AZ-900 Practice Test Bank: 200+ Questions

Section 1.1: AZ-900 Certification Overview and Who It Is For

AZ-900 is Microsoft’s foundational Azure certification. It is intended for learners who need a broad understanding of cloud computing and Microsoft Azure, not deep operational expertise. Typical candidates include students, career changers, project managers, sales and technical support staff, business analysts, and IT professionals beginning their Azure journey. It also serves experienced technical professionals who want a formal baseline before moving to role-based certifications such as administrator, developer, security, or architect tracks.

On the exam, Microsoft is testing whether you can describe, recognize, and distinguish. Those verbs matter. You should be able to describe cloud models such as public, private, and hybrid cloud; recognize the purpose of Azure services like virtual machines, virtual networks, and storage accounts; and distinguish governance tools such as Azure Policy, resource locks, and tags. The exam is not a lab exam. You are not expected to configure advanced deployments from memory. Instead, you are expected to identify the right concept or service in common business and technical scenarios.

A common exam trap is assuming AZ-900 is too basic to require structured preparation. Because the content is broad, candidates often face many terms that sound familiar but are easy to confuse under time pressure. For example, candidates may mix up availability zones with regions, or Azure Policy with resource locks. The exam rewards precision. Even foundational terminology must be understood accurately.

Exam Tip: If a question asks what a service is for, focus on Microsoft’s primary use case rather than edge cases you may have seen elsewhere. AZ-900 usually tests the intended category and function of a service, not every possible way it can be used.

This certification is also valuable as a confidence-builder. It introduces the structure of Microsoft certification exams and helps you develop a study routine that will be useful on future exams. In that sense, AZ-900 is both a credential and a training ground. Approach it seriously, but do not overcomplicate it. Your task is to build exam-ready clarity across the published objectives.

Section 1.2: Microsoft Exam Registration, Scheduling, and Delivery Options

Before you can pass AZ-900, you need to understand the practical steps of registration and scheduling. Microsoft certification exams are typically scheduled through Microsoft’s certification portal, where you sign in with a Microsoft account, choose the exam, confirm language and region details, and select an available delivery option. Depending on your location and current policies, you may be able to take the exam at a test center or through online proctoring. Both options require planning, and each has different risks.

Test center delivery offers a controlled environment, which can reduce distractions and technical issues. Online proctored delivery offers convenience, but it usually comes with stricter setup requirements: a quiet room, valid identification, webcam access, and a clean testing area. Candidates sometimes lose valuable focus because they prepare the Azure content but neglect the delivery logistics. That is avoidable. Read the confirmation instructions carefully, test your device early if using online delivery, and understand check-in timing well before exam day.

Scheduling strategy matters too. Beginners often choose an exam date based on hope rather than evidence. A better approach is to book a realistic date that gives you enough time for one full content pass, one structured review pass, and several timed practice sets. If your schedule changes, review rescheduling and cancellation rules early. Do not assume flexibility at the last minute.

Exam Tip: Schedule your exam only after you have mapped study time across all official domains. A booked date can motivate you, but an unrealistic deadline often leads to rushed memorization instead of real understanding.

When planning your exam session, also think about your peak concentration time. If you perform best in the morning, avoid an evening slot simply because it appears convenient. Small logistical decisions affect performance more than many candidates realize. Registration is not just administrative; it is part of exam strategy. The smoother the delivery experience, the more mental energy you preserve for reading questions carefully and making sound choices.

Section 1.3: Exam Format, Question Types, Scoring, and Passing Readiness

AZ-900 candidates should expect a Microsoft certification experience that may include multiple-choice items, multiple-response items, scenario-based prompts, and other structured question styles commonly used in fundamentals exams. Exact counts and presentation can vary, which is why you should prepare for flexibility rather than for a single fixed format. What remains consistent is the need to read carefully. Microsoft often tests whether you can identify the best answer, not merely a technically possible one.

The passing score is reported on a scaled system, with 700 generally recognized as the passing benchmark. Scaled scoring means not all questions necessarily carry the same weight or contribute in a simple one-point-per-question way. Do not waste time trying to reverse-engineer your score during the exam. Instead, focus on accuracy, pacing, and avoiding unforced errors. Read every keyword, especially qualifiers such as best, most appropriate, minimize, or reduce administrative effort. Those words often determine which answer Microsoft considers correct.

Time management is part of readiness. Even candidates who know the content can underperform if they dwell too long on a difficult item. The AZ-900 exam is not intended to be a race, but slow reading and second-guessing can create unnecessary pressure. Effective pacing comes from practice under timed conditions. As you work through this course, use practice sets to train decision-making speed, not just recall.

A common trap is treating every uncertain item as equally difficult. In reality, many questions can be narrowed quickly by eliminating options that belong to the wrong service category. For example, if a question is clearly about identity and access, storage options are not serious contenders. Strong candidates first classify the problem domain, then compare the remaining answers.

Exam Tip: Passing readiness is not just about average practice score. It also includes consistency across domains. If you score well overall but remain weak in governance or cloud concepts, the real exam can expose that gap quickly.

Your goal before test day should be stable performance on mixed-domain practice, comfort with common question styles, and a clear process for eliminating distractors. That combination is a much better readiness signal than one strong score on an untimed set.

Section 1.4: Official Exam Domains and How This Course Maps to Them

The AZ-900 exam objectives are organized into major domains that reflect the knowledge Microsoft wants foundational candidates to possess. These domains typically include cloud concepts; Azure architecture and services; and Azure management and governance. While the exact weighting can shift when Microsoft updates the exam, the broad structure remains stable enough for you to build a practical study plan around it. This course is aligned to those same categories so that your preparation mirrors the exam blueprint rather than a random collection of facts.

The first domain, cloud concepts, includes core ideas such as cloud computing benefits, consumption-based pricing, cloud service models, and the shared responsibility model. These topics may seem straightforward, but Microsoft uses them to test whether you understand why organizations adopt cloud services and how responsibilities differ between on-premises and cloud environments. Candidates often lose points here by answering from intuition instead of using the standard cloud model definitions.

The second major domain, Azure architecture and services, is broad and exam-critical. It includes foundational architectural elements such as regions, region pairs, availability zones, subscriptions, and resource groups. It also covers common service families such as compute, networking, storage, and identity. On the test, many questions are classification-based: identify which service category fits a requirement, or choose which Azure component is used for a given purpose.

The third domain, Azure management and governance, includes tools and concepts such as cost management, Azure Policy, role-based access control, resource locks, tags, service level agreements, and compliance-related features. This domain tests whether you understand how Azure environments are organized, controlled, and monitored at a high level. Candidates often confuse tools that sound similar but solve different problems, which is why side-by-side comparison is essential.

Exam Tip: Map every practice question back to an exam domain. If you miss a question, do not just note the answer. Identify whether the weakness came from cloud concepts, architecture, or governance. This turns mistakes into targeted review.

This course is structured to support that mapping. Early lessons establish exam familiarity and study discipline. Later chapters build domain knowledge in the same categories Microsoft tests. Practice sets and review cycles then help you integrate those domains, because the real exam does not isolate them neatly. By studying through the lens of the official objectives, you train yourself to think like the exam writers.

Section 1.5: Study Planning for Beginners Using Practice Tests and Review Cycles

A beginner-friendly AZ-900 study plan should be simple, repeatable, and domain-based. Start with a diagnostic mindset rather than a perfection mindset. Your first goal is to understand the scope of the exam and identify which topics are unfamiliar. Then move into a structured cycle: learn, review, practice, analyze, and revisit. This is far more effective than reading Azure definitions repeatedly and hoping they stick.

A strong weekly routine might look like this: study one domain in focused sessions, summarize key distinctions in your own notes, complete a small untimed practice set, review every explanation, and then revisit missed topics before moving on. After covering all domains once, begin mixed-domain timed practice. Mixed practice is where real readiness develops, because it teaches you to recognize what a question is actually asking without being told the topic in advance.

Practice tests should be used as learning tools, not as a shortcut. One of the biggest traps in certification prep is answer memorization. If you remember that a specific option was correct but cannot explain why competing options were wrong, your readiness is fragile. The exam will present the same concepts in different wording. Reliable success comes from understanding service purpose, concept boundaries, and common distractors.

For beginners, spaced review is especially important. Do not study cloud concepts once and assume they are mastered. Revisit them after studying Azure services, because cross-domain understanding improves retention. For example, your understanding of shared responsibility becomes stronger once you compare infrastructure, platform, and software services. Likewise, governance tools make more sense after you understand subscriptions, resource groups, and identities.

Exam Tip: Keep a short “confusion list” of commonly mixed concepts, such as regions versus availability zones, Azure Policy versus locks, and authentication versus authorization. Review this list frequently. It can save easy points on exam day.

As your exam date approaches, shift from content accumulation to performance stabilization. Use timed sets, review weak areas, and practice calm decision-making. Your study plan should produce not only knowledge, but also familiarity with Microsoft-style wording and confidence under realistic conditions.

Section 1.6: Common Mistakes, Retake Strategy, and Exam Day Preparation

Many AZ-900 candidates make avoidable mistakes that have little to do with intelligence and everything to do with exam discipline. The first common mistake is underestimating foundational topics. Because terms like cloud, region, virtual machine, or policy sound familiar, candidates may skim them instead of mastering the exact Microsoft definitions. The second mistake is studying isolated facts without comparing similar services. AZ-900 often tests distinctions, and confusion between related options is one of the main reasons candidates miss otherwise approachable questions.

Another mistake is taking practice tests too late. If you wait until the end of your preparation to attempt timed sets, you lose the chance to build pacing and identify weak domains early. Timed practice should be introduced before you feel fully ready. That discomfort is useful because it reveals how well you can apply knowledge under pressure. Likewise, avoid the trap of changing answers repeatedly without a clear reason. Your first answer is not always correct, but constant second-guessing often reflects uncertainty rather than improved judgment.

If you do not pass on your first attempt, treat the result as diagnostic feedback, not failure. Review the score report by domain, identify patterns, and create a narrower retake plan focused on the weakest objectives. Retake preparation should not be a complete restart. It should be a targeted rebuild based on evidence. Also review Microsoft’s current retake policies and waiting periods so that you can plan effectively instead of reacting emotionally.

Exam day preparation should be practical and calm. Confirm your identification requirements, test center route or online setup, start time, and check-in instructions. Get adequate rest and avoid cramming new material at the last minute. A light review of key distinctions and your confusion list is more effective than trying to relearn entire domains in a few hours.

Exam Tip: On exam day, read for intent. Ask yourself: Is this question testing a cloud concept, a service purpose, a governance tool, or a scenario fit? That quick classification often makes the right answer much easier to see.

Your objective is steady execution. AZ-900 rewards candidates who combine broad Azure familiarity with disciplined exam habits. Build those habits now, and the rest of this course will be far more effective.

Section 2.1: Describe Cloud Computing and the Shared Responsibility Model

Cloud computing is the delivery of computing services over the internet. These services include compute power, storage, networking, databases, analytics, and more. For AZ-900, Microsoft wants you to understand that cloud computing provides resources on demand, usually with rapid provisioning and without requiring an organization to buy and maintain all hardware itself. The cloud is not just “someone else’s data center.” It is an operating model built around flexibility, service delivery, and shared operational duties.

A core exam topic is the shared responsibility model. In traditional on-premises environments, the organization is responsible for nearly everything: physical security, hardware, networking, operating systems, applications, and data. In cloud environments, some responsibilities shift to the cloud provider, while others remain with the customer. This division changes depending on the service type, but the principle stays the same: responsibility is shared, not fully transferred.

At the conceptual level, Microsoft is likely to test that the cloud provider is generally responsible for the physical infrastructure, such as the datacenter, physical hosts, and foundational networking. The customer is still responsible for items such as data, identities, access management, and many application-level controls. Candidates often make the mistake of assuming that moving to the cloud means security becomes the provider’s problem. That is a classic trap. Cloud providers secure the infrastructure of the cloud; customers still secure what they place in the cloud.

Exam Tip: If a question includes data classification, user permissions, account security, or information governance, assume the customer retains significant responsibility. If the scenario mentions physical servers, power, rack space, or datacenter perimeter security, that usually points to provider responsibility.

Another testable principle is that shared responsibility varies by cloud service model. Even if this chapter is focused on cloud concepts rather than a full IaaS/PaaS/SaaS comparison, you should remember the pattern: as you move toward more managed services, more responsibility shifts to the provider. However, identity, endpoint practices, data handling, and governance remain customer concerns in most scenarios.

To identify the correct answer on the exam, ask yourself: what layer is being discussed? Physical layer questions usually belong to the provider. Data ownership and access control usually belong to the customer. Questions become easier when you think in layers instead of trying to memorize every example individually.

Common trap: a distractor may describe something the cloud provider does well, such as offering secure datacenters, but the actual question may ask who is responsible for configuring access to a storage resource or protecting account credentials. In that case, the customer-side answer is the correct one.

Section 2.2: Describe Cloud Models: Public, Private, and Hybrid

AZ-900 expects you to clearly distinguish the major cloud deployment models: public cloud, private cloud, and hybrid cloud. These are foundational definitions, and Microsoft frequently tests them through short scenario descriptions. The key is to focus on ownership, access, and location of resources rather than surface wording.

A public cloud consists of services offered over the internet and available to multiple customers. The underlying infrastructure is owned and operated by the cloud provider. Customers consume resources as needed, usually without owning the physical hardware. In exam questions, clues for public cloud include low upfront investment, rapid deployment, broad scalability, and provider-managed infrastructure. Azure is a public cloud platform, so many AZ-900 examples naturally align to this model.

A private cloud refers to cloud resources used exclusively by a single organization. It may be located in the organization’s datacenter or hosted by a third party, but the defining idea is dedicated use by one organization. Private cloud questions often emphasize greater control, organization-specific requirements, dedicated infrastructure, or strict internal governance. A common trap is thinking private cloud must always be on-premises. That is not required. The key word is private, meaning dedicated to one organization.

Hybrid cloud combines public cloud and private infrastructure, allowing data and applications to move between them. Hybrid is frequently the best answer when a scenario mentions gradual migration, regulatory constraints, legacy systems that must remain on-premises, or the need to connect existing resources with cloud services. On the exam, if the scenario includes both on-premises systems and cloud-based services working together, hybrid is often the target concept.

Exam Tip: Do not choose hybrid just because a company uses more than one technology. Hybrid specifically refers to integrated use of private/on-premises and public cloud environments. If the scenario mentions only a company-owned dedicated environment, that is private cloud. If it mentions only provider-hosted services shared across customers, that is public cloud.

Microsoft may also test the business tradeoffs. Public cloud tends to offer the greatest agility and lower capital expense. Private cloud offers more direct control and dedicated resources. Hybrid cloud balances flexibility with compatibility for existing investments. The best exam strategy is to match the model to the stated business need rather than to your personal preference about architecture.

Common trap: multi-site on-premises infrastructure is not automatically hybrid cloud. Another trap is assuming hybrid is always the most advanced or best solution. On AZ-900, the correct answer is the simplest one that directly satisfies the scenario described.

Section 2.3: Describe the Consumption-Based Model and Pricing Basics

One of the central promises of cloud computing is the consumption-based model. Instead of buying infrastructure upfront and carrying the full cost whether you use it or not, organizations pay for cloud resources based on usage. On AZ-900, this concept is frequently tested in business terms such as cost reduction, operational flexibility, and reduced capital expenditure.

Consumption-based pricing means customers are billed for the resources they consume, such as compute time, storage capacity, network usage, or transactions, depending on the service. This shifts spending from capital expenditure (CapEx) to operational expenditure (OpEx). In traditional on-premises environments, a company might purchase servers in advance, which requires significant upfront investment. In the cloud, the organization can provision what it needs and scale usage over time, paying according to actual or near-actual consumption.

The exam often tests whether you can connect this model to benefits. If an organization has unpredictable workloads, seasonal demand, or wants to avoid overprovisioning, consumption-based pricing is usually the right concept. If the question emphasizes avoiding large upfront purchases, think CapEx versus OpEx. If the question asks why cloud is financially attractive for testing or temporary projects, think pay-as-you-go.

Exam Tip: When you see phrases such as pay for what you use, no large initial hardware purchase, or increase or decrease resources with demand, the question is very likely targeting the consumption-based model.

Pricing basics on AZ-900 remain high level. You do not need advanced cost calculators or contract details for this objective. What you do need is the ability to recognize that cloud costs can increase with usage and that consumption-based pricing does not mean all costs are automatically lower in every situation. Poor governance, overprovisioning, or always-on resources can still create high bills. This is an important conceptual balance that exam writers may test with distractors.

Common trap: some candidates assume consumption-based pricing means a fixed monthly fee for everything. That is too simplistic. Another trap is believing cloud eliminates all cost planning. In reality, cloud shifts how cost planning is done. Organizations gain flexibility, but they still need budgeting, monitoring, and right-sizing practices.

To answer pricing questions correctly, identify what the business wants most: lower upfront spend, flexibility, temporary use, or the ability to align cost with demand. Those clues point directly to the consumption-based model.

Section 2.4: Describe the Benefits of High Availability, Scalability, and Elasticity

This section covers three cloud benefits that are commonly tested and often confused: high availability, scalability, and elasticity. The exam expects you to recognize not only their definitions but also the business scenarios that match each one. Misreading these terms is one of the most common avoidable mistakes on AZ-900.

High availability refers to the ability of a system to remain operational for a high percentage of time, often through redundancy, failover design, and resilient architecture. In exam scenarios, clues include minimizing downtime, maintaining service access during component failures, and supporting business continuity. If the question focuses on keeping services running despite hardware or regional issues, high availability is usually the concept being tested.

Scalability is the ability to increase or decrease resources to meet demand. This can happen by adding more power to an existing resource or by adding more resource instances. In simple exam language, scalability means the system can handle growth. Questions about growing user traffic, larger data volumes, or increased processing needs often point to scalability.

Elasticity is closely related but more dynamic. Elasticity refers to the ability to automatically or quickly scale resources up and down as demand changes, often in near real time. This is especially relevant for workloads with fluctuating demand. If a scenario mentions sudden spikes during specific times and automatic reduction after demand drops, elasticity is the better answer.

Exam Tip: If the scenario is about handling more workload over time, think scalability. If it is about automatically matching changing demand moment by moment, think elasticity. If it is about staying online despite failure, think high availability.

Common trap: candidates often choose scalability when the question really describes elasticity. Another trap is selecting reliability when the scenario is specifically about uptime and redundancy. Read carefully for the operational emphasis. Growth capacity is not the same as resilience.

Microsoft may test these concepts in business language rather than technical architecture language. For example, an online retailer needing resources during holiday peaks and fewer resources afterward points to elasticity. A service that must continue operating even if one component fails points to high availability. An application expecting long-term growth in transaction volume points to scalability. The fastest route to the right answer is to identify whether the scenario centers on uptime, growth, or fluctuation.

Section 2.5: Describe Reliability, Predictability, Security, and Governance in the Cloud

Beyond pricing and deployment models, AZ-900 also measures whether you understand broad cloud benefits and controls such as reliability, predictability, security, and governance. These topics are often tested through statements about business outcomes rather than deep technical features, so be prepared to translate scenario language into the right cloud term.

Reliability refers to the ability of a system to recover from failures and continue meeting expected operational standards. It is related to resilience and dependable service delivery. While high availability focuses strongly on uptime, reliability is broader and includes recovery behavior and consistent operation. If an exam item asks about designing systems that continue to function appropriately under failure conditions, reliability is a likely match.

Predictability in the cloud generally refers to consistent performance and cost management. Organizations value the ability to estimate workloads, control spending, and receive expected service behavior. Microsoft may present predictability as an advantage of using tools and architectures that improve cost visibility and performance consistency. Do not confuse predictability with low cost. A predictable system can still be expensive; the point is that its performance or spending can be understood and managed.

Security remains a major cloud topic. The exam tests the principle that cloud providers offer security capabilities and secure infrastructure, but customers still carry responsibilities for identity, access, data, and configuration. Questions may also connect security to centralized tooling, policy enforcement, and managed services. Remember that cloud can improve security posture, but only if it is used correctly.

Governance refers to establishing rules, policies, standards, and controls to manage resources appropriately. This includes ensuring compliance, controlling deployments, organizing resources, and aligning usage with business requirements. Even at the concepts level, you should recognize that governance is about disciplined management, not just technical protection.

Exam Tip: Security is about protecting systems and data. Governance is about enforcing standards and managing resources according to organizational rules. If a scenario mentions policy, compliance, standardization, or control over deployment behavior, governance is the stronger answer.

Common trap: treating reliability, availability, and security as interchangeable. They overlap, but they are not the same. Reliability is about dependable operation, availability is about staying accessible, and security is about protection. Governance adds organizational control on top of all of them. The exam rewards precise vocabulary, so choose the term that best matches the scenario’s main goal.

Section 2.6: Cloud Concepts Practice Set with Detailed Answer Review

As you move into practice mode, your goal is not only to get answers right but to diagnose why wrong choices look tempting. AZ-900 cloud concept items are often short, but the distractors are designed to catch imprecise understanding. Your exam readiness improves when you can explain why one term fits better than another.

When reviewing practice items in this domain, start by identifying the tested objective. Ask: is this question about cloud principles, deployment model, pricing, availability/scaling behavior, or governance and security? This simple classification method prevents many errors. If you cannot identify the objective within the first read, underline or mentally note key phrases such as dedicated to one organization, pay only for usage, must remain online, or on-premises plus cloud.

Next, eliminate answers that belong to a different concept category. For example, a scenario about automatic response to changing demand should not be answered with a pricing term. A question about company-only infrastructure should not be answered with a cloud benefit like reliability. Many wrong answers on AZ-900 are technically positive statements about cloud, but they do not answer the specific question asked.

Exam Tip: In answer review, do not stop at “I got it right.” Ask why the other choices were wrong. That habit builds the discrimination skill needed on test day, especially when multiple answers seem plausible.

Also practice watching for qualifier words. Terms such as always, only, best, and most appropriate matter. A response might be partially true but still not be the best fit. On Microsoft exams, the best answer is the one that aligns most directly with the stated requirement and standard terminology.

Common traps in this chapter include confusing hybrid with multi-location infrastructure, private cloud with any internal datacenter, scalability with elasticity, and provider security responsibilities with customer responsibilities. Build a short review sheet of these likely confusions and revisit it before timed practice.

Finally, simulate the exam mindset. Read carefully, classify the concept, eliminate off-target choices, and choose the simplest correct answer. That disciplined process is exactly what helps candidates convert cloud theory into exam points.

Section 3.1: Describe IaaS, PaaS, and SaaS with Azure Examples

IaaS, PaaS, and SaaS remain among the most tested cloud concepts on AZ-900 because they anchor the shared responsibility model. Microsoft expects you to recognize how much management responsibility stays with the customer and how much shifts to the provider. In Infrastructure as a Service, Azure provides the foundational infrastructure such as physical servers, storage hardware, and networking capability, while the customer still manages the operating system, patches for that OS, applications, and most runtime configuration. The classic Azure example is Azure Virtual Machines. If a scenario mentions custom server configuration, direct OS access, or lift-and-shift migration of an existing server workload, IaaS is usually the best fit.

Platform as a Service reduces management overhead further. Azure handles more of the underlying platform so developers can focus on application code and deployment rather than server administration. Azure App Service and Azure SQL Database are common exam examples. If a prompt highlights rapid development, reduced maintenance, built-in scaling, or avoiding OS management, PaaS is the intended answer. Students often miss these clues because they focus too much on whether a service “runs an app.” Both IaaS and PaaS can support applications; the key issue is who manages the platform components.

Software as a Service is the most complete managed model from the customer perspective. The provider delivers a finished application accessed through a browser, client app, or subscription service model. Microsoft 365 is the standard Azure ecosystem example. If the requirement is to use software without building or maintaining the application platform, SaaS fits. You are consuming the software, not hosting it.

• IaaS: most customer control, most customer management
• PaaS: balanced control, reduced operational burden
• SaaS: least customer management, ready-to-use application delivery

Exam Tip: On AZ-900, if the scenario emphasizes developers wanting to deploy code without managing servers, lean toward PaaS. If it emphasizes end users consuming email, collaboration, or CRM software directly, lean toward SaaS. If it emphasizes migrating existing servers with OS-level control, lean toward IaaS.

A common trap is choosing IaaS simply because virtual machines feel familiar. The exam often includes VMs as a distractor even when the business requirement specifically asks to minimize administration. Another trap is assuming that “cloud” automatically means SaaS. The question may instead describe a custom-built application hosted in Azure, which points to PaaS or IaaS depending on management needs. Always map the wording to the management boundary being tested.

To identify the correct answer, look for verbs. “Configure,” “patch,” and “maintain” often indicate more customer responsibility, which suggests IaaS. “Develop,” “deploy,” and “scale” with minimal infrastructure hints at PaaS. “Use,” “access,” and “subscribe” often indicate SaaS. This classification habit is highly effective across practice sets and live exam items.

Section 3.2: Describe Serverless and Event-Driven Cloud Approaches

Serverless computing is tested in AZ-900 as an extension of cloud efficiency and modern application design. Despite the name, servers still exist; the difference is that Azure manages the infrastructure dynamically, and customers focus on code or workflows. The key Azure example is Azure Functions. Candidates should associate serverless with event-triggered execution, automatic scaling, and consumption-based billing. If the prompt describes running code only when a condition occurs, paying only for actual execution, or reducing operational overhead for small tasks, serverless is the likely answer.

Event-driven architecture is closely related. In this model, actions are triggered by events such as file uploads, database changes, messages, or HTTP requests. Azure services frequently used in this area include Azure Functions, Azure Logic Apps, and messaging services such as Event Grid. The exam usually tests the concept at a high level rather than deep implementation detail. You do not need developer-level expertise, but you should know that event-driven approaches are well suited for automation, integrations, notifications, and short-lived processing tasks.

Students sometimes confuse serverless with PaaS. The two are related, but serverless is more specific. PaaS still involves managed application hosting, while serverless typically emphasizes execution on demand without dedicated server planning by the customer. If a question mentions intermittent workloads, bursty demand, or trigger-based execution, serverless is a stronger match than a general PaaS answer.

Exam Tip: Watch for wording like “runs in response to an event,” “no server management,” “scales automatically,” or “pay only when code runs.” Those clues strongly indicate Azure Functions or a serverless approach.

A common trap is thinking serverless means “always the cheapest” or “best for every application.” The exam may include this misunderstanding in distractor form. Serverless is excellent for lightweight, event-based tasks, but not every workload belongs there. AZ-900 tests fit, not hype. Another trap is confusing serverless with containers. Containers package applications for portability, but they are not inherently serverless. You still need to think about what the question is really asking: deployment packaging, orchestration, managed app hosting, or event-triggered execution.

To identify the correct answer, ask whether the workload is continuous or event-based. Continuous web hosting may point to App Service or VMs, while sporadic event execution points to Functions. If the requirement includes business process automation or connecting multiple SaaS services with workflows, Logic Apps may be the better conceptual fit. Microsoft often tests whether you can connect cloud concepts to Azure fundamentals, and serverless is a prime example of that transition from theory to platform choice.

Section 3.3: Describe Azure Regions, Region Pairs, and Availability Zones

Azure global infrastructure is a favorite AZ-900 topic because it connects cloud benefits like scale, resiliency, and compliance to actual architectural components. A region is a geographic area containing one or more datacenters connected through a low-latency network. On the exam, think of a region as the place where services are deployed. Region choice may affect service availability, data residency, latency, and compliance alignment. If a scenario requires hosting resources near users or within a specific geography, the question is usually testing region awareness.

Availability zones are physically separate locations within an Azure region. They provide fault isolation by separating power, cooling, and networking. This matters when the exam asks about improving resiliency inside a single region. If a workload must remain available even if one datacenter location in the region fails, availability zones are the concept to recognize. Students often confuse this with regions, but the scope is different: regions are geographic deployment areas; availability zones are isolated locations inside a region.

Region pairs are another tested concept. Azure pairs certain regions within the same geography to support disaster recovery and platform update sequencing advantages. When the exam mentions cross-region resilience, business continuity, or recovery from a regional outage, region pairs may be the intended answer. The pairing concept supports redundancy beyond a single region, whereas availability zones support resilience within one region.

• Region: geographic deployment location
• Availability zone: separate fault-isolated location within a region
• Region pair: paired regions for recovery and resilience planning

Exam Tip: If the question asks how to protect against a datacenter-level failure in one region, think availability zones. If it asks how to protect against a full regional outage, think region pairs or a multi-region design.

A common trap is choosing “availability zone” whenever the prompt mentions high availability. That is not always correct. If the scenario specifically says users in different continents need low latency, the concept is region selection, not zones. Another trap is assuming every Azure service is available in every region or every region supports availability zones. AZ-900 does not usually require memorizing a support matrix, but it does test the principle that service availability can vary by region.

To identify the correct answer, focus on failure scope. Single datacenter issue inside a region suggests zones. Entire regional disruption suggests region pair or cross-region deployment. Geographic proximity and legal requirements suggest region choice. This distinction appears repeatedly in mixed questions, so mastering it will improve both speed and accuracy.

Section 3.4: Describe Resources, Resource Groups, Subscriptions, and Management Groups

Azure uses a hierarchy that candidates must understand clearly because Microsoft frequently tests scope and organization. A resource is an individual manageable item in Azure, such as a virtual machine, storage account, virtual network, or database. A resource group is a logical container for resources. Resources that share a lifecycle, permissions model, or deployment context are commonly placed in the same resource group. This does not mean all related resources must be in the same group, but the exam often expects you to know that resource groups help organize and manage assets together.

A subscription is broader. It is primarily a unit for billing, quotas, and access control boundaries. Many students miss this because they focus only on cost. The exam may describe separating departments, environments, or billing accountability. In such cases, subscription is often the correct architectural boundary. Resource groups sit inside subscriptions. A management group sits above subscriptions and allows governance and policy application across multiple subscriptions. This is especially important in larger organizations with multiple business units or environments.

Think of the hierarchy like this: management groups contain subscriptions, subscriptions contain resource groups, and resource groups contain resources. Microsoft tests this because it links directly to governance, policy assignment, and administrative structure.

Exam Tip: If the requirement says “apply governance across multiple subscriptions,” do not choose resource groups. That wording points upward in the hierarchy, usually to management groups or policy assignment at a broader scope.

Common traps include mixing up logical organization with physical location. A resource group is not a datacenter and not a network boundary. It is a management construct. Another trap is assuming all resources in a resource group must be in the same region. While the resource group has metadata location considerations, resources themselves can span regions. AZ-900 questions may use this confusion as a distractor.

To identify the correct answer, ask what kind of boundary is needed. Need to organize and manage related resources together? Resource group. Need separate billing or quota limits? Subscription. Need centralized governance across many subscriptions? Management group. Need the actual service instance itself? Resource. This topic also connects cloud concepts to Azure fundamentals because it shows how a cloud platform structures administration at scale. Expect these terms to appear in short definition items as well as in scenario-based governance questions.

Section 3.5: Describe Core Azure Architectural Components and Service Categories

AZ-900 does not require deep engineering knowledge, but it does require you to recognize the major Azure service categories and what kinds of problems they solve. The core categories include compute, networking, storage, and identity. Microsoft may ask you to match a business need to a category rather than to an exact implementation detail. This is why broad service recognition matters.

Compute services provide processing capability for applications and workloads. Examples include Azure Virtual Machines, Azure App Service, Azure Functions, and containers. If the requirement involves running applications, hosting workloads, or scaling processing resources, compute is the category being tested. Networking services connect resources securely and efficiently. Common examples include virtual networks, load balancers, VPN connectivity, and DNS-related services. If the question is about communication paths, traffic routing, or secure connectivity between environments, networking is the key category.

Storage services are designed for data persistence. Azure offers storage for blobs, files, disks, queues, and more. At the AZ-900 level, focus on the idea that storage services support durable data retention with different access patterns. Identity centers on authentication and authorization, primarily through Microsoft Entra ID. If the exam mentions sign-in, user accounts, application identity, conditional access, or access control, identity is almost certainly involved.

This section also connects directly to governance and management concepts found elsewhere in the exam. Azure architecture is not just infrastructure placement; it includes how resources are controlled. Tools like Azure Policy, resource locks, and tags support governance, standardization, and administration. While those detailed tools belong more fully to management and governance objectives, they are often introduced in architecture scenarios because architecture decisions affect control and compliance.

Exam Tip: In architecture questions, classify the requirement first: compute, network, storage, or identity. Then eliminate answer choices from the wrong category before choosing among similar services.

A common trap is selecting a familiar service name instead of the right service category. For example, if the issue is user authentication, a compute service is almost never the best answer even if the application runs there. Another trap is conflating storage with databases in every data scenario. The exam may simply be testing recognition that Azure Storage is a foundational data service category.

To answer correctly, identify what the organization is trying to achieve: run workloads, connect systems, store data, or control access. This method is practical and fast, especially under timed conditions. Microsoft certification exams reward structured elimination, and Azure architectural components are ideal for that strategy.

Section 3.6: Mixed Practice Set on Cloud Concepts and Azure Architecture

This final section prepares you for the way AZ-900 blends topics together. The exam does not always label a question by domain. Instead, it may present a short requirement that could involve service models, architecture, availability design, and governance scope at the same time. Your goal is to read for signals and identify which concept the question is truly testing. This is especially important in mixed practice sets, where candidates often know the vocabulary but answer incorrectly because they focus on the wrong clue.

Start by identifying the problem type. Is the requirement about minimizing infrastructure management? That points toward PaaS or serverless. Is it about placing resources near users or meeting data residency needs? That points toward regions. Is it about surviving a failure inside a region? Think availability zones. Is it about organizing, billing, or governing resources at scale? Then shift your attention to resource groups, subscriptions, and management groups.

When reviewing practice items, do not stop after finding the right answer. Analyze the distractors. Ask why each incorrect choice is wrong. This is one of the best strategies for Microsoft exams because wrong options are often based on related concepts from the same objective domain. For example, a question about cross-subscription governance might include resource groups and regions as distractors. These are plausible terms, but they address different scopes.

Exam Tip: Use a three-step method during timed sets: first classify the topic, second eliminate answers from the wrong scope or category, third choose the option that best matches the exact wording of the requirement.

Common traps in mixed questions include overvaluing keywords without context, assuming familiar services are always best, and confusing high availability with disaster recovery. Another trap is answering based on technical possibility rather than best fit. On AZ-900, more than one answer may sound feasible in the real world, but only one aligns most directly with the exam objective language. Microsoft is testing foundational judgment, not every valid implementation path.

As you continue practicing, connect cloud concepts to Azure fundamentals repeatedly. Ask yourself how elasticity appears in Azure, how shared responsibility changes across service types, how hierarchy supports governance, and how architecture supports resiliency. This integrated thinking builds true exam readiness. By the time you reach the full mock exam, you should be able to recognize patterns quickly, avoid common distractors, and choose answers with confidence based on Azure terminology, scope, and service purpose.

Section 4.1: Describe Azure Compute Services: Virtual Machines, Containers, and App Services

Compute services are a core AZ-900 topic because they represent one of the most common decision points in cloud architecture. The exam expects you to distinguish between infrastructure-based compute and platform-based compute. Azure Virtual Machines are the classic infrastructure-as-a-service option. They provide full control over the operating system, installed software, and configuration. In exam terms, VMs fit lift-and-shift migrations, legacy applications, custom server configurations, and scenarios where administrators need direct access to the OS. If a requirement mentions installing specific server software or controlling patches and configuration at the OS level, a VM is usually the strongest answer.

Azure App Service is a platform-as-a-service offering designed for hosting web apps, REST APIs, and mobile back ends without managing the underlying servers. This is one of the most commonly tested distinctions. If the requirement says the company wants to deploy a web application quickly with minimal infrastructure management, App Service is usually more appropriate than a VM. The service handles much of the underlying platform work, which aligns with cloud efficiency and reduced administrative overhead.

Azure Containers, including Azure Container Instances and Azure Kubernetes Service, appear on the exam as modern compute choices for packaging and deploying applications. Container Instances are useful when a scenario needs fast, lightweight container execution without full orchestration. AKS is the managed Kubernetes option for container orchestration at scale. On AZ-900, you do not need Kubernetes administration details, but you do need to know that AKS is for managing containerized applications across clusters and scaling them efficiently.

• Choose Virtual Machines for maximum control and custom OS-level management.
• Choose App Service for managed hosting of web apps and APIs.
• Choose containers for portable application packaging and rapid deployment.
• Choose AKS when the requirement mentions orchestrating many containers.

A common exam trap is selecting Virtual Machines simply because they can run almost anything. While technically true, AZ-900 usually rewards the option that minimizes management if all other requirements are met. If a question does not require OS-level control, App Service or containers may be the better answer. Another trap is confusing containers with serverless services. Containers package apps and dependencies; they are not the same as event-driven functions.

Exam Tip: When you see phrases such as “minimal administrative effort,” “managed web hosting,” or “deploy a web app quickly,” think App Service first. When you see “custom OS,” “legacy application,” or “full control,” think Virtual Machines. When you see “portable,” “microservices,” or “orchestration,” think containers or AKS.

From an exam-objective perspective, this section supports the lesson on identifying core Azure compute services and matching them to business scenarios. The test is checking whether you understand not just what these services are, but why one is a better fit than another in a cloud design context.

Section 4.2: Describe Azure Networking Services: Virtual Network, VPN, DNS, and Load Balancing

Azure networking questions on AZ-900 focus on foundational service purpose rather than deep network engineering. Azure Virtual Network, often called VNet, is the fundamental private networking service in Azure. It enables Azure resources to communicate securely with one another, the internet, and on-premises environments when configured appropriately. If a question refers to creating a private network in Azure for virtual machines or isolating resources logically, Virtual Network is the right concept.

VPN Gateway is typically tested as the service that connects an on-premises network to Azure over the public internet using encryption. This is a key distinction from more advanced dedicated connectivity options, but at the AZ-900 level, you mainly need to recognize VPN as secure hybrid connectivity over the internet. If a scenario mentions branch office connectivity, hybrid access, or connecting on-premises resources securely to Azure, VPN Gateway is a likely match.

Azure DNS is the hosting service for DNS domains. Exam items may ask which service hosts DNS records or resolves domain names using Azure-managed infrastructure. Do not overcomplicate this. If the task is domain name hosting and DNS resolution, Azure DNS is the answer. It is not a traffic management or web hosting service.

Load balancing is another major topic area. Azure offers multiple traffic distribution services, but at AZ-900, the main expectation is broad recognition that load balancing improves availability and performance by distributing incoming requests. Be alert to wording. A question may not ask for a specific SKU or advanced feature; it may simply test whether you know that load balancing prevents reliance on a single server instance and supports scaling.

• Virtual Network provides private network boundaries in Azure.
• VPN Gateway enables encrypted hybrid connectivity over the internet.
• Azure DNS hosts DNS zones and records.
• Load balancing distributes traffic across resources for resilience and performance.

A common trap is confusing networking services with security services. A VNet creates network structure, but it does not itself replace identity controls or governance tools. Another trap is assuming Azure DNS hosts websites. It hosts DNS records, not application content. Also watch for the difference between connectivity and traffic distribution: VPN connects networks, while load balancing distributes requests.

Exam Tip: Read for the action verb in the scenario. If the requirement is “connect,” think VNet or VPN. If it is “resolve names,” think DNS. If it is “distribute traffic,” think load balancing. Microsoft often uses simple verbs to cue the service category.

This section maps directly to the lesson on identifying core Azure networking services and to the broader exam objective of understanding Azure architecture components that support communication, availability, and hybrid connectivity.

Section 4.3: Describe Azure Storage Services and Data Redundancy Options

Storage is one of the most frequently tested AZ-900 areas because Azure offers multiple storage models tied to different data types. The exam expects you to recognize the difference between object storage, file storage, disk storage, and messaging-oriented storage concepts at a basic level. Azure Blob Storage is commonly tested as the service for massive amounts of unstructured data such as images, documents, backups, and media files. If the scenario refers to storing files for web access, archival content, or scalable unstructured data, Blob Storage is a strong fit.

Azure Files provides managed file shares accessible using familiar protocols. This commonly appears in scenarios involving shared file access across multiple systems. Azure Disk Storage is associated with virtual machines and persistent disks attached to them. The exam may also mention storage accounts as the umbrella resource that provides access to Azure storage services.

Equally important are redundancy options. AZ-900 tests whether you understand that Azure can replicate data to improve durability and availability. Locally redundant storage keeps copies within a single datacenter. Zone-redundant storage spreads copies across availability zones in a region. Geo-redundant storage replicates data to a secondary region. Read-access geo-redundant storage adds read capability at the secondary location. You do not need extreme implementation detail, but you do need to know the directional tradeoff: greater redundancy generally supports stronger resilience.

A good exam strategy is to translate requirements into redundancy keywords. If a question emphasizes protection against a local hardware failure, local redundancy may be sufficient. If it emphasizes regional disaster recovery, geo-redundant choices are more suitable. If it emphasizes availability across zones in one region, zone redundancy stands out.

• Blob Storage: unstructured object data.
• Azure Files: managed file shares.
• Disk Storage: persistent storage for virtual machines.
• LRS, ZRS, GRS, and RA-GRS: increasing resiliency options depending on scope and access needs.

A common trap is selecting a storage type based on the word “file” alone. On the exam, “files” may still be best stored in Blob Storage if they are unstructured objects rather than shared file-system content. Another trap is choosing the highest redundancy option automatically. The best answer must fit the requirement, not simply provide the most features.

Exam Tip: Separate two decisions in your mind: first choose the correct storage service by data type, then choose the appropriate redundancy level by resilience requirement. Many AZ-900 questions are easier when broken into those two steps.

This section supports the lesson on explaining storage options and matching them to business scenarios. Microsoft is testing whether you can classify data correctly and align resilience options with stated recovery expectations.

Section 4.4: Describe Azure Database and Analytics Service Basics

AZ-900 database questions usually test service category awareness rather than administration. The main distinction is between relational and non-relational data, plus recognition of analytics-oriented services. Azure SQL Database is the flagship managed relational database service. If a scenario mentions structured data, tables, rows, relationships, or SQL-based applications without wanting to manage database infrastructure, Azure SQL Database is often the best answer. It is a classic platform-as-a-service example and therefore frequently appears as the preferred cloud-native option.

Azure Cosmos DB is commonly tested as a globally distributed, highly scalable non-relational database service. If you see requirements such as low latency, global distribution, flexible data models, or massive scale for modern applications, Cosmos DB should stand out. The exam does not expect you to know every API model, but it does expect you to know that Cosmos DB differs from traditional relational databases.

At a basic level, analytics services are used to process and analyze large volumes of data for insight. AZ-900 may reference data warehousing, big data analytics, or reporting and ask you to identify the category of service rather than memorize every product detail. Focus on the role of analytics services: they turn stored data into business value through querying, aggregation, and analysis.

The key exam skill here is reading for structure and purpose. If the data is transactional and relational, think SQL. If it is globally distributed and flexible, think Cosmos DB. If the scenario is about analyzing large datasets rather than simply storing operational data, think analytics services.

• Azure SQL Database: managed relational database service.
• Azure Cosmos DB: globally distributed non-relational database service.
• Analytics services: designed for large-scale analysis and insight generation.

A common trap is selecting a database service because the application uses the word “data.” Nearly every service uses data. The question is whether the need is operational storage, relational transaction processing, globally distributed NoSQL, or analytical processing. Another trap is assuming analytics means just database storage. Analytics services are about extracting insights, not only persisting records.

Exam Tip: Look for clue words: “tables” and “relational” point to Azure SQL Database; “globally distributed” and “NoSQL-style flexibility” point to Azure Cosmos DB; “analyze large volumes” points to analytics services.

This section maps to the lesson on explaining database options and builds the service-matching skill AZ-900 rewards heavily in scenario-based questions.

Section 4.5: Describe Azure Identity, Access, and Security Services Including Microsoft Entra ID

Identity is a core architecture topic because nearly every Azure deployment depends on authentication and authorization. For AZ-900, the most important identity service to know is Microsoft Entra ID, formerly Azure Active Directory. Microsoft Entra ID provides identity and access management for users, groups, and applications. It supports authentication, single sign-on, and integration with many cloud services. If the exam asks which service enables users to sign in to Azure resources or cloud applications using a centrally managed identity platform, Microsoft Entra ID is the answer.

You should also recognize the difference between authentication and authorization. Authentication verifies who a user is. Authorization determines what that user can do. Role-based access control, or RBAC, is the Azure model used to assign permissions to users, groups, and identities at different scopes. This distinction appears often in foundational questions. If a requirement is about granting a user permission to manage virtual machines, that points to authorization and RBAC, not authentication.

Security on AZ-900 is also tested at a high level through awareness of tools and concepts that protect resources, identities, and data. You are not expected to configure advanced controls, but you should know that identity is a primary security boundary in cloud environments. Questions may combine identity with conditional access, multifactor authentication, or centralized sign-in experiences. The exam wants you to understand what these concepts accomplish in principle.

• Microsoft Entra ID manages identities and authentication.
• Single sign-on reduces repeated sign-ins across applications.
• RBAC manages permissions and access scope.
• Authentication confirms identity; authorization grants allowed actions.

A common exam trap is mixing Entra ID with on-premises Active Directory concepts. They are related, but AZ-900 usually tests Entra ID as Azure’s cloud identity service. Another trap is confusing identity services with network services. Restricting who can sign in is not the same as controlling packet flow on a network.

Exam Tip: When a scenario mentions sign-in, user identities, SSO, or app access, think Microsoft Entra ID. When it mentions permissions to resources, think RBAC. Many wrong answers exploit the difference between those two ideas.

This section directly supports the lesson on explaining identity service options and contributes to the broader course outcome of understanding Azure architecture, security, and governance-related features that appear in introductory certification exams.

Section 4.6: Azure Services Practice Set with Scenario-Based Explanations

To perform well on AZ-900, you must move from memorizing service names to recognizing scenario patterns. Microsoft frequently frames architecture questions in short business language rather than technical language. A company may want to migrate an old internal application with minimal redesign. That wording usually signals Virtual Machines, because lift-and-shift and OS control matter. Another company may want to host a public web application with minimal server management. That points to App Service because the requirement emphasizes managed hosting.

Suppose a scenario describes a need to connect an on-premises office to Azure securely over the internet. The keyword is connect, and the clue is securely over the internet, which aligns with VPN Gateway. If the requirement instead focuses on creating a private network boundary for Azure resources, Virtual Network is the better match. If a scenario centers on resolving domain names for an organization’s domain, Azure DNS is the clear answer. If it focuses on distributing web requests across multiple instances for higher availability, think load balancing.

Storage scenarios follow the same logic. Unstructured images and documents at massive scale suggest Blob Storage. Shared file access across systems suggests Azure Files. Persistent storage attached to a VM suggests Disk Storage. If the scenario adds disaster recovery across regions, then your second decision is a geo-redundant option. For databases, structured application data with SQL queries suggests Azure SQL Database, while globally distributed flexible data models point to Cosmos DB.

Identity scenarios are often the easiest to solve if you separate sign-in from permission assignment. If users need one identity to access multiple cloud apps, Microsoft Entra ID and single sign-on are central. If a manager needs permission to administer only one resource group, that is an RBAC decision. This distinction appears repeatedly in exam-style wording.

Exam Tip: In practice questions, underline the requirement words mentally: managed, relational, global, hybrid, shared files, unstructured, sign-in, permissions, load distribution. Those words usually map directly to one Azure service family.

Common traps in practice sets include answer choices that are plausible but too broad, too advanced, or not the best fit. For example, a VM can host a web app, but if the requirement is minimal administration, App Service is typically better. A database can store documents, but Blob Storage is more appropriate for object storage. Microsoft rewards precision. Your goal is to choose the most directly aligned service, not just a service that could be forced to work.

As you review this chapter, build a mental chart of service-to-scenario matches. That habit will strengthen not only recall but elimination speed, which matters in timed test conditions. The more quickly you classify the scenario, the less likely you are to fall for distractors. That is exactly the skill this objective domain is designed to measure.

Section 5.1: Describe Cost Management in Azure Including Pricing Tools and TCO Concepts

Cost management is one of the most testable governance topics in AZ-900 because it connects directly to the cloud value proposition. Microsoft wants you to understand that Azure uses consumption-based pricing for many services, meaning you pay for what you use, although some services also include reserved capacity or fixed pricing models. On the exam, know the difference between estimating cloud costs before migration and tracking actual spending after deployment.

The Azure Pricing Calculator is primarily used to estimate the expected cost of Azure resources before they are deployed. It helps compare service options, regions, and configurations. The Total Cost of Ownership, or TCO, Calculator is different: it helps organizations compare the cost of running workloads on-premises versus moving them to Azure. This distinction appears frequently in exam questions. Pricing Calculator equals projected Azure service cost estimates. TCO Calculator equals business case comparison between datacenter ownership and Azure adoption.

Microsoft Cost Management is the operational tool used after resources are running. It helps organizations analyze spending, track budgets, identify cost trends, and improve financial governance. Questions may describe a company that wants to monitor spending by subscription, resource group, or tag. That points to Cost Management features rather than the Pricing Calculator. Budget alerts and cost analysis are especially important concepts to recognize.

• Pricing Calculator: estimates Azure service pricing before deployment
• TCO Calculator: compares on-premises costs with Azure costs
• Cost Management: monitors, analyzes, and helps control actual Azure spending
• Budgets: set spending thresholds and alerts
• Tags: support cost reporting and chargeback when applied consistently

Exam Tip: If the question mentions “estimate,” think Pricing Calculator. If it mentions “compare current datacenter costs to Azure,” think TCO Calculator. If it mentions “track actual spending” or “create budgets,” think Cost Management.

A common exam trap is confusing cost optimization with security or access control. Cost Management does not replace RBAC, and a budget does not stop a resource from being created unless another governance control is also involved. Also remember that lower cost is not the only exam criterion. Questions may ask for the “best way to gain visibility” into spending, not necessarily the way to reduce it. Visibility tools include reports, budgets, scopes, and tagging strategies.

From an exam-readiness standpoint, identify the verbs in the prompt: estimate, compare, monitor, analyze, allocate, or optimize. These verbs usually reveal the correct Azure cost tool. This section supports the lesson on governance, compliance, and cost control in Azure by showing how Azure provides both planning and operational cost oversight.

Section 5.2: Describe Governance Tools: Azure Policy, Resource Locks, and Tags

Governance tools help organizations apply structure and standards across Azure resources. For AZ-900, the most important tools in this category are Azure Policy, resource locks, and tags. These three are related but serve very different purposes, and that difference is tested frequently.

Azure Policy enforces rules and evaluates compliance for resources. It can require certain settings, restrict allowed locations, require tags, or deny the creation of resources that do not meet standards. If a question asks how to ensure future deployments follow company rules, Azure Policy is usually the answer. Policy is about compliance and enforcement at scale. It is not primarily about user permissions, even though it can deny certain resource configurations.

Resource locks protect resources from accidental changes. There are two key lock types you should know at the AZ-900 level: CanNotDelete and ReadOnly. CanNotDelete allows reading and modifying a resource but blocks deletion. ReadOnly prevents modifications as well as deletion. If the exam asks how to prevent accidental deletion of a critical virtual machine or database, resource locks are the direct answer.

Tags are name-value pairs assigned to Azure resources. They help with organization, reporting, automation, and cost tracking. For example, a company might use tags such as Department=Finance or Environment=Production. Tags do not enforce security permissions and do not themselves block deployment. However, Azure Policy can require tags, which is where many candidates get confused.

• Azure Policy: enforce standards and assess compliance
• Resource locks: prevent deletion or modification
• Tags: organize resources for management and cost reporting

Exam Tip: Policy says what must be true. Locks protect a resource from change. Tags label a resource for tracking and organization. If you memorize that three-part distinction, many governance questions become easy.

A major trap is mixing Azure Policy with role-based access control. RBAC answers the question, “Who is allowed to perform an action?” Policy answers, “What configurations are allowed?” Another trap is assuming tags provide enforcement. Tags are descriptive metadata unless a policy requires them. Also be careful with wording around accidental deletion versus unauthorized access. Deletion protection means locks, not RBAC, and not Policy by itself.

This topic aligns directly with the lesson on understanding policy, role-based access, and resource organization. On the exam, the right answer is often the service that most specifically satisfies the business requirement, so look for words such as require, prevent, organize, standardize, or protect.

Section 5.3: Describe Management Tools: Azure Portal, Azure CLI, Azure PowerShell, and Cloud Shell

AZ-900 does not require deep scripting knowledge, but you must recognize the main Azure management interfaces and know when each is appropriate. Microsoft commonly tests whether you can identify the browser-based graphical interface versus command-line or scripting tools.

The Azure portal is the web-based graphical user interface for creating, configuring, and monitoring Azure resources. It is ideal for interactive administration and is often the first tool beginners use. If a question asks for a browser-based interface to manage Azure resources visually, the portal is the correct answer. Be careful not to confuse the Azure portal with Microsoft 365 admin centers or the Azure mobile app; AZ-900 focuses on the portal as the primary web management experience.

Azure CLI is a cross-platform command-line tool that can run on Windows, macOS, and Linux. It is useful for automation and repeatable administration using commands. Azure PowerShell also supports command-line management but is based on PowerShell cmdlets, making it especially familiar to Windows and PowerShell administrators. On the exam, CLI and PowerShell are both valid management tools; the distinction is usually command syntax style and administrator preference rather than entirely different capabilities.

Azure Cloud Shell is a browser-accessible shell environment that supports both Bash and PowerShell. A common exam clue is “without installing Azure CLI or Azure PowerShell locally.” In that case, Cloud Shell is often the best answer because it provides authenticated command-line access directly from the browser.

• Azure portal: graphical browser-based management
• Azure CLI: cross-platform command-line management
• Azure PowerShell: PowerShell-based management with cmdlets
• Cloud Shell: browser-based shell for CLI or PowerShell without local setup

Exam Tip: If the prompt emphasizes “visual interface,” choose Azure portal. If it emphasizes “command-line” or “automation,” choose CLI or PowerShell. If it emphasizes “from a browser without installation,” choose Cloud Shell.

A trap here is overthinking the difference between Azure CLI and Azure PowerShell at the AZ-900 level. Microsoft is not asking you to write scripts. Instead, know that both are command-based administration tools and that Cloud Shell provides either environment from the browser. This section supports the lesson on using monitoring and deployment tools at a foundational level because these tools are commonly used to manage and deploy Azure resources even in entry-level operational scenarios.

Section 5.4: Describe Monitoring Tools: Azure Advisor, Service Health, and Azure Monitor

Monitoring questions on AZ-900 often test whether you can separate recommendations, service-impact notifications, and operational telemetry. The three must-know tools are Azure Advisor, Azure Service Health, and Azure Monitor.

Azure Advisor provides personalized best-practice recommendations to help optimize Azure deployments. These recommendations typically relate to reliability, security, performance, operational excellence, and cost. If the prompt asks for guidance on improving existing resources or reducing waste, Azure Advisor is the likely answer. Advisor does not replace real-time metrics collection; it gives recommendations based on your environment.

Azure Service Health focuses on Azure platform issues and planned maintenance that may affect your resources. It tells you about service incidents, advisories, and maintenance events relevant to your subscriptions and regions. If a company wants to know whether a current Azure outage is affecting them, Service Health is the correct service. Candidates often confuse this with Azure status pages or Azure Monitor. Service Health is personalized to your Azure services and subscription context.

Azure Monitor is the broad monitoring platform for collecting, analyzing, and acting on telemetry from Azure and sometimes on-premises or multi-cloud resources. It works with metrics, logs, alerts, and dashboards. If the question mentions performance monitoring, alerting, or collecting resource data over time, Azure Monitor is the best fit.

• Azure Advisor: recommendations and optimization guidance
• Service Health: Azure service incidents and planned maintenance affecting you
• Azure Monitor: metrics, logs, alerts, and operational observability

Exam Tip: Recommendation equals Advisor. Azure outage information equals Service Health. Telemetry and alerts equals Azure Monitor.

A common trap is selecting Azure Monitor when the question is specifically about Microsoft-side service interruptions. Monitor observes resources; Service Health reports Azure platform events affecting your services. Another trap is choosing Advisor when the prompt is about active alerting. Advisor suggests improvements; Monitor watches behavior and triggers alerts.

This topic naturally reinforces the lesson on foundational monitoring tools. In exam-style scenarios, look for keywords such as recommendation, outage, maintenance, alert, log, metric, or dashboard. Those words usually point cleanly to the correct service.

Section 5.5: Describe Compliance, Trust, Privacy, and Service Level Agreements

Compliance and trust questions assess whether you understand Microsoft’s shared responsibility model in a governance context. Azure provides infrastructure, security capabilities, certifications, and transparency tools, but customers remain responsible for how they configure and use many services. On AZ-900, you should recognize that compliance is a shared effort, not something Azure automatically guarantees for every workload.

Microsoft offers compliance documentation, audit reports, and trust-related information through resources such as the Service Trust Portal. These help organizations review standards, certifications, and privacy commitments. The exam may also refer broadly to Microsoft’s trust principles, including security, privacy, compliance, and transparency. If the prompt asks where organizations can review compliance information or audit-related documents, think of Microsoft trust and compliance resources rather than operational tools like Monitor or Advisor.

Privacy questions may focus on how Microsoft handles customer data and commitments around data protection. At the AZ-900 level, the emphasis is conceptual: Microsoft publishes privacy terms and compliance information, while customers remain responsible for identity, data classification, access configuration, and appropriate use of services.

Service Level Agreements, or SLAs, describe Microsoft’s commitments for service uptime and connectivity. Exam questions may ask you to identify what an SLA represents or how combining services can affect availability strategy. A 99.9 percent SLA does not mean zero downtime; it means the service can still have a limited amount of downtime within the measurement period. You are not usually required to calculate exact values unless the question is simple, but you should understand that higher SLA percentages indicate greater expected availability.

Exam Tip: SLA questions often include distractors about performance or security. Remember that an SLA is specifically a commitment about availability or uptime, not a general guarantee that your application will be secure, fast, or compliant.

A frequent trap is assuming that if Azure is compliant, your workload is automatically compliant. The platform may support compliance goals, but customer configuration still matters. Another trap is confusing an SLA with support plans. An SLA addresses service availability; support plans address access to technical support. This section maps directly to the lesson on governance and compliance by tying trust, privacy, and availability commitments into exam-ready distinctions.

Section 5.6: Azure Management and Governance Practice Set with Detailed Answers

This final section prepares you for exam-style thinking without listing actual quiz items in the chapter text. The key to management and governance questions is pattern recognition. Most AZ-900 items in this domain can be solved by matching a business requirement to the most precise Azure feature. If the requirement is cost estimation before deployment, think Pricing Calculator. If it is comparing cloud and on-premises ownership costs, think TCO Calculator. If it is actual spend tracking and budgets, think Cost Management.

For governance scenarios, decide whether the problem is about enforcement, protection, labeling, or permissions. Enforcement of standards points to Azure Policy. Protection from accidental deletion or modification points to resource locks. Labeling and reporting point to tags. Permissions and who-can-do-what decisions point to role-based access control. This is one of the most important elimination strategies in the chapter because distractors often bundle several useful Azure features together, but only one directly satisfies the question’s wording.

For administration tools, watch for clues about interface type. Browser-based visual management indicates Azure portal. Scriptable cross-platform command use indicates Azure CLI. PowerShell-centric administration indicates Azure PowerShell. Browser-based shell without local installation indicates Cloud Shell. For monitoring scenarios, remember the three-way split: Advisor gives recommendations, Service Health reports Azure incidents and maintenance, and Azure Monitor handles metrics, logs, and alerts.

For compliance and SLA questions, focus on responsibility boundaries and precise definitions. SLA means availability commitment. Compliance information is accessed through Microsoft trust and compliance resources. Customer responsibilities still exist in cloud deployments, especially for data, identities, configuration, and access decisions.

Exam Tip: In timed practice, underline the keyword mentally: estimate, enforce, prevent deletion, organize, recommend, outage, monitor, comply, or uptime. One keyword often reveals the answer immediately.

Common traps in this domain include confusing Azure Policy with RBAC, assuming tags enforce rules, using Azure Monitor instead of Service Health for platform incidents, and mixing budgets with hard spending limits. Build readiness by practicing quick comparison drills between similar services. If you can explain in one sentence what each tool does and what it does not do, you are ready for most AZ-900 governance questions. This chapter’s lesson integration is intentional: governance, compliance, cost control, management tooling, resource organization, and exam-style reasoning all work together in this objective area.

Section 6.1: Full Mock Exam Blueprint Aligned to AZ-900 Domains

A full mock exam should reflect the structure and intent of the AZ-900 blueprint. Even when practice providers vary in wording or exact question count, the best mock exams still distribute items across the major skill areas in a way that mirrors the real exam emphasis. That means you should expect meaningful coverage of cloud concepts, Azure architecture and services, and Azure management and governance. The point of Mock Exam Part 1 and Mock Exam Part 2 is not simply to divide practice into two halves, but to help you experience the breadth of tested material while maintaining focus across the full sitting.

When reviewing your mock blueprint, map every item to an exam objective. Ask which skill area is being tested: cloud benefits and cloud models; core architectural components such as regions, availability zones, subscriptions, and resource groups; compute, networking, and storage services; identity and access topics; or governance, cost management, and compliance tools. This mapping matters because raw scores can be misleading. You might feel strong overall, yet still have a specific weakness in governance or service selection that threatens your passing result.

Exam Tip: If you cannot categorize a question by domain, that is a warning sign. AZ-900 questions may be broad, but they still align to explicit objectives. Training yourself to recognize the objective improves both speed and accuracy.

The exam often tests recognition of best-fit service categories rather than implementation details. For example, it expects you to know when a scenario points to virtual machines, containers, serverless computing, object storage, identity services, or policy enforcement. A strong mock blueprint should therefore include scenario-style items, definition-based items, and comparison-style items. This mixture trains you to move between memorized facts and applied judgment.

Common blueprint traps include overemphasizing one topic because it feels familiar, such as virtual machines, while neglecting foundational governance and compliance content. Another trap is assuming the most popular Azure service is the right answer in every case. The exam is not testing brand recognition; it is testing whether you can identify what requirement is actually being described. A well-designed mock exam blueprint helps expose those assumptions before the real test.

Section 6.2: Timed Practice Strategy and Microsoft Question Pattern Review

Timed practice is essential because AZ-900 is not only a knowledge exam; it is also a reading-and-decision exam. Many candidates know enough content to pass but perform poorly because they spend too long on easy items, second-guess obvious choices, or lose concentration late in the session. Your timed strategy should begin during Mock Exam Part 1 and continue in Mock Exam Part 2 so that pacing becomes habitual rather than improvised.

Microsoft exam questions often follow recognizable patterns. Some ask for the best service or feature for a simple scenario. Others ask you to identify a true statement about a cloud concept, governance control, or Azure component. Some include answer choices that are all related to the topic, forcing you to identify the most precise fit rather than a merely plausible option. This is where weak reading discipline causes mistakes. Candidates skim for keywords like "security," "storage," or "identity" and miss the actual requirement such as centralized policy enforcement, immutable storage, or authentication versus authorization.

Exam Tip: Read the last line of the prompt carefully and identify the task: choose the most cost-effective option, the most scalable option, the governance feature that prevents deletion, or the identity service that enables authentication. The exact task determines the answer.

A practical timing strategy is to maintain steady momentum and avoid dwelling on uncertain items. If a question seems confusing, narrow it to two choices, make a provisional selection, and move on. Time spent wrestling with one low-confidence item can cost you three easier points later. Also, watch for absolute words and mismatched scope. For example, an answer may describe a real Azure capability but apply at the wrong level, such as subscription versus resource group, or compliance reporting versus preventive enforcement.

Microsoft-style foundational exams reward careful interpretation. They are less about obscure detail and more about disciplined distinction. Timed practice should train you to spot these patterns quickly: service comparison, governance tool selection, cloud model recognition, shared responsibility boundaries, and architecture terminology. As your speed improves, your confidence usually improves as well, because hesitation often comes from unclear pattern recognition rather than missing knowledge.

Section 6.3: Answer Rationales and Domain-by-Domain Performance Review

After completing the full mock exam, the most valuable work begins: answer rationale review. Do not limit your review to missed items. Analyze correct answers too, especially the ones you guessed on or answered with low confidence. A score alone tells you where you finished; rationales tell you how stable your understanding really is. This section corresponds to the heart of Weak Spot Analysis, because performance improvement depends on knowing whether errors came from content gaps, reading mistakes, or confusion between similar services.

Review each question by asking four things: what objective was tested, why the correct answer fits best, why the incorrect options are wrong, and whether your error was conceptual or strategic. For example, if you confuse Azure Policy with resource locks, the issue is conceptual. If you knew the difference but selected the wrong one because you rushed, the issue is strategic. Both matter, but they require different remediation.

Exam Tip: Build a short error log with columns for domain, concept, reason missed, and corrected rule. This turns a practice test into a targeted study tool.

Domain-by-domain review is especially useful for AZ-900 because the exam spans broad foundational territory. In cloud concepts, check whether you can consistently distinguish CapEx from OpEx, public versus private versus hybrid cloud, and elasticity versus scalability. In Azure architecture and services, evaluate whether you can separate compute options, networking concepts, storage types, and identity services without relying on guesswork. In management and governance, confirm that you understand tags, locks, Azure Policy, cost management tools, and compliance offerings at a practical level.

Common traps appear when answer choices are all true in some sense, but only one directly satisfies the scenario. Rationales help you practice this exam skill: selecting the best answer, not merely a technically related one. If your review reveals repeated mistakes in one service family or objective area, that is not failure. It is exactly the information you need to study efficiently in the final stretch.

Section 6.4: Weak Area Remediation Plan for Cloud Concepts, Services, and Governance

Your remediation plan should be narrow, practical, and tied directly to the exam objectives you missed. Avoid the common mistake of restarting the entire course from the beginning. That feels productive, but it is inefficient. Instead, use Weak Spot Analysis to isolate which subtopics are weakening your overall score. Most candidates do not need broad re-study; they need sharper contrast between commonly confused concepts.

For cloud concepts, focus on the distinctions that drive exam questions: shared responsibility, cloud models, and cloud benefits. Be sure you can explain which responsibilities remain with the customer in IaaS, PaaS, and SaaS. Also revisit business concepts such as agility, fault tolerance, high availability, disaster recovery, and consumption-based pricing. These appear simple, but the exam often tests whether you can match the correct business benefit to the scenario.

For Azure services, prioritize comparison charts and scenario cues. Review when to think of virtual machines versus containers versus serverless functions, object storage versus managed disks versus file shares, and virtual networks versus load-balancing or connectivity options. Identity should also be revisited carefully, especially the role of Microsoft Entra ID, authentication, authorization, and role-based access control. Exam Tip: If two services seem close, write one sentence for each beginning with "Use this when..." That wording often clarifies the best-fit answer faster than memorizing definitions alone.

For governance, concentrate on preventive versus organizational versus reporting tools. Azure Policy is about enforcing or evaluating compliance rules. Resource locks help prevent accidental deletion or modification. Tags support organization and cost reporting. Cost Management and pricing tools help estimate, monitor, and optimize spending. Compliance tools help organizations understand standards and trust information, but they do not replace technical enforcement controls. Many AZ-900 misses occur because candidates know the names of these tools but not their exact purpose.

A strong remediation plan uses short, focused sessions followed by mini-checks. Study one weak objective, summarize it from memory, and then test whether you can eliminate wrong answers in a related scenario. Improvement comes from precision, not repetition without reflection.

Section 6.5: Final AZ-900 Review Checklist and Confidence Boosters

Your final review should reduce mental clutter, not create it. In the last phase before the exam, the goal is to confirm familiarity with high-yield concepts and reinforce confidence in recurring distinctions. This is the ideal moment to use a concise review checklist rather than broad note rereading. The checklist should include cloud models, shared responsibility, benefits of cloud computing, regions and availability concepts, resource groups and subscriptions, core compute and storage options, networking basics, identity and access, cost management, governance tools, and compliance resources.

Confidence grows when review is active. Instead of rereading static notes, explain each topic aloud in simple language. If you can describe a concept clearly without jargon, you probably understand it well enough for AZ-900. If you struggle, that reveals where you still need refinement. This method is especially useful for topics that feel similar, such as Azure Policy versus locks, authentication versus authorization, or availability versus disaster recovery.

• Confirm that you can define each major service category in one sentence.
• Review common service comparisons and governance distinctions.
• Revisit any low-confidence mock exam items and their rationales.
• Memorize no more than a few key correction rules; prioritize understanding.
• Stop adding new resources at the last minute unless they address a specific weak spot.

Exam Tip: Confidence is not the belief that you know everything. It is the belief that you can read carefully, eliminate poor choices, and apply foundational Azure knowledge reliably.

Many candidates undermine themselves in the final review by hunting for obscure facts. AZ-900 usually rewards broad, accurate fundamentals. If you have already completed the mock exam and reviewed weak areas, your best final booster is consistency. Trust the structure of your preparation. Focus on clear distinctions, common patterns, and calm execution. A steady candidate who reads well and avoids common traps often outperforms a more anxious candidate with similar knowledge.

Section 6.6: Exam Day Tips, Time Management, and Last-Minute Readiness

Exam day performance depends heavily on routine. The purpose of the Exam Day Checklist is to remove avoidable stressors so your attention stays on the questions. Whether you are testing online or at a test center, verify logistics in advance: identification requirements, check-in timing, technical setup, workspace rules, and any permitted or prohibited items. Do not let administrative surprises consume the mental energy you need for the exam itself.

Before the exam begins, remind yourself what AZ-900 is testing: foundational understanding and sound service selection. You do not need expert-level implementation knowledge. This mindset matters because anxious candidates often talk themselves out of correct answers by imagining hidden complexity that is not there. Read each item carefully, identify the objective, and choose the best answer supported by the stated requirement.

Exam Tip: If a question seems harder than expected, simplify it. Ask: is this testing cloud concept, Azure service fit, identity, cost, or governance? Once you identify the category, the answer choices usually become easier to evaluate.

Use disciplined time management. Keep moving, especially on questions that narrow to two plausible options. Avoid perfectionism. Foundational exams reward broad consistency more than heroic effort on a few difficult items. Also protect your focus between questions. One uncertain item should not affect the next one. Reset quickly and continue.

For last-minute readiness, review only your highest-yield notes or checklist. Do not cram unfamiliar material just before the exam. Prioritize sleep, hydration, and a calm pre-exam routine. If you studied properly, your final job is execution: steady reading, clear elimination, and confidence in the fundamental distinctions you have practiced throughout the course. This chapter is the bridge from preparation to certification. Enter the exam ready to think clearly, apply your training, and finish strong.