy and reconfigure resources quickly. In cloud environments, teams can provision services in minutes rather than waiting weeks or months for physical procurement and installation. Microsoft tests this idea through scenarios involving rapid experimentation, short project timelines, and global business expansion. Agility is about speed and responsiveness.

Elasticity and scalability are related but not identical. Scalability means the ability to increase or decrease resources to meet demand. This can involve scaling up by increasing the power of existing resources, or scaling out by adding more instances. Elasticity emphasizes automatic or near-automatic adjustment in response to real-time demand changes. If a workload experiences sudden traffic spikes and resources expand to meet that demand, that is a classic elasticity example.

Why does this matter for the exam? Because Microsoft often presents multiple true-sounding cloud benefits and asks you to select the one that best fits the scenario. If the scenario emphasizes changing business conditions and fast response, think agility. If it emphasizes paying only for actual usage, think consumption-based pricing. If it emphasizes handling varying workload demand, think elasticity or scalability depending on whether the question stresses dynamic adjustment or general capacity growth.

• Consumption-based pricing: pay for what you use
• Agility: provision and adapt quickly
• Scalability: increase or decrease capacity
• Elasticity: automatic or dynamic scaling with demand

Exam Tip: When both elasticity and scalability appear as options, read carefully. Scalability is the broader capability. Elasticity usually implies responsive, often automatic expansion and contraction based on workload demand.

A common trap is treating high availability as the same concept as scalability. They are different. High availability concerns keeping services accessible and resilient; scalability concerns handling more or less workload. Another trap is assuming consumption pricing always lowers costs. It can improve cost alignment, but poor governance can still lead to high bills.

Section 2.6: Practice set on Describe cloud concepts with detailed answer logic

As you work through practice questions in this domain, focus less on memorizing isolated facts and more on reading the business requirement hidden inside the wording. AZ-900 cloud concept questions are often solved by identifying the dominant clue phrase. For example, phrases about reducing hardware management point toward cloud benefits or higher-level managed services. Phrases about retaining control over operating systems suggest IaaS. Phrases about using a complete application suggest SaaS. Phrases about keeping some systems local while extending into Azure suggest hybrid cloud.

The best way to build answer logic is to use a three-step elimination method. First, classify the question type: is it asking about a deployment model, a service model, a benefit, or a pricing concept? Second, underline the key requirement mentally: control, speed, cost pattern, or hosting location. Third, eliminate answers that belong to the wrong category. This prevents a common beginner mistake: choosing a true cloud statement that does not answer the actual question.

Another exam skill is spotting distractors built from absolute language. Words like “always,” “never,” and “all” are often warning signs in foundational certification exams. If an answer says the provider is responsible for all customer security tasks, it is probably incorrect because shared responsibility still applies. If an answer claims private cloud must be on-premises, that is also too absolute.

When reviewing practice items, ask yourself why the wrong options are wrong. That reflection builds stronger retention than simply checking the correct answer. If you missed a question because you confused elasticity with scalability, record that distinction explicitly. If you missed a question because you mixed up SaaS and PaaS, rewrite the scenario in your own words: “users consume software” versus “developers deploy applications.”

Exam Tip: In Microsoft-style scenario questions, the shortest path to the answer is often matching one requirement to one defining concept. Do not overengineer the scenario. AZ-900 rewards clean conceptual recognition more than advanced architecture design.

Before moving to the next chapter, confirm that you can do four things confidently: explain why organizations adopt cloud computing, identify who manages what in broad terms, choose among public/private/hybrid cloud models, and distinguish IaaS, PaaS, and SaaS based on management responsibility. If you can also connect pricing, agility, elasticity, and scalability to real business language, you are well prepared for this objective area and ready for more Azure-specific topics.

Section 3.1: High availability, reliability, predictability, and security in cloud concepts

This section focuses on cloud benefits that appear repeatedly in the AZ-900 objective area called Describe cloud concepts. Microsoft expects you to distinguish between similar-sounding ideas. High availability means keeping services accessible with minimal downtime. Reliability is broader and refers to the ability of a system to recover from failures and continue operating as expected. Predictability includes both performance predictability and cost predictability. Security refers to protecting systems, data, and identities, but on the exam it is often framed through shared responsibility and the provider’s ability to deliver built-in protections at scale.

A common exam pattern is to give a business scenario and ask which cloud benefit it demonstrates. If the scenario says a company wants applications to remain available even when hardware fails, high availability is the strongest match. If the scenario says the company wants resources deployed in a way that supports recovery from disruptions, reliability is likely the better answer. If the scenario says spending should be easier to forecast with usage-based tools and dashboards, think predictability. If the wording emphasizes threat protection, identity controls, or compliance-supporting safeguards, think security.

Security questions often hide a shared responsibility trap. In cloud computing, not everything becomes Microsoft’s job. The provider secures the underlying infrastructure, but customers still configure identities, permissions, and data protection choices depending on the service model. Exam Tip: If the answer choices include statements that suggest the cloud provider is responsible for all security in every situation, treat that as suspicious. AZ-900 tests the idea that responsibility is shared, even though the exact split changes across IaaS, PaaS, and SaaS.

Another trap is confusing high availability with scalability or elasticity. A service can scale up and down without necessarily addressing fault tolerance, and a highly available design can exist without dramatic auto-scaling. Likewise, reliability is not the same as backup. Backup supports recovery, but reliability as a concept includes design choices that maintain operation despite failures. Predictability also causes mistakes because learners focus only on cost. On the exam, predictability may refer to consistent application performance made possible by cloud capabilities as well as more transparent financial planning.

• High availability: reduced downtime and continued access
• Reliability: recovery capability and dependable operation
• Predictability: consistent performance and cost visibility
• Security: protection of infrastructure, identities, data, and workloads

To identify the correct answer, look for the problem being solved. If the scenario is about “staying online,” choose the answer tied to availability. If it is about “recovering after failure,” reliability is stronger. If it is about “knowing what to expect” in cost or performance, choose predictability. If it is about “protecting against threats” or “controlling access,” choose security. This direct mapping method is exactly how many AZ-900 items can be solved quickly and accurately.

Section 3.2: Governance, manageability, and business resilience in the cloud

Governance and manageability are major cloud benefits that candidates sometimes underestimate because they sound administrative rather than technical. In AZ-900, governance refers to setting rules and standards so resources remain compliant with organizational requirements. Manageability refers to the ease of administering cloud and hybrid resources using tools, templates, automation, and centralized controls. Business resilience refers to the ability to keep the business operating through failures, disruptions, or disasters. These topics are tested because cloud value is not only about servers and storage; it is also about control, consistency, and continuity.

Governance questions often include phrases such as standardization, policy enforcement, compliance requirements, or preventing teams from deploying nonapproved resources. Manageability questions may describe using portals, command-line tools, automation, or consistent deployment methods. Business resilience questions usually mention disaster recovery, regional outage planning, or continuity across failures. Exam Tip: If a scenario emphasizes “maintaining operations during disruption,” do not default to security. That wording points more strongly to resilience or reliability than to threat protection.

Cloud governance is attractive to organizations because it can be applied at scale. On the exam, this may connect later to Azure Policy or organizational hierarchy, but at the concept level you simply need to recognize that cloud platforms make it easier to define and enforce standards consistently. Manageability is similarly broad. A company can manage resources through web portals, infrastructure as code, templates, and monitoring tools. Microsoft wants you to understand that cloud environments are not just hosted systems; they are designed for centralized administration and automation.

Business resilience is a frequent source of confusion with backup and high availability. High availability minimizes downtime for a service. Business resilience is the larger outcome of keeping the organization functioning despite incidents. That may involve redundancy, disaster recovery planning, or distributing resources appropriately. The exam usually stays conceptual, so if an answer says the cloud enables organizations to recover more effectively from outages or disasters, that aligns well with resilience.

To answer governance and manageability items correctly, watch for scope. If the need is to control what users can deploy, governance is likely the best fit. If the need is to simplify deployment, administration, or monitoring, manageability is likely correct. If the need is continuity after disruption, think resilience. These distinctions matter because Microsoft uses realistic business wording rather than always naming the concept directly.

Section 3.3: Describe Azure architecture and services through global infrastructure

AZ-900 next shifts from general cloud concepts into Azure architecture and services. A central exam objective is understanding Azure’s global infrastructure at a foundational level. Azure is a worldwide cloud platform built from datacenters organized into regions within geographies. You do not need architect-level design knowledge, but you do need to understand that Azure’s global presence supports service availability, performance options, regulatory alignment, and business expansion. This directly supports the lesson of connecting cloud benefits to business scenarios, because global infrastructure is often the mechanism behind those benefits.

When Microsoft asks architecture basics, it is often testing whether you can identify the purpose of these building blocks rather than how to configure them. For example, a company expanding internationally may want resources closer to users to reduce latency. That scenario points toward choosing appropriate Azure regions. A company concerned about legal or data residency considerations may need to understand that Azure organizes operations within geographies. A company seeking resilience within a metropolitan area may benefit from availability zones, which are covered in the next section.

Be careful not to overread. AZ-900 is not asking for advanced network topology, custom replication strategy, or application modernization patterns. The likely target is the role of global Azure infrastructure in delivering reach, redundancy options, and service placement flexibility. Exam Tip: If the option names a broad foundational Azure construct and another option names a specialized advanced service, the exam often favors the broad construct when the question is about architecture basics.

Global infrastructure also links to service availability. Not all Azure services are available in every region, and some features vary by location. This matters because a test item may ask about deploying resources in specific places or choosing a region close to users. The best answer is usually the one that reflects core Azure geography concepts rather than unsupported assumptions that every service exists everywhere. Candidates sometimes miss these items by treating Azure as one undifferentiated global cloud.

From an exam strategy standpoint, identify whether the scenario is asking about physical distribution, logical organization, billing boundaries, or resilience. Physical distribution points toward regions, zones, and geographies. Logical organization points toward resource groups. Billing and access boundaries point toward subscriptions. Governance across multiple subscriptions points toward management groups. This classification approach helps you quickly sort architecture questions and avoid mixing unrelated Azure terms.

Section 3.4: Regions, region pairs, availability zones, and geographies

This is one of the most tested architecture areas in AZ-900. A region is a set of datacenters deployed within a specific geographic area. Availability zones are separate physical locations within a region, each with independent power, cooling, and networking. Region pairs are paired Azure regions within the same geography, designed to support certain disaster recovery and platform update strategies. A geography is a broader market boundary that typically contains two or more regions and helps address residency, compliance, and data boundary needs.

The key to exam success is understanding what problem each concept solves. If the scenario is about reducing latency for users in a certain area, region selection is the likely concept. If the scenario is about protecting against failure of a single datacenter, availability zones are the best fit. If the scenario is about large-scale regional disaster recovery planning, region pairs are a better answer. If the scenario is about data residency or national/regional compliance boundaries, geography is often the relevant term.

A common trap is choosing availability zones when the business need clearly spans a wider disaster scope than one datacenter. Zones protect within a region. Region pairs address broader regional resilience considerations. Another trap is assuming that a geography is the same thing as a region. It is not. A geography is larger and contains multiple regions. Exam Tip: Watch for wording like “within a region” versus “across regions.” That single phrase can reveal whether the correct answer is availability zones or region pairs.

Microsoft also likes to test the practical interpretation of these features. If a company says, “We want our application to keep running even if one datacenter in the chosen area goes down,” think availability zones. If it says, “We need a secondary deployment location for disaster recovery in the same broader market,” region pairs may be the intended concept. If the prompt mentions storing data in Europe, Asia, or another broad market area for regulatory reasons, geography may be the architectural idea being assessed.

Do not let unfamiliarity with exact region names distract you. AZ-900 usually tests the concept, not memorization of every Azure location. Focus on the hierarchy and purpose: geography contains regions; regions may contain availability zones; region pairs support broader resilience alignment. This clear hierarchy helps answer scenario items accurately and efficiently.

Section 3.5: Resources, resource groups, subscriptions, and management groups

Understanding Azure organizational hierarchy is essential for both architecture and governance questions. A resource is an individual Azure service instance, such as a virtual machine, virtual network, or storage account. A resource group is a logical container that holds related resources for an application or workload. A subscription is primarily a unit for billing, access control, and service limits. A management group sits above subscriptions and allows governance and policy management at a broader organizational scope. Many AZ-900 questions can be solved by identifying the correct level of scope.

Resource groups are often tested through lifecycle language. If several resources support the same solution and should be managed together, resource groups are usually the right answer. For example, if a company wants to deploy, update, or retire related components together, a resource group is the core organizational unit. A trap here is thinking a resource group is a billing boundary. It is not the primary billing boundary; subscriptions are. Candidates also incorrectly assume all resources in a resource group must be in the same region. The exam may probe whether you understand that the resource group is a logical container, not simply a physical location.

Subscriptions matter when the scenario involves cost tracking, separate billing, or isolating access and quotas between departments or projects. If an organization wants finance to see separate charges for different business units, multiple subscriptions may be appropriate. If it wants centralized governance across those subscriptions, management groups become relevant. Exam Tip: When you see “multiple subscriptions” and “apply policy consistently,” think management groups before thinking resource groups.

Management groups are easy to overlook because they are one level above what many beginners use day to day. On the exam, they are important because they allow organizations to organize subscriptions and apply governance at scale. If a company has several subscriptions for different departments, environments, or regions and needs a unified policy or compliance structure, management groups are the strongest foundational answer. Resource groups cannot perform that cross-subscription governance role.

• Resource: one Azure service instance
• Resource group: logical container for related resources
• Subscription: billing, access, and quota boundary
• Management group: governance scope above subscriptions

To identify the correct answer, ask what is being organized: a single service, a set of related services, a billing/access boundary, or multiple subscriptions at enterprise scale. This approach aligns directly with how Microsoft frames architecture basics in AZ-900.

Section 3.6: Practice set combining Describe cloud concepts and Azure architecture basics

This final section is about exam thinking rather than memorization. The AZ-900 exam regularly combines the cloud-concepts domain with Azure architecture basics in a single scenario. You may read about a company that wants to expand into new markets, reduce downtime, organize resources for a new application, and control spending by department. That one scenario could test region selection, high availability, resource groups, and subscriptions all at once. Your success depends on breaking the scenario into separate requirements and mapping each to the correct tested term.

Start by identifying business goals. “Closer to users” points toward regions. “Keep running during a datacenter failure” points toward availability zones. “Recover from wider disruption” points toward region pairs or resilience. “Manage related app components together” points toward resource groups. “Separate billing for departments” points toward subscriptions. “Apply policy across all departments” points toward management groups. “Improve control and standardization” points toward governance. “Reduce uncertainty in spending” points toward predictability. This translation process is one of the most reliable AZ-900 strategies.

Another important practice habit is to spot answer choices that are true statements but not the best answer. Microsoft-style items often include plausible distractors from nearby topics. For example, security may be important in almost every cloud scenario, but if the specific need is disaster recovery, resilience is the better answer. Likewise, resource groups are useful in many cases, but if the question asks about governance across multiple subscriptions, management groups are more precise. Exam Tip: Choose the answer that best matches the exact scope and business requirement, not just one that sounds generally helpful.

As you work through practice questions later in the course, train yourself to label each stem with a domain clue: cloud benefit, global infrastructure, organizational hierarchy, or governance. This helps prevent mixed-domain confusion. The official AZ-900 objective expects you to understand foundational Azure components and cloud concepts together, not in isolation. If you can consistently determine whether a scenario is about availability, reliability, regions, zones, resource groups, subscriptions, or management groups, you will be well prepared for the multiple-choice and scenario-style items that dominate the exam.

The best final review method for this chapter is simple: study the purpose, scope, and common trap for each concept. If you know what each item is for, where it applies, and what it is commonly confused with, you will answer faster and with more confidence. That is exactly the mindset needed for strong performance on AZ-900 practice tests and the real exam.

Section 4.1: Describe Azure architecture and services with compute options

Azure compute services provide processing power for applications, workloads, and business systems. On the AZ-900 exam, compute questions usually test whether you can recognize the right hosting model based on management responsibility, scalability, and application design. This is less about technical build steps and more about matching workload requirements to the appropriate Azure service.

At a high level, Azure compute spans infrastructure-based and platform-based options. Infrastructure as a Service compute gives you more control, while Platform as a Service and serverless choices reduce management overhead. This distinction matters because Microsoft often frames answers around how much of the stack you need to manage. If the scenario requires managing the operating system, installing custom software, or supporting a legacy application, IaaS is usually the clue. If the scenario emphasizes quick deployment, built-in scaling, and avoiding server maintenance, think PaaS or serverless.

Compute options commonly tested include Azure Virtual Machines, Azure Virtual Machine Scale Sets, Azure App Service, Azure Container Instances, Azure Kubernetes Service, and Azure Functions. You should know the broad purpose of each. Virtual Machines are ideal when you need maximum control. Scale Sets support large groups of identical VMs with scaling. App Service is a managed platform for web apps and APIs. Container Instances run containers without orchestration complexity. AKS manages Kubernetes-based container orchestration. Functions execute code in response to events.

Exam Tip: A very common exam trap is choosing a virtual machine when a managed service would satisfy the requirement more efficiently. If the application is simply a web app or API and there is no need to manage the underlying OS, Azure App Service is often the stronger answer.

Another tested skill is identifying cloud benefits within compute selection. Azure managed services often reduce operational burden, improve elasticity, and support faster deployment. If a scenario highlights unpredictable demand, automatic scaling may be a deciding clue. If the requirement stresses short-lived workloads or event-triggered processing, serverless options are likely relevant. If the scenario requires hosting software exactly as it exists today, virtual machines may be the safest fit.

The exam may also test your understanding of tradeoffs. More control usually means more management. More abstraction usually means less customization of the infrastructure layer. To answer correctly, focus on what the requirement explicitly values most: control, speed, cost efficiency, or simplified administration. This service-selection mindset is one of the most important skills in this chapter.

Section 4.2: Virtual machines, containers, app services, and serverless services

This section drills deeper into the compute options that appear frequently in AZ-900 questions. Azure Virtual Machines provide on-demand virtualized servers in Azure. They are the best fit when an organization needs to install custom applications, choose the operating system, configure the environment manually, or migrate traditional server workloads to the cloud. The exam often uses words such as “full control,” “legacy,” “custom software,” or “specific OS requirements” as clues that point toward virtual machines.

Containers package an application and its dependencies together for consistent deployment. Azure Container Instances is useful when you want to run a container quickly without managing servers or a full orchestration platform. Azure Kubernetes Service is for orchestrating many containers at scale. On the exam, if the requirement mentions microservices, orchestration, or container cluster management, AKS is a likely answer. If the scenario is simpler and only requires running containers without infrastructure management, Container Instances may be the better fit.

Azure App Service is one of the most important services to recognize for AZ-900. It is a fully managed platform for hosting web apps, REST APIs, and mobile back ends. Microsoft likes to test App Service as the preferred answer when a company needs to deploy a website quickly, support scaling, and avoid managing servers. If the requirement does not demand OS-level access, App Service is often superior to a VM for web hosting scenarios.

Serverless services such as Azure Functions are designed for event-driven code execution. You write code that runs when triggered by events like HTTP requests, timers, or messages. This model is ideal when workloads are intermittent and the business wants to pay for execution rather than continuously running infrastructure. The exam may contrast Functions with App Service. The key distinction is that Functions are best for small, event-based logic, while App Service is typically chosen for continuously available web applications and APIs.

Exam Tip: Watch for the phrase “without managing infrastructure.” That phrase is a strong signal for containers-as-a-service, App Service, or serverless options rather than virtual machines.

Common traps include confusing Azure Functions with all application hosting scenarios, or assuming AKS is always the best answer when containers are mentioned. The correct answer depends on whether orchestration is required. Likewise, a web application does not automatically mean virtual machines. If the business wants simplicity and managed hosting, App Service is a more exam-aligned answer.

Section 4.3: Virtual networks, VPN, ExpressRoute, DNS, and load balancing basics

Networking questions in AZ-900 are usually conceptual and service-focused. You are expected to know what Azure Virtual Network does, how Azure connects on-premises environments to the cloud, and which services help with name resolution and traffic distribution. The exam often frames these topics around business goals such as securely connecting offices to Azure, publishing services, or improving application availability.

Azure Virtual Network, or VNet, is the foundational networking service that enables Azure resources to communicate securely with each other, the internet, and on-premises networks. Think of a VNet as your private network in Azure. If a question asks how to logically isolate Azure resources or allow communication between Azure-based systems, VNet is often central to the answer. Subnets divide a VNet into smaller segments, but AZ-900 usually focuses more on the purpose of the VNet than on deep subnet design.

VPN Gateway provides encrypted connectivity over the public internet between Azure and on-premises environments. ExpressRoute provides private dedicated connectivity that does not travel across the public internet in the same way. If a question emphasizes lower latency, more consistent performance, private connection, or enterprise-grade dedicated connectivity, ExpressRoute is likely correct. If the requirement is secure hybrid connectivity at a more basic conceptual level using the internet, VPN Gateway fits better.

Azure DNS hosts DNS domains and provides name resolution using Azure infrastructure. On exam items, this is usually straightforward: if the requirement is to host a DNS domain or resolve names, Azure DNS is the intended answer. Azure Load Balancer distributes incoming network traffic across resources to improve availability and performance. At the fundamentals level, know that load balancing helps prevent a single instance from becoming overloaded.

Exam Tip: The biggest networking trap is mixing up VPN and ExpressRoute. Remember the quick rule: VPN uses encrypted traffic over the internet; ExpressRoute is a private dedicated connection.

The exam also tests your ability to identify the service purpose from minimal clues. “Private network in Azure” points to VNet. “Name resolution” points to DNS. “Distribute traffic” points to Load Balancer. “Hybrid private dedicated connection” points to ExpressRoute. Build these service-to-clue associations and networking questions become much easier to answer confidently.

Section 4.4: Azure storage services, redundancy options, and data scenarios

Azure storage is a major part of the architecture and services domain. For AZ-900, you should know the major storage types and how to match them to data scenarios. Microsoft frequently tests whether you can distinguish object storage, file shares, and disks, along with basic redundancy concepts. These questions are often practical: what service should a company use to store backups, images, shared files, or VM data?

Azure Blob Storage is used for massive amounts of unstructured data such as images, video, documents, logs, and backups. If a scenario mentions object storage or large volumes of unstructured content, Blob Storage is usually the right answer. Azure Files provides managed file shares that can be accessed via standard file-sharing protocols. If the question is about shared file access for multiple systems, Azure Files is the better fit. Azure Disk Storage provides persistent disks for Azure Virtual Machines, making it the obvious answer when the question refers to VM operating system disks or data disks.

Exam questions also test storage tiers and data access patterns at a high level. Hot storage is for data accessed frequently, cool storage is for infrequently accessed data, and archive storage is for rarely accessed data with longer retrieval times. If the requirement stresses lowest storage cost for rarely accessed data, archive is a likely answer. If quick access matters, hot may be more appropriate.

Redundancy options matter too. Locally redundant storage replicates data within a single datacenter. Zone-redundant storage replicates across availability zones in a region. Geo-redundant storage adds replication to a secondary region. You do not need deep implementation knowledge for AZ-900, but you do need to understand the business meaning: more redundancy generally improves resilience, though often with greater cost.

Exam Tip: If the exam asks which storage service should back a virtual machine, choose Azure Disk Storage, not Blob Storage or Azure Files. That distinction is very commonly tested.

Common traps include confusing Azure Files with Blob Storage because both store data, or choosing the highest redundancy option without reading the business requirement. The right answer is the option that matches the needed resilience and access pattern, not automatically the most advanced one. Always tie the answer to the scenario’s words: unstructured objects, shared files, VM disks, or long-term archive.

Section 4.5: Azure Active Directory, authentication, authorization, and conditional access fundamentals

Identity and access management is another high-priority AZ-900 topic. Microsoft now uses the name Microsoft Entra ID for the cloud identity service historically known as Azure Active Directory, but many learning resources and exam-prep materials still reference Azure AD. For test readiness, recognize both names and understand the service purpose: managing identities, enabling sign-in, and controlling access to resources.

The exam expects you to know the difference between authentication and authorization. Authentication answers the question, “Who are you?” It verifies identity through methods such as passwords, multifactor authentication, or other sign-in mechanisms. Authorization answers the question, “What are you allowed to do?” It determines what resources and actions a user, group, or service can access. This distinction appears often in multiple-choice items, and Microsoft likes to present both terms together to see whether candidates can separate them correctly.

Role-based access control, or RBAC, is Azure’s model for assigning permissions to users, groups, and identities. If a scenario asks how to grant someone access to manage resources in Azure, RBAC is usually involved. The exam generally tests this concept at a high level: roles define permissions, and assignments grant those permissions at a scope such as subscription, resource group, or resource level.

Conditional Access adds policy-driven controls to sign-in decisions. For example, an organization can require multifactor authentication under specific conditions, such as when a user signs in from an unfamiliar location or from outside the corporate network. On the exam, if the scenario describes access decisions based on location, device state, risk, or other contextual signals, Conditional Access is likely the intended answer.

Exam Tip: If the question is about verifying identity, think authentication. If it is about granting permissions after identity is verified, think authorization or RBAC.

A common trap is assuming Microsoft Entra ID is just the same as on-premises Active Directory. While they are related in identity strategy, the exam focuses on Entra ID as Azure’s cloud identity and access service. Another trap is confusing multifactor authentication with Conditional Access. MFA is an authentication method; Conditional Access is the policy framework that can require MFA under certain circumstances. Keeping those relationships clear helps eliminate distractors quickly.

Section 4.6: Practice set on selecting Azure services for business and technical needs

The final skill for this chapter is service selection, which is exactly what Microsoft tests across many AZ-900 scenario-based items. You are not being measured on whether you can architect a full production environment from scratch. You are being measured on whether you can identify the most appropriate Azure service given a requirement. The best way to improve is to read scenarios through a decision filter: What is the business trying to achieve, what level of management is acceptable, what data type is involved, and what access or connectivity model is required?

For compute, start by asking whether the scenario requires OS control. If yes, Azure Virtual Machines are usually the answer. If the requirement is to host a web application with minimal infrastructure management, favor Azure App Service. If the company wants to run containers without managing VMs, consider Azure Container Instances, and if container orchestration is needed, think AKS. If the workload is event-driven and intermittent, Azure Functions should move to the top of your list.

For networking, ask whether the company needs a private Azure network, hybrid connection, name resolution, or traffic distribution. Virtual Network supports private communication in Azure. VPN Gateway enables encrypted hybrid connectivity over the internet. ExpressRoute is used when a private dedicated connection is required. Azure DNS handles DNS hosting and resolution. Azure Load Balancer distributes traffic across resources for availability and performance.

For storage, match the data type and access pattern. Blob Storage fits unstructured objects and large-scale data. Azure Files fits shared file access. Disk Storage fits virtual machines. Then consider redundancy and cost requirements. For identity, decide whether the scenario is about sign-in, permissions, or policy-based access controls. Sign-in points to authentication and Entra ID. Permissions point to authorization and RBAC. Context-based restrictions point to Conditional Access.

Exam Tip: In scenario questions, underline the nouns and verbs mentally: host, store, connect, authenticate, authorize, scale, share, archive. These words often map directly to the Azure service category being tested.

One final exam strategy: eliminate answers that are too broad, too advanced, or not purpose-built for the scenario. Many distractors are technically related but not the best fit. The AZ-900 exam rewards practical cloud judgment. If you consistently choose the service that most directly satisfies the requirement with the least unnecessary complexity, you will perform much better on architecture and services questions.

Section 5.1: Describe Azure management and governance with cost management concepts

Azure management and governance refers to the tools and practices used to control how Azure resources are created, organized, monitored, protected, and paid for. In AZ-900, this objective is less about advanced administration and more about understanding the purpose of foundational services. Cost management is one of the easiest areas to test because every cloud customer cares about spending. Microsoft wants you to know that cloud cost control is not a one-time activity; it is an ongoing discipline that begins before deployment and continues throughout the resource lifecycle.

Azure Cost Management and Billing helps organizations track current and historical spending, review cost trends, create budgets, and identify cost drivers. Exam questions may describe a company that wants visibility into which department or subscription is generating charges. In those scenarios, Cost Management is often the correct choice. Governance overlaps with cost because standards such as tagging, subscription structure, and resource organization make spending easier to allocate and analyze.

A common exam distinction is between management hierarchy and billing visibility. Azure organizes resources into management groups, subscriptions, resource groups, and resources. Governance controls can be applied at multiple levels. If the scenario mentions organizing for policy inheritance or broad administration, think management groups or subscriptions. If it mentions a logical container for related resources, think resource groups. If it mentions tracking spend by workload, tags and Cost Management become highly relevant.

Exam Tip: Tags are frequently associated with cost reporting and governance. If the question asks how to categorize resources by department, environment, or application for reporting purposes, tags are often the best answer.

Another trap is confusing cost management with security or compliance tools. Cost Management does not enforce allowed locations, require encryption settings, or block deployments. Those are governance and policy functions. Cost Management helps measure and control spending through analysis, budgets, and forecasting. On the exam, if the wording centers on spending analysis, actual charges, trends, or budget alerts, stay in the cost management category.

From a test strategy perspective, identify whether the question is asking about prevention or visibility. Cost Management provides visibility and planning controls. Azure Policy provides preventive governance rules. Resource locks provide protective controls against accidental change. These distinctions appear repeatedly in Microsoft-style questions.

Section 5.2: Factors that affect costs, calculators, and total cost planning

AZ-900 commonly asks what affects Azure costs and which tool should be used to estimate or compare expenses. The major cost factors include resource type, consumption level, service tier, region, bandwidth usage, storage capacity, storage transactions, and licensing model. For example, a virtual machine cost can change based on size, operating system, time running, and region. Storage cost can depend not only on the amount stored, but also on performance tier and access pattern. Outbound data transfer may also create charges.

Two planning tools are especially important. The Pricing Calculator estimates expected Azure costs before deploying services. This is the tool to choose when a business wants to forecast monthly charges for selected Azure resources. The Total Cost of Ownership Calculator compares estimated on-premises infrastructure costs with the cost of running workloads in Azure. If a scenario mentions evaluating whether moving to Azure could reduce infrastructure expenses compared with an existing datacenter, TCO Calculator is the better answer.

Students often miss questions because both tools seem related to cost estimation. The key distinction is simple: Pricing Calculator estimates Azure service pricing; TCO Calculator compares on-premises versus Azure costs. The exam likes this comparison because it tests practical business understanding rather than technical depth.

Exam Tip: If you see wording like “estimate the cost of Azure services before deployment,” choose Pricing Calculator. If you see “compare current datacenter costs to Azure,” choose TCO Calculator.

Other cost optimizers may appear in answer choices, such as reserved instances, spot pricing, or Azure Hybrid Benefit. At AZ-900 level, you do not need deep financial modeling, but you should know the general idea. Reserved capacity can reduce cost when usage is predictable over time. Spot pricing can lower cost for interruptible workloads. Azure Hybrid Benefit can reduce cost when eligible existing licenses are reused. If a scenario emphasizes lowering predictable long-term compute cost, reserved pricing is usually more appropriate than pay-as-you-go.

One more exam trap: free services and low-cost services still need governance. The exam may imply that using cloud means cost is automatically optimized. That is false. Cloud provides flexibility, but without planning, spending can rise quickly. Microsoft wants candidates to understand that estimating, monitoring, and adjusting are all parts of total cost planning.

Section 5.3: Service level agreements, lifecycle planning, and support options

Service level agreements, or SLAs, define Microsoft’s commitment for uptime and connectivity for many Azure services. On AZ-900, you are not expected to memorize every percentage, but you should understand what an SLA means. A higher SLA generally indicates a stronger availability commitment. Questions may ask about the concept of cumulative downtime or how design choices affect availability. For example, distributing workloads across multiple instances can improve the effective availability of an application and may align with stronger uptime expectations.

Do not confuse an SLA with actual performance, technical support, or a guarantee that outages never occur. An SLA is a formal commitment, often expressed as a percentage of uptime over a billing period. The exam may include distractors suggesting that an SLA means a service cannot fail. That is incorrect.

Lifecycle planning matters because cloud services evolve. Organizations need to understand service updates, feature changes, and retirement notices so they can plan migrations or redesigns. AZ-900 tests this at a conceptual level: businesses should pay attention to the lifecycle of services they depend on and choose support arrangements appropriate to their operational needs.

Support plans are another favorite exam topic. Azure offers different support options, from basic account and billing support to more advanced technical response options. The right answer depends on whether the scenario asks for billing help, technical troubleshooting, architectural guidance, or faster response for business-critical issues. A common trap is assuming the most expensive support plan changes the service’s SLA. It does not. Support plans affect access to support resources and response times, not the underlying uptime commitment.

Exam Tip: If the question asks about guaranteed service availability, think SLA. If it asks about contacting Microsoft for technical help or getting faster response times, think support plan.

Another tested distinction is between designing for resilience and relying on the SLA alone. Microsoft expects you to understand that organizations still share responsibility for designing highly available solutions. An Azure service may offer a published SLA, but architectural decisions such as redundancy, region selection, and multi-instance deployment still matter. This connects back to earlier AZ-900 concepts about shared responsibility and cloud design choices.

Section 5.4: Microsoft Purview, Azure Policy, resource locks, and governance controls

Governance tools exist to help organizations maintain control as Azure adoption grows. On the exam, Microsoft frequently tests whether you can distinguish policy enforcement, data governance, and protective controls. Azure Policy is used to define and enforce rules for resources. Examples include requiring tags, restricting allowed regions, or ensuring that only certain resource SKUs can be deployed. If a scenario mentions standardization or compliance through rules, Azure Policy is usually the correct answer.

Resource locks are simpler but very important. They prevent accidental deletion or modification of critical resources. A ReadOnly lock prevents changes, while a Delete lock prevents deletion but still allows some modifications. On the exam, when the problem is accidental admin action rather than policy compliance, resource locks are the better fit. Students commonly choose Policy when the prompt really asks how to stop someone from deleting a production resource immediately. That is a lock scenario.

Microsoft Purview focuses on data governance, discovery, classification, and compliance across data sources. If the question is about understanding where sensitive data exists, classifying data assets, or governing data across environments, Purview is a strong match. It is not primarily a resource deployment control service, so do not confuse it with Azure Policy.

Exam Tip: Ask yourself what is being governed: resources or data? If the governance target is resource configuration, think Azure Policy. If the governance target is data discovery and classification, think Microsoft Purview.

Governance controls also include role-based access control, tagging, management groups, and subscription organization, although AZ-900 usually treats these at a high level. The exam is more likely to test the purpose of the control than implementation details. The best way to identify the answer is to focus on the problem statement: enforce a standard, classify data, stop deletion, or organize administration. Each problem maps to a different governance mechanism.

A final trap is assuming governance always blocks users. Governance can also guide, audit, classify, and structure. Policy can audit noncompliant resources. Purview can provide visibility into data estates. Tags can improve reporting. Good governance is not only about denial; it is about control and insight.

Section 5.5: Azure Portal, Cloud Shell, Azure Arc, ARM, monitoring, and Advisor basics

This section groups together the operational tools that appear often in introductory Azure exam questions. Azure Portal is the web-based graphical interface for creating and managing resources. It is the easiest administrative option to recognize on the exam. If a prompt describes point-and-click management from a browser, Azure Portal fits. Azure Cloud Shell provides browser-accessible command-line management using PowerShell or Bash. If the scenario involves running scripts or commands without locally installing tools, Cloud Shell is likely the intended answer.

Azure Resource Manager, or ARM, is the deployment and management service for Azure. ARM templates allow infrastructure as code deployments, meaning resources can be described declaratively and deployed consistently. When the exam asks about repeatable deployments or standardized provisioning, ARM is an important choice. A common trap is picking Portal because it is familiar, even when the scenario clearly emphasizes automation and consistency.

Azure Arc extends Azure management capabilities to resources outside Azure, including on-premises servers and multi-cloud environments. If a question mentions hybrid or non-Azure resource management from Azure, think Azure Arc. This is a classic keyword-driven match on AZ-900.

For monitoring, Azure Monitor collects, analyzes, and acts on telemetry such as metrics, logs, and alerts. It is used to observe the health and performance of applications and infrastructure. Azure Advisor is different: it analyzes deployed resources and provides recommendations related to reliability, security, performance, operational excellence, and cost. Advisor tells you what to improve; Monitor tells you what is happening.

Exam Tip: If the question asks for alerts, logs, metrics, or visibility into resource performance, choose Azure Monitor. If it asks for best-practice recommendations to optimize resources, choose Azure Advisor.

These tools are easy to mix up because they all support administration. The fastest way to answer correctly is to identify the action in the scenario: graphical management, command-line management, hybrid management, repeatable deployment, telemetry monitoring, or optimization recommendations. Each action points to one core Azure service.

Section 5.6: Practice set on Describe Azure management and governance with rationale review

As you review this domain, focus less on memorizing long descriptions and more on building answer-selection habits. Microsoft-style AZ-900 questions often present two plausible administrative tools and expect you to identify the better fit. Your practice mindset should be: what exact problem is the organization trying to solve? If the issue is estimating future Azure spend, think Pricing Calculator. If the issue is comparing existing datacenter costs to Azure, think TCO Calculator. If the issue is tracking actual charges and setting budgets, think Cost Management. If the issue is uptime commitment, think SLA. If the issue is support response, think support plan.

For governance, train yourself to separate enforcement from protection. Azure Policy enforces standards and can audit compliance. Resource locks protect resources from accidental deletion or modification. Microsoft Purview governs and classifies data. Azure Advisor recommends improvements. Azure Monitor observes activity and performance. ARM standardizes deployment. Azure Arc extends management to hybrid and multi-cloud resources. Azure Portal and Cloud Shell are management interfaces, one graphical and one command-line.

A productive rationale review process is to ask why each wrong answer is wrong. This is essential for AZ-900 because distractors are usually not random; they are related tools from the same general category. For example, a wrong answer may still be an Azure management service, just not the one that addresses the specific requirement. If you practice that elimination logic, your exam confidence rises quickly.

Exam Tip: In scenario questions, underline or mentally isolate trigger phrases such as “prevent deletion,” “enforce standard,” “estimate before deployment,” “monitor logs,” “get recommendations,” or “manage servers outside Azure.” These phrases usually reveal the intended service.

Finally, remember that this objective is designed for broad understanding, not expert administration. Do not overcomplicate the question. The best answer is typically the core Azure service whose main purpose matches the stated need. If you stay disciplined about matching service purpose to business requirement, this chapter can become one of your highest-scoring areas on the AZ-900 exam.

Section 6.1: Full-length mock exam covering Describe cloud concepts

The first full-length mock segment should target the cloud concepts domain because this area provides fast, high-value points when your fundamentals are solid. In AZ-900, cloud concepts questions often look simple on the surface, yet they are written to catch candidates who confuse broad ideas. You should expect items related to shared responsibility, consumption-based pricing, elasticity, scalability, high availability, fault tolerance, and the distinctions among public, private, and hybrid cloud models. You should also be able to separate IaaS, PaaS, and SaaS without hesitation.

When reviewing this domain, focus on the exam’s intent. Microsoft is not trying to test advanced architecture here. It is testing whether you understand what changes when a company moves from on-premises infrastructure to cloud services. If the prompt emphasizes managing operating systems, virtual machines, and networking configuration, think IaaS. If it emphasizes developers deploying applications without managing the underlying platform, think PaaS. If it emphasizes end users consuming a complete application over the internet, think SaaS. Exam Tip: If the answer choices include all three service models, identify the highest layer of management abstracted away from the customer.

Shared responsibility is one of the most common traps. Candidates sometimes assume Microsoft manages everything in Azure. That is incorrect. The exact customer responsibility depends on the service model. In IaaS, the customer manages far more than in SaaS. If a scenario mentions patching guest operating systems, that points to customer responsibility in IaaS. If it mentions the physical datacenter or host infrastructure, that points to Microsoft responsibility. Questions may also test whether you know that moving to the cloud does not eliminate governance, identity, or data classification responsibilities.

Another frequent issue is confusing related benefits. Scalability means increasing or decreasing resources to meet demand; elasticity emphasizes dynamic, often automatic adjustment as demand changes. High availability refers to keeping services accessible; disaster recovery refers to restoring service after a major disruption. Agility refers to rapid provisioning and adaptation. Cost optimization comes from avoiding large upfront capital expenditure and paying for what you use, but be careful: cloud does not automatically mean lower cost in every scenario. The best exam answers usually connect cost benefits to proper consumption and right-sizing.

• Watch for qualifiers like quickly, temporary, global, or without upfront hardware purchases.
• Map cloud model questions to ownership: public cloud is provider-owned, private cloud is dedicated to a single organization, hybrid combines both.
• Do not confuse business continuity terms with pricing or deployment terms.

As you complete this mock section, simulate real pacing. Answer based on what the wording supports, not on outside assumptions. If you find yourself inventing technical details not present in the prompt, you are probably moving away from the intended answer. Cloud concepts are foundational, and strong performance here builds confidence for the more service-specific sections that follow.

Section 6.2: Full-length mock exam covering Describe Azure architecture and services

This mock segment covers the largest and most detailed portion of AZ-900, so your goal is not expert-level depth but broad and accurate service recognition. The exam expects you to identify core architectural components such as Azure regions, region pairs, availability zones, subscriptions, resource groups, and management groups. It also expects familiarity with major service categories including compute, networking, storage, and identity. The challenge is that many answer choices are legitimate Azure services, so the skill being tested is selecting the one that best matches the stated requirement.

For compute, distinguish among virtual machines, virtual machine scale sets, containers, Azure Kubernetes Service, and serverless options such as Azure Functions. If the scenario emphasizes full control of the operating system, think virtual machines. If it emphasizes orchestrating containers at scale, think AKS. If it emphasizes event-driven execution and paying only when code runs, think Azure Functions. A common trap is choosing the most powerful or modern service rather than the most appropriate service for the described task. Exam Tip: In AZ-900, simpler service alignment often wins over architectural sophistication.

For networking, review virtual networks, subnets, VPN Gateway, ExpressRoute, load balancing concepts, DNS, and connectivity patterns. The exam often checks whether you know when a company wants private connectivity, internet-based encrypted connectivity, or traffic distribution. ExpressRoute is private dedicated connectivity; VPN Gateway uses encrypted traffic over the public internet. Load balancing distributes traffic; it does not provide identity or governance. Be careful with services that sound related but solve different problems.

Storage questions usually focus on recognizing blob storage, file shares, disk storage, archive or hot/cool access tiers, and redundancy options such as LRS and GRS. The exam may ask you to identify the best storage for unstructured data, mounted file shares, or VM disks. It may also test whether you understand why one redundancy option supports broader resiliency goals than another. Here, wording matters. If the prompt focuses on files shared across systems, Azure Files is more aligned than Blob Storage. If it focuses on object data such as images or backups, Blob Storage is more aligned.

Identity is another high-frequency topic. You should know Microsoft Entra ID as Azure’s cloud identity service and understand the basic purpose of features such as single sign-on, multifactor authentication, and conditional access at a conceptual level. The exam is not seeking deep identity engineering. It is testing whether you can recognize how identity supports secure access across cloud resources and applications. Candidates often confuse identity with network security. Identity verifies and governs user or service access; networking controls traffic paths and connectivity.

• Regions and availability zones relate to deployment geography and resiliency.
• Resource groups organize resources; subscriptions provide billing and administrative boundaries.
• Management groups sit above subscriptions for broader governance.

When reviewing this mock section, mark every miss by service category. If you miss several compute questions, that suggests a pattern. If your mistakes cluster around identity versus networking, you likely need to sharpen distinctions, not memorize more features. This section is where precision improves scores fastest because the exam repeatedly tests the practical role of common Azure services.

Section 6.3: Full-length mock exam covering Describe Azure management and governance

The governance and management domain is where many candidates underestimate the exam. Because these topics sound administrative, learners sometimes give them less attention than compute or storage. That is a mistake. AZ-900 regularly tests cost management, policy enforcement, compliance tools, monitoring, resource organization, and service lifecycle concepts. These questions are often very winnable if you know the purpose of each tool and avoid mixing services that operate at different layers.

Start with cost management. You should recognize pricing calculators, total cost of ownership concepts, budgets, and Azure Cost Management capabilities. The exam may describe a company estimating future spend before deployment, tracking current spend, or setting thresholds to avoid unexpected charges. Those are distinct needs. Estimating future cost points toward pricing tools; tracking and analyzing actual spend points toward cost management features. Exam Tip: Read whether the scenario is about planning cost, controlling cost, or explaining cost after deployment. Each verb hints at a different answer.

Governance tools such as Azure Policy, resource locks, tags, and management groups are common exam material. Azure Policy enforces or evaluates rules for resources, such as allowed locations or required tags. Resource locks help prevent accidental deletion or modification. Tags support organization, reporting, and cost categorization, but they do not by themselves enforce compliance. Management groups help apply governance across multiple subscriptions. A frequent trap is choosing tags when the requirement clearly says to enforce a rule. Tags organize; Policy governs.

For monitoring and operational visibility, be comfortable with Azure Monitor and the concept of collecting metrics, logs, alerts, and insights. The exam may also test awareness that Service Health reports Azure service issues and planned maintenance affecting your environment. This area often includes subtle wording traps. If the scenario asks about the health of Azure services impacting a subscription, Service Health is likely relevant. If it asks about application or resource telemetry, Azure Monitor is the better fit.

Compliance and trust topics are also important at the AZ-900 level. You do not need deep legal knowledge, but you should know that Microsoft provides compliance documentation, certifications, and trust-related resources to help organizations assess regulatory alignment. The exam may ask which type of service or documentation helps verify standards support. Look for language about compliance requirements, regulatory needs, or audit readiness rather than deployment or security configuration.

• Budgets help track and notify; they do not directly stop all spending.
• Azure Policy evaluates and enforces standards.
• Resource locks protect resources from accidental changes.
• Azure Monitor provides observability; Service Health focuses on Azure platform incidents and advisories.

As you finish this mock section, ask whether each wrong answer came from not knowing a tool or from confusing tools with adjacent purposes. Governance questions are usually easier once you group services by what they do: organize, enforce, monitor, estimate, protect, or report. That mental categorization is extremely effective on the real exam.

Section 6.4: Answer review methodology and distractor analysis

Finishing a mock exam is only half of the preparation process. The score matters, but the real value comes from how you review each result. Many candidates waste final study time by only checking which items were wrong. A stronger method is to classify every missed question by domain, confidence level, and error type. Ask yourself: Did I not know the concept? Did I confuse two Azure services? Did I misread a keyword? Did I choose an answer that was true but not the best fit? This review process turns a practice test into a targeted improvement plan.

Distractor analysis is especially important for AZ-900 because Microsoft-style options are often designed to sound familiar. A distractor is not random; it usually represents a nearby concept. If you choose Azure Monitor instead of Service Health, or tags instead of Policy, the exam is revealing a boundary you need to sharpen. Review both why the correct answer is correct and why each incorrect option is wrong in that exact scenario. Exam Tip: If you can explain why the runner-up answer is tempting but still inferior, you are developing exam-ready judgment.

Use a three-column review table after each mock exam. In the first column, list the topic tested, such as shared responsibility, region pairs, Azure Files, or budgets. In the second column, list the reason for the mistake. In the third column, write the corrected decision rule in one sentence. For example: “If the requirement is private dedicated connectivity, choose ExpressRoute rather than VPN Gateway.” These short rules are powerful because they mirror how you must think under time pressure.

Also review your correct answers, especially those you guessed. A guessed correct response is not a strength yet. Mark it separately. If your confidence was low, revisit the concept until you can identify the answer on purpose. This is one of the most overlooked parts of exam prep. False confidence develops when candidates assume every correct answer reflects mastery.

• Content gap: you did not know the feature or service.
• Boundary confusion: you mixed up two related services.
• Keyword miss: you ignored words like enforce, estimate, monitor, or private.
• Overthinking: you selected a technically possible answer instead of the most direct one.

Review should be active, not passive. Rewrite the key distinction in your own words, say it aloud, and revisit it later the same day. The final review stage is about reducing avoidable mistakes. When you learn to spot distractor patterns, your score can improve significantly even before you memorize any additional facts.

Section 6.5: Final revision plan by exam domain and confidence level

Your final revision should be organized by exam domain and by confidence level, not by random note pages or the order in which you originally studied. Divide your remaining topics into three groups: high confidence, medium confidence, and low confidence. High-confidence topics need quick validation only. Medium-confidence topics need contrast review, where you compare similar concepts. Low-confidence topics need focused reteaching using concise notes, diagrams, or flashcards. This approach ensures your time goes where score improvement is most likely.

For the cloud concepts domain, low-confidence candidates should revisit the core frameworks: cloud models, service models, and shared responsibility. Do not chase edge details. Master the basic distinctions so thoroughly that they feel automatic. For medium confidence, practice identifying keywords that signal scalability, elasticity, high availability, or disaster recovery. For high confidence, do a quick rapid-fire recap to keep terminology fresh without spending too much time there.

For Azure architecture and services, break revision into subdomains: architectural components, compute, networking, storage, and identity. This domain benefits from comparison charts. Put related services side by side and write one-line definitions emphasizing the primary use case of each. Virtual machines versus containers, VPN Gateway versus ExpressRoute, Blob Storage versus Azure Files, and Entra ID versus network controls are all classic distinction sets. Exam Tip: If two services seem similar, ask which one the exam would describe in a single-sentence business need. That often reveals the intended answer more clearly than deep technical details do.

For management and governance, your revision plan should focus on purpose mapping. Create a sheet that groups tools by intent: estimate cost, track cost, enforce standards, organize resources, protect from deletion, monitor telemetry, view platform health, or review compliance posture. Governance topics become easier when you memorize them by outcome rather than by product name alone. This also helps on scenario questions, where the exam often describes a need first and names nothing directly.

In the final 48 hours before the exam, use a layered approach. First, review your error log from mock exams. Second, revisit low-confidence topics only. Third, complete one final short mixed review session without stopping to look things up after every item. The goal is to test recall flow. If you constantly interrupt yourself, you train dependency instead of readiness.

• High confidence: brief refresh and terminology check.
• Medium confidence: compare similar services and identify triggers.
• Low confidence: relearn core purpose, then practice recognition.

A smart revision plan is selective. AZ-900 is broad, so trying to relead every source at the end usually creates confusion. Trust your mock exam data. Let your misses and low-confidence areas define your final review priorities.

Section 6.6: Test-day tactics, mindset, and last-minute review guidance

On exam day, your objective is to convert preparation into calm, accurate decisions. Start by removing unnecessary friction. Verify your exam appointment time, identification requirements, testing environment rules, and check-in process in advance. If you are testing online, confirm device readiness and room compliance early. If you are testing at a center, plan arrival time conservatively. Logistics problems create stress that can affect even well-prepared candidates.

During the exam, read the full prompt slowly enough to catch qualifiers but quickly enough to maintain rhythm. Words such as best, most appropriate, minimize management, private, estimate, or enforce often determine the answer. Avoid jumping to a familiar Azure term before identifying the actual requirement. Exam Tip: Before looking at the choices, summarize the problem in your own head in five words or fewer. This keeps you anchored to the requirement rather than to the distractors.

If you encounter a difficult item, do not let it derail your pace. Eliminate clearly wrong options first, choose the best remaining answer, and move on. Foundational exams reward steady accumulation of correct answers more than perfection on a few hard items. If the platform allows review, mark uncertain items and revisit them after completing the rest. Often, later questions trigger memory that helps with earlier ones.

Mindset matters. Do not treat every question as a trick question. AZ-900 does include distractors, but many items are direct if you trust the official service purpose. Overthinking is one of the most common causes of lost points. Candidates sometimes talk themselves out of the right answer because they imagine advanced scenarios not stated in the prompt. Stay within the information given. Choose the answer that most directly aligns with the requirement and the tested domain.

Your last-minute review should be light and strategic. Do not attempt a major cram session immediately before the exam. Instead, review your one-page distinction sheet: cloud models, service models, shared responsibility, regions and availability zones, common compute choices, networking connectivity, storage types, Entra ID basics, Policy versus tags versus locks, Cost Management, Azure Monitor, and Service Health. This refresh keeps the highest-yield concepts active without overwhelming you.

• Sleep and hydration support focus more than one extra hour of cramming.
• Read carefully, but do not read fearfully.
• Use elimination when uncertain.
• Trust the most direct mapping between need and service.

Finish the exam with discipline. If you have review time remaining, revisit only flagged questions and confirm that your final selections still match the exact wording. This chapter closes your preparation with a practical truth: success on AZ-900 comes from combining content knowledge, service differentiation, and sound exam technique. If you have completed the mock exams honestly and reviewed your weak spots with precision, you are ready to perform with confidence.