CertGrid
Microsoft Certification

AZ-900: Microsoft Azure Fundamentals Practice Exam

Validates foundational knowledge of cloud concepts, core Azure services, Azure management and governance, and security features.

Practice 902 exam-style AZ-900 questions with full answer explanations, then take timed mock exams that score like the real thing.

Start practicing free Sign in
902
Practice questions
40
On the real exam
700
Passing score
85 min
Exam length

What the AZ-900 exam covers

Free AZ-900 sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 902.

  1. Question 1Describe Cloud Concepts

    Your company needs to deploy a web application that must remain available even if a single datacenter experiences an outage. Which cloud characteristic BEST describes this requirement?

    • AAgility
    • BElasticity
    • CScalability
    • DHigh availabilityCorrect
    ✓ Correct answer: D

    High availability refers to the ability of a system to remain operational and accessible even when individual components fail, such as a datacenter outage. Azure achieves high availability through features like Availability Zones, which distribute resources across physically separate datacenters within a region. This ensures that if one datacenter goes down, the application continues to run from another zone with minimal or no interruption.

    Why the other options are wrong
    • AAgility refers to the ability to rapidly provision and deploy resources, not to surviving outages.
    • BElasticity describes the ability to dynamically scale resources up or down based on demand.
    • CScalability is the ability to increase capacity to handle growing workloads, but it does not specifically address surviving datacenter failures.
  2. Question 2Describe Cloud Concepts

    Which consumption-based principle means you are not charged for cloud resources that are stopped or deallocated?

    • AEconomies of scale
    • BPay-as-you-go pricingCorrect
    • CFixed-rate billing
    • DCapital expenditure
    ✓ Correct answer: B

    Pay-as-you-go pricing is a consumption-based model where customers are billed only for the cloud resources they actively use. When resources such as virtual machines are stopped or deallocated, billing for compute charges ceases because the resources are no longer consuming capacity. This model provides maximum financial flexibility and ensures that organizations are not paying for idle infrastructure.

    Why the other options are wrong
    • AEconomies of scale refers to cost advantages achieved by cloud providers through large-scale operations, not to a billing model that stops charges when resources are not in use.
    • CFixed-rate billing involves a set charge regardless of actual resource usage, meaning you would still be billed even if resources are stopped.
    • DCapital expenditure involves purchasing physical assets upfront, which requires payment regardless of whether the equipment is actively being used.
  3. Question 3Describe Azure Architecture and Services

    A company needs to connect its on-premises datacenter to Azure with a dedicated private connection that does not traverse the public internet. Which Azure service should they use?

    • AAzure ExpressRouteCorrect
    • BAzure Content Delivery Network (CDN)
    • CAzure VPN Gateway with site-to-site VPN
    • DAzure DNS
    ✓ Correct answer: A

    Azure ExpressRoute provides a dedicated, private connection between on-premises infrastructure and Azure datacenters through a connectivity provider. Unlike VPN connections, ExpressRoute traffic does not traverse the public internet, resulting in higher reliability, faster speeds, consistent latencies, and greater security. ExpressRoute supports bandwidths up to 100 Gbps and is ideal for organizations that require predictable network performance and enhanced privacy for their cloud connectivity.

    Why the other options are wrong
    • BAzure Content Delivery Network (CDN) caches content at edge locations close to end users to improve performance for web content delivery, but it does not provide private connectivity between on-premises datacenters and Azure.
    • CAzure VPN Gateway with site-to-site VPN creates an encrypted tunnel between on-premises and Azure, but the traffic still traverses the public internet, which does not meet the requirement for a connection that does not use the public internet.
    • DAzure DNS is a hosting service for DNS domains that provides name resolution using Azure infrastructure, and it has no role in establishing network connections between on-premises environments and Azure.
  4. Question 4Describe Azure Architecture and Services

    Which Azure storage service is optimized for storing massive amounts of unstructured data such as images, videos, and documents?

    • AAzure Files
    • BAzure Disk Storage
    • CAzure Queue Storage
    • DAzure Blob StorageCorrect
    ✓ Correct answer: D

    Azure Blob Storage is specifically optimized for storing massive amounts of unstructured data, including images, videos, documents, backups, and log files. Blob stands for Binary Large Object, and this service supports hot, cool, cold, and archive access tiers that allow you to optimize storage costs based on how frequently the data is accessed. Blob Storage is highly scalable and accessible from anywhere via HTTP or HTTPS.

    Why the other options are wrong
    • AAzure Files provides fully managed file shares using the SMB and NFS protocols, designed for shared file access rather than massive unstructured data storage.
    • BAzure Disk Storage provides managed block-level storage volumes for Azure Virtual Machines, functioning as virtual hard disks rather than a general-purpose unstructured data store.
    • CAzure Queue Storage is a messaging service for storing large numbers of messages for asynchronous processing between application components, not for storing unstructured file data.
  5. Question 5Describe Azure Management and Governance

    What are Azure Resource Manager (ARM) templates used for?

    • ACalculating the cost of Azure resources
    • BMonitoring the health of Azure services
    • CManaging user identities and access control
    • DDefining infrastructure as code to deploy Azure resources in a consistent, repeatable mannerCorrect
    ✓ Correct answer: D

    Azure Resource Manager (ARM) templates are JSON files that use declarative syntax to define the infrastructure and configuration of Azure resources. They enable Infrastructure as Code (IaC) by allowing you to describe the desired state of your environment, and ARM handles creating or updating resources to match that definition. ARM templates support idempotent deployments, meaning deploying the same template multiple times produces the same result, ensuring consistency across development, staging, and production environments.

    Why the other options are wrong
    • ACalculating the cost of Azure resources is the function of the Azure Pricing Calculator and Azure Cost Management, not ARM templates.
    • BMonitoring the health of Azure services is the responsibility of Azure Service Health and Azure Monitor, not ARM templates.
    • CManaging user identities and access control is handled by Microsoft Entra ID and role-based access control, not ARM templates.
  6. Question 6Describe Azure Management and Governance

    Which Azure service helps you track compliance with industry standards and regulations, such as ISO 27001, GDPR, and NIST?

    • AAzure Cost Management
    • BAzure Advisor
    • CMicrosoft Purview Compliance ManagerCorrect
    • DAzure Service Health
    ✓ Correct answer: C

    Microsoft Purview Compliance Manager is a compliance management tool that helps organizations track, assess, and manage their compliance posture against industry standards and regulatory frameworks such as ISO 27001, GDPR, NIST, HIPAA, and many others. It provides a compliance score that quantifies your current compliance status, along with actionable improvement recommendations and step-by-step guidance for implementing required controls. The tool also offers pre-built assessment templates for common regulatory standards.

    Why the other options are wrong
    • AAzure Cost Management focuses on monitoring and optimizing Azure spending and has no compliance tracking functionality.
    • BAzure Advisor provides optimization recommendations for cost, security, reliability, performance, and operational excellence but does not track compliance against specific regulatory standards.
    • DAzure Service Health monitors the availability and health of Azure services and regions but does not provide regulatory compliance tracking or assessment.
  7. Question 7Describe Azure Architecture and Services

    Which Azure service provides a globally distributed, multi-model NoSQL database designed for low-latency access anywhere in the world?

    • AAzure Cosmos DBCorrect
    • BAzure SQL Database
    • CAzure Database for MySQL
    • DAzure Cache for Redis
    ✓ Correct answer: A

    Azure Cosmos DB is a fully managed, globally distributed, multi-model NoSQL database service designed to provide single-digit millisecond response times and guaranteed availability anywhere in the world. It supports multiple data models including document, key-value, graph, and column-family through APIs such as SQL, MongoDB, Cassandra, Gremlin, and Table. Cosmos DB offers turnkey global distribution with automatic data replication across Azure regions and configurable consistency levels.

    Why the other options are wrong
    • BAzure SQL Database is a fully managed relational database service based on SQL Server, not a NoSQL or multi-model database.
    • CAzure Database for MySQL is a managed relational database service for MySQL workloads and does not provide multi-model NoSQL capabilities or turnkey global distribution.
    • DAzure Cache for Redis is an in-memory caching service used to accelerate application performance, not a globally distributed multi-model NoSQL database.
  8. Question 8Describe Azure Architecture and ServicesSelect all that apply

    A consultant is reviewing the Azure ExpressRoute configuration at Contoso Ltd. Which two actions should be performed to optimize the implementation? (Choose two.)

    • AAzure SQL DatabaseCorrect
    • BDisable Azure ExpressRoute monitoring
    • CAzure MarketplaceCorrect
    • DAzure Resource Manager
    • Emanagement groups
    ✓ Correct answer: A, C

    When optimizing Azure ExpressRoute configuration at Contoso Ltd, Azure SQL Database benefits from ExpressRoute by gaining dedicated, private, high-bandwidth connectivity between on-premises networks and Azure, which improves database query performance and security for hybrid data workloads. Azure Marketplace provides access to pre-built solutions and appliances that can enhance ExpressRoute configurations, such as network virtual appliances and monitoring tools. Together, these components optimize how ExpressRoute is utilized for data services and extended functionality.

    Why the other options are wrong
    • BDisabling Azure ExpressRoute monitoring would remove visibility into connection health and performance metrics, which is counterproductive to optimization.
    • DAzure Resource Manager is the management plane for deploying Azure resources but is not a specific optimization action for ExpressRoute.
    • EManagement groups provide subscription-level governance and do not directly optimize ExpressRoute connectivity.
  9. Question 9Describe Cloud Concepts

    An organization uses both Azure and on-premises infrastructure. They connect the two environments using Azure ExpressRoute. Which cloud model does this represent?

    • APublic cloud only
    • BPrivate cloud only
    • CHybrid cloudCorrect
    • DMulti-cloud
    ✓ Correct answer: C

    A hybrid cloud model combines public cloud services with on-premises or private cloud infrastructure, allowing data and applications to be shared between the two environments.

    Why the other options are wrong
    • AIn this scenario, the organization uses Azure as its public cloud component and maintains on-premises infrastructure, connecting them through Azure ExpressRoute, which provides a private, dedicated, high-bandwidth connection. This hybrid approach allows the organization to keep sensitive workloads on-premises while leveraging Azure for other services, and ExpressRoute ensures secure, low-latency connectivity between the environments. Public cloud only would mean all resources are hosted in Azure with no on-premises infrastructure, which does not match this scenario since the organization maintains on-premises systems.
    • BPrivate cloud only would mean all resources are hosted in a dedicated environment controlled by the organization, which does not match because Azure is a public cloud service being used alongside on-premises infrastructure.
    • DMulti-cloud refers to using services from multiple public cloud providers simultaneously (such as Azure and AWS together), not the combination of public cloud with on-premises infrastructure.
  10. Question 10Describe Azure Architecture and Services

    In the context of Azure RBAC, what is a 'scope'?

    • AThe type of authentication method used for sign-in
    • BThe level at which a role assignment applies, such as subscription or resource groupCorrect
    • CThe geographic region where resources are deployed
    • DThe number of users who can be assigned to a role
    ✓ Correct answer: B

    In Azure role-based access control (RBAC), scope defines the boundary of resources that a role assignment applies to. Azure RBAC supports four levels of scope: management group, subscription, resource group, and individual resource. When a role is assigned at a particular scope, the permissions granted by that role are inherited by all child scopes beneath it. For example, assigning the Contributor role at the subscription scope grants permission to manage all resources in every resource group within that subscription. Understanding scope is essential for implementing least-privilege access by assigning roles only at the narrowest scope necessary.

    Why the other options are wrong
    • AThe type of authentication method used for sign-in is not what scope refers to; authentication is handled by Microsoft Entra ID separately from RBAC.
    • CThe geographic region where resources are deployed is the Azure region, which is unrelated to the RBAC concept of scope.
    • DThe number of users who can be assigned to a role is not limited by scope; scope defines the resource boundary, not user capacity.
Unlock all 902 AZ-900 questions

AZ-900 practice exam FAQ

How many questions are in the AZ-900 practice exam on CertGrid?

CertGrid has 902 practice questions for AZ-900: Microsoft Azure Fundamentals, covering 3 exam domains. The real AZ-900 exam has about 40 questions.

What is the passing score for AZ-900?

The AZ-900 exam passing score is 700, and you have about 85 minutes to complete it. CertGrid scores your practice attempts the same way so you know when you are ready.

Are these official AZ-900 exam questions?

No. CertGrid is an independent practice platform. Questions are written to mirror the style and concepts of AZ-900: Microsoft Azure Fundamentals, with full explanations, but they are not official or copied vendor exam items. They are original practice questions designed to help you genuinely learn the material.

Can I practice AZ-900 for free?

Yes. You can start practicing AZ-900: Microsoft Azure Fundamentals for free with daily practice and sample questions. Paid plans unlock full timed exams, complete explanations, and domain analytics.