Last updated on August 9, 2023
Here are 10 AZ-900 Microsoft Azure Fundamentals practice exam questions to help you gauge your readiness for the actual exam.
Question 1
A company is planning to deploy its suite of enterprise applications to Microsoft Azure, where each application has several dependencies and subcomponents. The company must also control and manage the patching activities of the underlying operating system of the servers.
What type of cloud deployment solution should you recommend?
- Infrastructure as a Service (laaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
- Functions as a service (FaaS)
Correct Answer: 1
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet. It’s one of the types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless.
IaaS quickly scales up and down with demand, letting you pay only for what you use. It helps you avoid the expense and complexity of buying and managing your own physical servers and other data center infrastructure. Each resource is offered as a separate service component, and you only need to rent a particular one for as long as you need it.
A cloud computing service provider, such as Azure, manages the infrastructure while you purchase, install, configure, and manage your own software — operating systems, middleware, and applications.
You can also use Azure Virtual Machines, which is an Infrastructure as a Service (IaaS), to host the suite of enterprise applications and manage the patching activities of the underlying operating system of the servers.
Therefore, the correct answer is: Infrastructure as a Service (laaS).
Platform as a Service (PaaS) is incorrect because this is a type of cloud service that allows you to focus on developing your applications and services by letting the cloud service provider handle the administrative tasks of the underlying application infrastructure. It doesn’t allow the customers to control and manage the patching activities of the underlying operating system of the servers.
Software as a Service (SaaS) is incorrect because this cloud service type just allows customers to connect to and use its cloud-based apps over the Internet and not deploy their custom applications. Just like PaaS, it doesn’t allow the customers to control and manage the patching activities of the underlying operating system of the servers that you use.
Function as a Service (FaaS) is incorrect because this is simply an event-driven serverless computing platform. The underlying servers are abstracted and not accessible to the end user.
References:
https://azure.microsoft.com/en-au/overview/what-is-iaas
https://azure.microsoft.com/en-au/overview/what-is-azure/iaas/
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-deployments
Azure Cloud Service Models Cheat Sheet:
https://tutorialsdojo.com/azure-cloud-service-models/
Question 2
Note: This item is part of a series of questions with the exact same scenario but with a different proposed answer. Each one in the series has a unique solution that may, or may not, comply with the requirements specified in the scenario.
A company is migrating all its applications and data to Microsoft Azure. There is a strict requirement that the Azure environment must only be comprised of platform-as-a-service (PaaS) solutions to minimize the amount of administrative effort in managing the underlying resources.
Solution: Deploy the applications using the Azure App Service and migrate the data to Azure SQL databases.
Does this solution comply with the requirement?
- Yes
- No
Correct Answer: 1
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.
Like IaaS, PaaS includes infrastructure – servers, storage, and networking – but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application life cycle: building, testing, deploying, managing, and updating.
PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure, and middleware, container orchestrators such as Kubernetes or the development tools, and other resources. You manage the applications and services that you develop, and the cloud service provider typically manages everything else.
In this scenario, the Azure App Service and Azure SQL Databases are both Platform as a Service (PaaS) solutions that allow the customers to deploy and run their custom applications quickly while minimizing the administrative effort in managing the underlying server resources. You can indeed deploy the applications using the Azure App Service and migrate the data to Azure SQL databases.
Hence, the correct answer is: Yes as the proposed solution is valid and complies with the requirement.
References:
https://azure.microsoft.com/en-au/overview/what-is-paas/
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-deployments
Azure Cloud Service Models Cheat Sheet:
https://tutorialsdojo.com/azure-cloud-service-models/
Question 3
Azure App Service and Azure Virtual Machines are services that you can use in Azure. For each service, you have to determine its correct type of cloud service model.
Select the correct answer from the drop-down list of options. Each correct selection is worth one point.
Correct Answer:Â
Azure Virtual Machines: Infrastructure as a service (IaaS)
Azure App Service: Platform as a service (PaaS)
Azure Virtual Machines are image service instances that provide on-demand and scalable computing resources with usage-based pricing. More broadly, a virtual machine behaves like a server: it is a computer within a computer that provides the user with the same experience they would have on the host operating system itself.
In general, virtual machines are sandboxed from the rest of the system, meaning that the software inside a virtual machine can’t escape or tamper with the underlying server itself. Each virtual machine provides its own virtual hardware including CPUs, memory, hard drives, network interfaces, and other devices.
Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo. With App Service, you pay for the Azure compute resources that you use. The compute resources you use are determined by the App Service plan that you run your apps on.
Azure Virtual Machines is a type of Infrastructure as a Service (IaaS) resource, while the Azure App Service is considered to be a Platform as a Service (PaaS) resource.
Therefore, the correct answers are:
–Azure Virtual Machine = Infrastructure as a Service (IaaS)
–Azure App Service = Platform as a Service (PaaS)
References:
https://azure.microsoft.com/en-au/overview/what-is-iaas
https://azure.microsoft.com/en-au/overview/what-is-azure/iaas/#overview
https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/5-types-of-cloud-services
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-deployments
Check out these Azure Virtual Machines and App Service Cheat Sheets:
https://tutorialsdojo.com/azure-virtual-machines/
https://tutorialsdojo.com/azure-app-service/
Question 4
Which of the following are considered vertical scaling in a cloud environment?
- Increase the number of virtual machines
- Provision additional containers
- Increase the CPU and RAM of a virtual machine
- Provision an additional Azure dedicated host
Correct Answer: 3
Scaling up and down, or vertical scaling keeps the number of resources constant but gives those resources more capacity in terms of memory, CPU speed, disk space and network. Vertical scaling is limited by the availability of larger hardware, which eventually reaches an upper limit. Hardware size availability varies in Azure by region. Vertical scaling may also require a restart of the virtual machine during the scaling process.
With vertical scaling, if you were developing an app and you needed more processing power, you could vertically scale up to add more CPUs or RAM to the virtual machine. Conversely, if you realized you had over-specified the needs, you could vertically scale down by lowering the CPU or RAM specifications.
Take note that whenever you add an additional copy of an existing resource, that is typically considered as horizontal scaling. For example, adding additional virtual machines to a scale set is horizontal scaling.
Hence, the correct answer is: Increase the CPU and RAM of a virtual machine.
The following options are incorrect because these actions are considered as horizontal scaling wherein you add or remove the number of resource instances.
– Increase the number of virtual machines.
– Provision additional containers.
– Provision an additional Azure dedicated host.
References:
https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-overview
https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm
Check out this Azure Virtual Machines Cheat Sheet:
https://tutorialsdojo.com/azure-virtual-machines/
Question 5
A company wants to migrate to the cloud. The requirement is to have a VPN connection to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.
What is the most suitable type of VPN connection that you should use?
- Point-to-Site VPN connection
- Site-to-Site VPN Connection
- VNet peering connection
- ExpressRoute Connection
Correct Answer: 2
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.
A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet. Virtual network gateway VMs contain routing tables and run specific gateway services. These VMs are created when you create a virtual network gateway.Â
There are various configurations available for your VPN gateway connections. You have to determine which configuration meets your requirements. You can set up a Site-to-Site, Multi-Site, Point-to-Site, VNet-to-VNet, and other VPN gateway connections.
Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.Â
Hence, the correct answer is: Site-to-Site VPN Connection.
Point-to-Site (P2S) VPN gateway connection is incorrect because this only allows you to create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client’s computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.
VNet peering connection is incorrect because this connection type simply provides a low-latency, high-bandwidth connection between resources in different Azure virtual networks. This is not suitable for connecting your on-premises network to an Azure virtual network.
ExpressRoute connection is incorrect because it is not a VPN connection in the first place. It also doesn’t connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. Using ExpressRoute, the connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public Internet, unlike an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
https://docs.microsoft.com/en-us/azure/vpn-gateway/design
Azure VPN Gateway Cheat Sheet:
https://tutorialsdojo.com/azure-vpn-gateway/
Question 6
INSTRUCTION: For each of the following items about subscription access policies, choose Yes if the statement is true and choose No if the statement is false. Take note that each correct item is worth one point.
Correct Answer: No, Yes, Yes, Yes
Azure role-based access control (Azure RBAC) is an authorization system that provides fine-grained access management of Azure resources. Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
Azure RBAC has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Role assignments are the way you control access to Azure resources.
The Contributor role grants you full access to manage all resources but does not allow you to assign roles in Azure RBAC.
The Owner role lets you manage everything, including access to resources and the contributor’s role. It grants you full access to manage all resources, including the ability to assign roles in Azure RBAC.
Virtual Machine Contributor role lets you manage virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.
The Reader role lets you view everything, but not make any changes.
Therefore, the following statements are correct:
– If you edit the Subscription’s IAM and add an Owner role assignment to John’s user, he can now inherit the Contributor’s Role, including the resources.
– If you edit the Subscription’s IAM and add a Reader role assignment to John’s user, he can now view all the resources, but not make any changes.
– If you edit the Subscription’s IAM and add a Virtual Machine Contributor role assignment to John’s user, he can now manage virtual machines but not access them, and not the virtual network or storage account they’re connected to.
The statement that says: If you edit the Subscription’s IAM and add a Contributor role assignment to John’s user, he can now manage everything such as granting access to the resources is incorrect because a Contributor role allows you access to all resources but you are not permitted to add additional roles to users.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Azure Role-Based Access Control (RBAC):
https://tutorialsdojo.com/azure-role-based-access-control-rbac/
Azure Policy vs. Azure Role-Based Access Control (RBAC):
https://tutorialsdojo.com/azure-policy-vs-azure-role-based-access-control-rbac/
Question 7
What service enables you to correlate trace events from multiple Azure VMs and other resources into a centralized repository?
- Azure Event Hubs
- Azure Repos
- Azure Monitor
- Azure Resource Manager
Correct Answer: 3
Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It works for apps on a wide variety of platforms including .NET, Node.js, Java, and Python hosted on-premises, hybrid, or any public cloud.
Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:
– Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
– Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
– Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
– Pageviews and load performance – reported by your users’ browsers.
AJAX calls from web pages – rates, response times, and failure rates.
– User and session count.
– Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
– Host diagnostics from Docker or Azure.
– Diagnostic trace logs from your app – so that you can correlate trace events with requests.
– Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.
You install a small instrumentation package (SDK) in your application or enable Application Insights using the Application Insights Agent when supported. The instrumentation monitors your app and directs the telemetry data to an Azure Application Insights Resource using a unique GUID that we refer to as an Instrumentation Key.
Hence, the correct answer is Azure Monitor.
Azure Event Hubs is incorrect because this is just a big data streaming platform and event ingestion service. It’s not suitable to be used to correlate trace events from multiple Azure VMs.
Azure Repos is incorrect because this is simply a set of version control tools that you can use to manage your code.
Azure Resource Manager is incorrect because this is only a deployment and management service that enables you to create, update, and delete resources in your Azure account. This service is not suitable for monitoring and correlating trace events from various VMs and resources.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/insights-overview
Check out this Azure Monitor Cheat Sheet:
https://tutorialsdojo.com/azure-monitor/
Question 8
Which service analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, reliability, and security of your Azure resources?
- Compliance Manager
- Azure Information Protection
- Azure Resource Manager
- Azure Advisor
Correct Answer: 4
Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, reliability (formerly called High availability), and security of your Azure resources.
With Advisor, you can:
– Get proactive, actionable, and personalized best practices recommendations.
– Improve the performance, security, and reliability of your resources as you identify
– opportunities to reduce your overall Azure spend.
– Get recommendations with proposed actions inline.
You can access Advisor through the Azure portal. Sign in to the portal, locate Advisor in the navigation menu, or search for it in the All services menu.Â
The Advisor dashboard displays personalized recommendations for all your subscriptions. You can apply filters to display recommendations for specific subscriptions and resource types. The recommendations are divided into five categories:
– Reliability (formerly called High Availability): To ensure and improve the continuity of your business-critical applications.
– Security: To detect threats and vulnerabilities that might lead to security breaches.Â
– Performance: To improve the speed of your applications.Â
– Cost: To optimize and reduce your overall Azure spending.
– Operational Excellence: To help you achieve process and workflow efficiency, resource manageability, and deployment best practices.
Hence, the correct answer is:Â Azure Advisor.
Compliance Manager is incorrect because this is just a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services.
Azure Information Protection is incorrect because this is simply a service that helps organizations in labeling their documents and emails.
Azure Resource Manager is incorrect because this is only a deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account.
References:
https://docs.microsoft.com/en-au/azure/advisor/advisor-overview
https://azure.microsoft.com/en-au/services/advisor/#product-overview
Azure Advisor Cheat Sheet:
https://tutorialsdojo.com/azure-advisor/
Question 9
Which service enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements?
- Azure Blueprints
- Compliance Manager
- Azure Monitor
- Azure Advisor
Correct Answer: 1
Azure Blueprints makes it possible for development teams to rapidly build and launch new environments with the reliability that they’re building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery. Just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
– Role Assignments
– Policy Assignments
– Azure Resource Manager templates (ARM templates)
– Resource Groups
The Azure Blueprints service is backed by the globally distributed Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Azure Blueprints deploy your resources to.
Hence, the correct answer is: Azure Blueprints.
Compliance Manager is incorrect because this service doesn’t define a repeatable set of Azure resources. It is simply a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services.
Azure Monitor is incorrect because this service is primarily used to maximize the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Azure Advisor is incorrect because this is a service that analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.
References:
https://azure.microsoft.com/en-au/services/blueprints/
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
Azure Blueprints Cheat Sheet:
https://tutorialsdojo.com/azure-blueprints/
Question 10
Note: This item is part of a series of questions with the exact same scenario but with a different proposed answer. Each one in the series has a unique solution that may, or may not, comply with the requirements specified in the scenario.
Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.
Solution: Purchase a reserved instance.
Does the solution meet the goal?
- Yes
- No
Correct Answer: 1
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
By purchasing a reserved instance, you can significantly reduce costs up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same and you don’t pay any extra fees when you choose to pay monthly.
Hence, the correct answer is: Yes.
References:
https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/save-compute-costs-reservations
https://azure.microsoft.com/en-us/pricing/details/virtual-machines/windows/
Check out this Azure Virtual Machines Cheat Sheet:
https://tutorialsdojo.com/azure-virtual-machines/
For more practice questions like these and to further prepare you for the actual AZ-900 Microsoft Azure Fundamentals exam, we recommend that you take our top-notch AZ-900 Microsoft Azure Fundamentals Practice Exams, which simulate the real unique question types in the AZ-900 exam such as drag and drop, dropdown, and hotspot.
Also, check out our AZ-900 Microsoft Azure Fundamentals exam study guide here.
Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 ONLY!
Be Inspired and Mentored with Cloud Career Journeys!
Enroll Now – Our Azure Certification Exam Reviewers
Enroll Now – Our Google Cloud Certification Exam Reviewers
Tutorials Dojo Exam Study Guide eBooks
FREE AWS Exam Readiness Digital Courses
Subscribe to our YouTube Channel
FREE Intro to Cloud Computing for Beginners
FREE AWS, Azure, GCP Practice Test Samplers
Written by: Jon Bonso
