The Microsoft Azure AZ-900 Exams constantly undergo periodic updates to match the skills set required to perform the responsibilities for the given role. The English language version of the exam has AZ-900 July 2023 Exam Updates with some new topics being added and previous topics updated. The technology industry is dynamic and ever-evolving. New industry trends, practices, and standards emerge regularly. Microsoft constantly develops and releases new technologies and features.
In this blog we shall look at some of the important changes and updates in the Microsoft Azure Fundamentals (AZ-900) Exam and free questions to evaluate your skills set based on the new exam updates. We have the table below to highlight the major changes and exam updates –
Domain | Topics Covered (Prior to 31 July, 2023) | Topics Covered (2024) | Comments |
Describe cloud concepts (25–30%) | Describe cloud computing • Define cloud computing • Describe the shared responsibility model • Define cloud models, including public, private, and hybrid • Identify appropriate use cases for each cloud model • Describe the consumption-based model • Compare cloud pricing models | Describe cloud computing • Define cloud computing • Describe the shared responsibility model • Define cloud models, including public, private, and hybrid • Identify appropriate use cases for each cloud model • Describe the consumption-based model • Compare cloud pricing models • Describe serverless | New Topic Added – • Describe serverless |
Describe the benefits of using cloud services • Describe the benefits of high availability and scalability in the cloud • Describe the benefits of reliability and predictability in the cloud • Describe the benefits of security and governance in the cloud • Describe the benefits of manageability in the cloud | Describe the benefits of using cloud services • Describe the benefits of high availability and scalability in the cloud • Describe the benefits of reliability and predictability in the cloud • Describe the benefits of security and governance in the cloud • Describe the benefits of manageability in the cloud | No Change | |
Describe cloud service types • Describe infrastructure as a service (IaaS) • Describe platform as a service (PaaS) • Describe software as a service (SaaS) • Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS) | Describe cloud service types • Describe infrastructure as a service (IaaS) • Describe platform as a service (PaaS) • Describe software as a service (SaaS) • Identify appropriate use cases for each cloud service (IaaS, PaaS, and SaaS) | No Change | |
Describe Azure architecture and services (35–40%) | Describe the core architectural components of Azure • Describe Azure regions, region pairs, and sovereign regions • Describe availability zones • Describe Azure datacenters • Describe Azure resources and resource groups • Describe subscriptions • Describe management groups • Describe the hierarchy of resource groups, subscriptions, and management groups | Describe the core architectural components of Azure • Describe Azure regions, region pairs, and sovereign regions • Describe availability zones • Describe Azure datacenters • Describe Azure resources and resource groups • Describe subscriptions • Describe management groups • Describe the hierarchy of resource groups, subscriptions, and management groups | No Change |
Describe Azure compute and networking services • Compare compute types, including container instances, virtual machines (VMs), and functions • Describe VM options, including Azure Virtual Machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop • Describe resources required for virtual machines • Describe application hosting options, including the Web Apps feature of Azure App Service, containers, and virtual machines • Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute • Define public and private endpoints | Describe Azure compute and networking services • Compare compute types, including containers, virtual machines, and functions • Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop • Describe the resources required for virtual machines • Describe application hosting options, including web apps, containers, and virtual machines • Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute • Define public and private endpoints | Minor Topic Name Changes | |
Describe Azure storage services • Compare Azure storage services • Describe storage tiers • Describe redundancy options • Describe storage account options and storage types • Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync • Describe migration options, including Azure Migrate and Azure Data Box | Describe Azure storage services • Compare Azure Storage services • Describe storage tiers • Describe redundancy options • Describe storage account options and storage types • Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync • Describe migration options, including Azure Migrate and Azure Data Box | No Change | |
Describe Azure identity, access, and security • Describe directory services in Azure, including Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra and Azure Active Directory Domain Services (Azure AD DS) • Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication, and passwordless • Describe external identities and guest access in Azure • Describe Conditional Access in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra • Describe Azure role-based access control (RBAC) • Describe the concept of Zero Trust • Describe the purpose of the defense in depth model • Describe the purpose of Microsoft Defender for Cloud | Describe Azure identity, access, and security • Describe directory services in Azure, including Azure Active Directory (Azure AD), part of Microsoft Entra and Azure Active Directory Domain Services (Azure AD DS) • Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless • Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C) • Describe Conditional Access in Azure AD • Describe Azure role-based access control (RBAC) • Describe the concept of Zero Trust • Describe the purpose of the defense-in-depth model • Describe the purpose of Microsoft Defender for Cloud | Minor Topic changes | |
Describe Azure management and governance (30–35%) | Describe cost management in Azure • Describe factors that can affect costs in Azure • Compare the Pricing calculator and the Total Cost of Ownership (TCO) calculator • Describe the Azure Cost Management and Billing tool • Describe the purpose of tags | Describe cost management in Azure • Describe factors that can affect costs in Azure • Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator • Describe cost management capabilities in Azure • Describe the purpose of tags | Minor Topic changes |
Describe features and tools in Azure for governance and compliance • Describe the purpose of Azure Blueprints • Describe the purpose of Azure Policy • Describe the purpose of resource locks • Describe the purpose of the Service Trust Portal | Describe features and tools in Azure for governance and compliance • Describe the purpose of Microsoft Purview in Azure • Describe the purpose of Azure Policy • Describe the purpose of resource locks | Topic added – • Describe the purpose of Microsoft Purview in Azure Topic Deleted – • Describe the purpose of Azure Blueprints • Describe the purpose of the Service Trust Portal | |
Describe features and tools for managing and deploying Azure resources • Describe the Azure portal • Describe Azure Cloud Shell, including Azure CLI and Azure PowerShell • Describe the purpose of Azure Arc • Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates) | Describe features and tools for managing and deploying Azure resources • Describe the Azure portal • Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell • Describe the purpose of Azure Arc • Describe infrastructure as code (IaC) • Describe Azure Resource Manager (ARM) and ARM templates | Minor Topic Name Changes Topic Added – • Describe infrastructure as code (IaC) | |
Describe monitoring tools in Azure • Describe the purpose of Azure Advisor • Describe Azure Service Health • Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights | Describe monitoring tools in Azure • Describe the purpose of Azure Advisor • Describe Azure Service Health • Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights | No Change |
AZ-900 July 2023 Exam Updates | Free Practice Questions
We shall now explain and give a brief about the AZ-900 July 2023 Exam Updates topics followed by set of questions to evaluate your skills
Topic – Understanding concept of Serverless Computing
Serverless computing is a framework that empowers developers to expedite application development by relieving them of the burden of managing infrastructure. In serverless applications, the responsibility of provisioning, scaling, and managing the underlying infrastructure necessary to execute the code is automatically handled by the cloud service provider.
It is essential to understand that even though servers are still utilized to run the code, the term “serverless” implies that the tasks related to infrastructure provisioning and management are concealed from the developer. This approach enables developers to concentrate more on the business logic, enabling them to deliver greater value to the core aspects of their business. By adopting serverless computing, teams can enhance their productivity, accelerate time to market for their products, and organizations can optimize resources effectively while maintaining a focus on innovation.
Question: What is serverless computing?
A) A computing model that eliminates the need for developers to write code.
B) A cloud computing execution model where developers don’t need to manage server infrastructure.
C) A type of computing that doesn’t use servers at all.
D) A model where developers manage all aspects of the server infrastructure.
Answer: B
Explanation: Serverless computing is a cloud computing execution model in which developers are freed from managing traditional server infrastructure. The cloud service provider handles server provisioning and scaling based on actual demand.
Question: In serverless computing, what triggers the execution of functions?
A) Server instances running continuously.
B) HTTP requests, database changes, or other events.
C) Server administrators’ manual intervention.
D) Scheduled time intervals.
Answer: B
Explanation: Functions in serverless computing are event-driven, meaning they are executed in response to specific events like HTTP requests, database changes, or file uploads.
Question: What benefits does serverless computing offer?
A) Increased operational complexity and higher costs.
B) Lower scalability and slower development cycles.
C) Reduced costs, improved scalability, and faster development cycles.
D) Greater control over infrastructure management.
Answer: C
Explanation: Serverless computing offers benefits such as reduced operational complexity, lower costs, improved scalability, and faster development cycles.
Question: What does the term “serverless” imply in serverless computing?
A) No servers are used at all in the computing process.
B) Developers are not involved in writing code.
C) The servers are invisible to developers, who don’t manage them directly.
D) Developers have full control over server instances.
Answer: C
Explanation: The term “serverless” in serverless computing means that the tasks associated with infrastructure provisioning and management are invisible to the developers. They don’t directly manage servers.
Question: Why does serverless computing promote faster application development?
A) By allocating more servers to each application.
B) By allowing developers to focus on business logic rather than infrastructure management.
C) By reducing the number of available programming languages.
D) By limiting the scaling options for applications.
Answer: B
Explanation: Serverless computing allows developers to focus on writing code and business logic, as the cloud service provider handles infrastructure management. This promotes faster application development by streamlining the development process.
Question: You are developing a real-time web application that requires rapid scalability to handle varying user loads. Which cloud computing model would be most suitable for this application, and why?
A) Virtual Machines (VMs)
B) Containers
C) Serverless Computing
D) Dedicated Physical Servers
Answer: C
Explanation: Serverless computing would be the most suitable model for this scenario. With serverless computing, the cloud service provider automatically scales the application based on actual demand, ensuring rapid scalability to handle varying user loads. This allows the application to dynamically allocate resources without requiring manual intervention, making it a perfect choice for real-time web applications.
Scenario: You are developing a microservices-based architecture for a large e-commerce platform. The platform includes various functionalities like user authentication, order processing, and inventory management. Which approach would you choose to implement these functionalities, and why?
A) Deploy each microservice on separate VMs.
B) Use containers to package and deploy microservices.
C) Utilize a serverless architecture for each functionality.
D) Combine all functionalities into a single monolithic application.
Answer: B
Explanation: Using containers to package and deploy microservices would be the best approach for this scenario. Containers allow for better isolation and resource utilization, making it easier to manage and deploy individual microservices. Additionally, containers provide a consistent environment across development, testing, and production stages, which aids in maintaining a scalable and reliable e-commerce platform.
Scenario: You are working on a project where cost optimization is a crucial factor. The application will have infrequent usage, but when it’s used, it needs to respond quickly and efficiently. Which cloud computing model would be most cost-effective for this scenario?
A) Virtual Machines (VMs)
B) Serverless Computing
C) Dedicated Physical Servers
D) Containers
Answer: B
Explanation: Serverless computing would be the most cost-effective option for this scenario. In serverless computing, you only pay for the actual execution time of the functions, which is well-suited for applications with infrequent usage. Since the cloud service provider handles resource provisioning and scaling, you don’t need to maintain or pay for idle resources, resulting in cost optimization.
Scenario: You are developing a data processing application that requires long-running tasks to be executed. These tasks involve complex data processing and may take more than 15 minutes to complete. Which cloud computing model would be the most appropriate choice for this scenario?
A) Virtual Machines (VMs)
B) Containers
C) Serverless Computing
D) Dedicated Physical Servers
Answer: A
Explanation: For long-running tasks that may take more than 15 minutes to complete, Virtual Machines (VMs) would be the most appropriate choice. Serverless computing platforms typically have execution time limits (e.g., 15 minutes) for individual functions, making them unsuitable for such long-running tasks. VMs provide greater control over resources and allow you to run processes that require extended periods of computation.
Scenario: You are developing an API backend that needs to respond to thousands of concurrent requests during peak times. Which cloud computing model would be most suitable to handle such a high load?
A) Virtual Machines (VMs)
B) Containers
C) Serverless Computing
D) Load-balanced Dedicated Servers
Answer: C
Explanation: Serverless computing would be the most suitable model for handling thousands of concurrent requests during peak times. The cloud service provider automatically scales the application to meet the demand, ensuring that the required resources are provisioned and managed efficiently. This dynamic scaling capability makes serverless computing an ideal choice for handling varying workloads without the need for manual intervention or dedicated infrastructure.
Topic – Describe application hosting options, including web apps, containers, and virtual machines
Microsoft Azure’s application hosting options provide developers with a range of choices to deploy, manage, and scale their applications efficiently. Depending on the application’s characteristics, workload, and development preferences, you can select the most appropriate hosting option to achieve optimal performance, cost-effectiveness, and ease of management.
Question: You are developing a web application and want to host it on Microsoft Azure. The application requires automatic scaling, a managed environment, and no server management. Which Azure service should you choose?
A) Virtual Machines (VMs)
B) Azure Web Apps
C) Azure Kubernetes Service (AKS)
D) Azure Container Instances (ACI)
Answer: B
Explanation: Azure Web Apps is the correct choice for hosting a web application with automatic scaling and a fully managed environment. It allows you to focus on your application code without worrying about server management, and it automatically scales based on demand.
Question: You are developing a complex application that requires full control over the underlying infrastructure and the ability to run custom software. The application also needs to scale dynamically based on usage. Which Azure service would be most appropriate for this scenario?
A) Virtual Machines (VMs)
B) Azure Kubernetes Service (AKS)
C) Azure App Service
D) Azure Functions
Answer: A
Explanation: Virtual Machines (VMs) would be the most appropriate choice in this scenario. VMs offer full control over the underlying infrastructure, allowing you to install custom software and configure the environment as needed. Additionally, VMs can be scaled dynamically based on demand by adjusting the number of instances running.
Question: You have a microservices-based application and want to manage containerized workloads at scale while automating the deployment, scaling, and management of containers. Which Azure service should you choose?
A) Virtual Machines (VMs)
B) Azure Kubernetes Service (AKS)
C) Azure Container Instances (ACI)
D) Azure Web Apps
Answer: B
Explanation: Azure Kubernetes Service (AKS) is the appropriate choice for managing containerized workloads at scale with automated deployment, scaling, and management of containers. AKS provides a fully managed Kubernetes service, making it easier to deploy and manage containerized applications.
Question: You have a task that requires running a container without managing the underlying infrastructure. The task will execute quickly and doesn’t need to be connected to other containers. Which Azure service should you use?
A) Virtual Machines (VMs)
B) Azure Kubernetes Service (AKS)
C) Azure Container Instances (ACI)
D) Azure Web Apps
Answer: C
Explanation: Azure Container Instances (ACI) is the appropriate choice for running a container without managing the underlying infrastructure. ACI allows you to quickly run containers without the need to manage VMs or configure a container orchestration platform like Kubernetes.
Question: You want to deploy a simple application without worrying about the underlying infrastructure, as it needs to be automatically managed and scaled. The application is stateless and will only require HTTP/HTTPS communication. Which Azure service is the most suitable choice?
A) Azure Web Apps
B) Virtual Machines (VMs)
C) Azure Kubernetes Service (AKS)
D) Azure Functions
Answer: A
Explanation: Azure Web Apps is the most suitable choice for deploying a simple application that requires automatic management and scaling without worrying about the underlying infrastructure. Web Apps provide a fully managed environment for hosting web applications and allow automatic scaling based on demand.
Question: You are developing a serverless application that consists of small, event-driven functions. The application needs to execute code in response to events and automatically scale based on demand. Which Azure service should you use?
A) Azure Kubernetes Service (AKS)
B) Azure Functions
C) Virtual Machines (VMs)
D) Azure Web Apps
Answer: B
Explanation: Azure Functions is the correct choice for a serverless application that consists of small, event-driven functions. Azure Functions automatically scales based on demand and allows you to execute code in response to various events, such as HTTP requests, timers, or queue messages.
Question: You are deploying a legacy application that requires a full operating system and custom configurations. The application will run 24/7 and doesn’t need auto-scaling. Which Azure service would be the most appropriate choice?
A) Azure Web Apps
B) Azure Kubernetes Service (AKS)
C) Virtual Machines (VMs)
D) Azure Functions
Answer: C
Explanation: Virtual Machines (VMs) would be the most appropriate choice for deploying a legacy application that requires a full operating system and custom configurations. VMs provide full control over the underlying infrastructure, allowing you to run the application as if it were on-premises.
Question: You have a containerized application that you want to deploy quickly without managing any virtual machines. The application needs to run for a short duration and doesn’t require orchestration. Which Azure service should you use?
A) Azure Kubernetes Service (AKS)
B) Azure Functions
C) Virtual Machines (VMs)
D) Azure Container Instances (ACI)
Answer: D
Explanation: Azure Container Instances (ACI) is the correct choice for quickly deploying containerized applications without managing virtual machines. ACI allows you to run containers without the need for orchestration and is suitable for short-lived tasks and quick deployments.
Question: You are developing a web application that requires a managed environment, built-in CI/CD integration, and the ability to deploy from GitHub repositories. The application will handle HTTP/HTTPS traffic and should automatically scale based on demand. Which Azure service would be the most suitable choice?
A) Azure Kubernetes Service (AKS)
B) Azure Functions
C) Virtual Machines (VMs)
D) Azure Web Apps
Answer: D
Explanation: Azure Web Apps is the most suitable choice for a web application that requires a managed environment, built-in CI/CD integration (deployment from GitHub), and automatic scaling based on demand. Azure Web Apps offer a fully managed platform for hosting web applications and make it easy to deploy and scale web apps.
Question: You want to deploy a microservices-based application with containerized workloads and need a fully managed Kubernetes service to manage and orchestrate the containers. Which Azure service should you use?
A) Azure Kubernetes Service (AKS)
B) Azure Container Instances (ACI)
C) Azure Functions
D) Azure Web Apps
Answer: A
Explanation: Azure Kubernetes Service (AKS) is the correct choice for deploying and managing a microservices-based application with containerized workloads. AKS provides a fully managed Kubernetes service, allowing you to easily deploy, manage, and scale containerized applications using Kubernetes orchestration.
Topic – External identities in Azure, including business-to-business (B2B) and business-to-customer (B2C)
In Azure, external identities refer to identities that belong to users outside of your organization or tenant. These users may include business partners, vendors, customers, or individual consumers. Azure provides two specific identity services to cater to different scenarios of external identities: Azure Active Directory Business-to-Business (Azure AD B2B) and Azure Active Directory Business-to-Customer (Azure AD B2C).
Azure provides two powerful identity services to handle external identities: Azure AD B2B for collaborating with users from different organizations, and Azure AD B2C for managing consumer identities in customer-facing applications. These services enable organizations to securely manage external identities, deliver a seamless user experience, and foster collaboration and engagement with both business partners and individual consumers.
Question: What does Azure AD B2B enable organizations to do?
A) Provide Single Sign-On (SSO) for internal users.
B) Collaborate securely with external users from different organizations.
C) Create custom identity experiences for consumer-facing applications.
D) Manage access permissions for Azure resources.
Answer: B
Explanation: Azure AD B2B enables organizations to collaborate securely with external users from different organizations by inviting them to access specific applications or resources without the need for their own Azure AD tenant.
Question: What is the primary purpose of Azure AD B2C?
A) Providing Single Sign-On (SSO) for external users.
B) Managing access permissions for business partners.
C) Customizing identity experiences for consumer-facing applications.
D) Enabling access to Azure resources for consumer identities.
Answer: C
Explanation: Azure AD B2C is designed to customize identity experiences for consumer-facing applications, tailoring sign-up, sign-in, and profile management experiences for individual consumers or customers.
Question: Which Azure service supports social identity providers like Facebook and Google for authentication?
A) Azure Active Directory Business-to-Business (Azure AD B2B)
B) Azure Active Directory Business-to-Customer (Azure AD B2C)
C) Azure Kubernetes Service (AKS)
D) Azure Functions
Answer: B
Explanation: Azure AD B2C supports social identity providers like Facebook and Google, allowing consumers to sign in with their existing social accounts.
Question: What feature of Azure AD B2B allows organizations to enforce additional security requirements for external users?
A) Conditional Access
B) Single Sign-On (SSO)
C) Customizable Identity Experience
D) Self-Service Profile Management
Answer: A
Explanation: Azure AD B2B allows organizations to enforce additional security requirements for external users through Conditional Access policies, which can apply specific conditions to access, such as device compliance or location.
Question: Which Azure service provides APIs and hooks for integrating with external systems and customizing identity flows for consumer-facing applications?
A) Azure Active Directory Business-to-Business (Azure AD B2B)
B) Azure Active Directory Business-to-Customer (Azure AD B2C)
C) Azure Kubernetes Service (AKS)
D) Azure Functions
Answer: B
Explanation: Azure AD B2C provides APIs and hooks for integrating with external systems and customizing identity flows to meet the specific requirements of consumer-facing applications.
Question: In Azure AD B2B, what does an external user need to access resources in your organization?
A) Their own Azure AD tenant
B) An invitation from your organization
C) A valid credit card
D) Administrator permissions
Answer: B
Explanation: In Azure AD B2B, an external user needs to receive an invitation from your organization to access resources. The invitation allows them to collaborate securely without requiring their own Azure AD tenant.
Question: What type of applications is Azure AD B2C primarily designed for?
A) Internal applications used within an organization
B) Business-to-Business (B2B) collaboration applications
C) Consumer-facing applications
D) Azure Virtual Machines (VMs)
Answer: C
Explanation: Azure AD B2C is primarily designed for consumer-facing applications, providing a customizable identity experience for individual consumers or customers.
Question: Which Azure service provides automatic scaling for containerized applications using Kubernetes?
A) Azure Functions
B) Azure Kubernetes Service (AKS)
C) Azure App Service
D) Azure Container Instances (ACI)
Answer: B
Explanation: Azure Kubernetes Service (AKS) provides automatic scaling for containerized applications using Kubernetes, making it easy to manage and scale microservices-based architectures.
Question: How do external users in Azure AD B2B access shared resources within your organization?
A) They create a guest account within your organization’s Azure AD tenant.
B) They use their own work, school, or social identities to sign in after receiving an invitation.
C) They need to create an Azure AD tenant of their own to access the resources.
D) They need to be granted full administrative access to the resources.
Answer: B
Explanation: External users in Azure AD B2B use their own work, school, or social identities to sign in after receiving an invitation from your organization. They don’t need to create a guest account or their own Azure AD tenant.
Question: What is the benefit of using Azure AD B2C for consumer-facing applications?
A) Automatic scaling of resources
B) Integration with Azure Kubernetes Service (AKS)
C) Customizable identity experiences tailored for individual consumers
D) Access to Azure Virtual Machines (VMs)
Answer: C
Explanation: The benefit of using Azure AD B2C for consumer-facing applications is that it provides customizable identity experiences, allowing organizations to tailor sign-up, sign-in, and profile management for individual consumers, creating a seamless and branded user experience.
Topic – Describe Conditional Access in Azure AD
Conditional Access in Azure Active Directory (Azure AD) is a feature that allows organizations to enforce specific access controls and security policies based on various conditions. These conditions may include user identity, device health, location, or application sensitivity. With Conditional Access, organizations can ensure that users can access resources securely and meet specific security requirements before gaining access.
Conditional Access in Azure AD is a powerful tool that allows organizations to enforce access controls and security policies based on various conditions. By leveraging this feature, organizations can strengthen security, improve user experience, and maintain compliance across their Azure AD environment.
Question: What is the primary purpose of Conditional Access in Azure AD?
A) Enforce password policies for user sign-ins.
B) Create and manage user accounts in Azure AD.
C) Control and enforce access policies based on specific conditions.
D) Enable multi-factor authentication for all users.
Answer: C
Explanation: The primary purpose of Conditional Access in Azure AD is to control and enforce access policies based on specific conditions, such as user identity, device health, location, and application sensitivity.
Question: What are the factors used by Conditional Access policies to evaluate access requests?
A) User’s favorite color
B) User’s group membership
C) Number of emails sent per day
D) User’s home address
Answer: B
Explanation: Conditional Access policies use factors like user group membership, device compliance status, network location, and application sensitivity to evaluate access requests and determine whether access should be allowed or not.
Question: What can Conditional Access in Azure AD enforce based on device conditions?
A) The device brand and model
B) The number of devices associated with the user
C) The device compliance status
D) The device color
Answer: C
Explanation: Conditional Access in Azure AD can enforce access policies based on the device’s compliance status, ensuring that only trusted and compliant devices can access resources.
Question: In which scenarios can Conditional Access prompt users to perform additional authentication actions?
A) During user registration
B) When signing in from a familiar location
C) After user group membership changes
D) When accessing sensitive applications or resources
Answer: D
Explanation: Conditional Access can prompt users to perform additional authentication actions, such as Multi-Factor Authentication (MFA), when they are accessing sensitive applications or resources that require an extra layer of security.
Question: How can Conditional Access policies be applied in Azure AD?
A) To all users without exceptions
B) To specific users or groups
C) To all applications in the Azure AD tenant
D) To only Microsoft applications
Answer: B
Explanation: Conditional Access policies in Azure AD can be applied to specific users or groups, providing granular control over access rights based on the needs of different user roles or scenarios.
Question: Your organization wants to ensure that only compliant devices can access sensitive data stored in Microsoft 365 applications. How can you achieve this using Conditional Access in Azure AD?
A) Create a Conditional Access policy that enforces Multi-Factor Authentication (MFA) for all users.
B) Apply Conditional Access to all users without exceptions.
C) Implement a device compliance policy in Microsoft Intune and configure a Conditional Access policy to require compliance for access to Microsoft 365 applications.
D) Use Azure AD Identity Protection to automatically enforce access policies based on user risk scores.
Answer: C
Explanation: To ensure that only compliant devices can access sensitive data in Microsoft 365 applications, you should implement a device compliance policy in Microsoft Intune. Afterward, configure a Conditional Access policy that requires device compliance for access to Microsoft 365 applications.
Question: Your organization wants to limit access to Azure resources to only specific countries due to regulatory requirements. How can you achieve this using Conditional Access in Azure AD?
A) Create a Conditional Access policy that allows access only from specific IP addresses.
B) Enable Multi-Factor Authentication (MFA) for all users.
C) Configure a Conditional Access policy that restricts access based on user group membership.
D) Implement a Conditional Access policy that allows access only from trusted locations or countries.
Answer: D
Explanation: To limit access to Azure resources based on specific countries, you should implement a Conditional Access policy that allows access only from trusted locations or countries. This can be achieved by configuring the policy with the appropriate geographical conditions.
Scenario 3: Risk-Based Access
Question: Your organization wants to implement a risk-based access control approach, where users with high-risk sign-ins are required to perform additional authentication steps. How can you implement this using Conditional Access in Azure AD?
A) Create a Conditional Access policy that enforces Multi-Factor Authentication (MFA) for all users.
B) Configure a Conditional Access policy to block access for users with high-risk sign-ins.
C) Use Azure AD Identity Protection to automatically enforce access policies based on user risk scores.
D) Enable passwordless authentication for all users.
Answer: C
Explanation: To implement a risk-based access control approach, where users with high-risk sign-ins are required to perform additional authentication steps, you should use Azure AD Identity Protection. Identity Protection automatically enforces access policies based on user risk scores, allowing you to take appropriate actions for users with high-risk sign-ins.
Question: Your organization wants to protect corporate data accessed by users from personal devices and ensure that the data cannot be leaked or compromised. How can you achieve this using Conditional Access in Azure AD?
A) Configure a Conditional Access policy to require device compliance for accessing corporate data.
B) Enable Multi-Factor Authentication (MFA) for all users accessing corporate data from personal devices.
C) Implement app protection policies using Microsoft Intune to apply data loss prevention controls to corporate data accessed from specific applications.
D) Block access to corporate data from personal devices altogether.
Answer: C
Explanation: To protect corporate data accessed from personal devices, you should implement app protection policies using Microsoft Intune. App protection policies allow you to apply data loss prevention controls to specific applications, preventing data leakage or compromise while allowing secure access to corporate data on personal devices.
Topic – Describe cost management capabilities in Azure
Cost management capabilities in Azure refer to the various tools, features, and best practices available to help organizations effectively manage and optimize their cloud spending. Azure provides a range of cost management and optimization solutions to monitor, control, and reduce cloud costs. Cost management capabilities in Azure help organizations effectively monitor, control, and optimize their cloud spending. From real-time cost analysis and budget control to recommendations for cost optimization, Azure provides a suite of tools to ensure efficient use of cloud resources while maximizing cost savings.
Question: What is the primary purpose of Azure Cost Management and Billing?
A) To provide real-time monitoring of virtual machine performance.
B) To analyze and optimize cloud spending in Azure.
C) To enforce security policies for Azure resources.
D) To manage user access and permissions in Azure.
Answer: B
Explanation: The primary purpose of Azure Cost Management and Billing is to analyze and optimize cloud spending in Azure. It provides tools to monitor costs, set budgets, and receive recommendations for cost optimization.
Question: Which Azure service provides cost optimization recommendations based on best practices?
A) Azure Advisor
B) Azure Policy
C) Azure Monitor
D) Azure Security Center
Answer: A
Explanation: Azure Advisor provides cost optimization recommendations based on Azure best practices. It analyzes resource usage and configurations to suggest ways to optimize performance and reduce costs.
Question: How can organizations receive notifications when their Azure spending exceeds specific thresholds?
A) By using Azure Policy to enforce cost limits.
B) By setting up custom alerts and budgets in Azure Cost Management and Billing.
C) By enabling Azure Monitor for all resources.
D) By using Azure Advisor to analyze spending patterns.
Answer: B
Explanation: Organizations can receive notifications when their Azure spending exceeds specific thresholds by setting up custom alerts and budgets in Azure Cost Management and Billing.
Question: Which Azure cost management capability allows organizations to allocate spending limits for specific resources or departments?
A) Azure Policy
B) Azure Advisor
C) Azure Budgets and Alerts
D) Azure Cost Analysis and Reporting
Answer: C
Explanation: Azure Budgets and Alerts allow organizations to set budgets and allocate spending limits for specific resources or departments to control cloud spending.
Question: How can Azure Reserved Instances and Savings Plans help organizations reduce cloud costs?
A) By providing free credits for new Azure subscriptions.
B) By offering a discount on virtual machine usage when committing to long-term usage.
C) By providing cost analysis reports for all Azure services.
D) By automating resource deployments and management.
Answer: B
Explanation: Azure Reserved Instances and Savings Plans offer a discount on virtual machine usage when organizations commit to long-term usage, resulting in cost savings compared to pay-as-you-go pricing.
Question: Which Azure service allows organizations to apply data loss prevention controls to corporate data accessed from specific applications?
A) Azure Cost Management and Billing
B) Azure Advisor
C) Azure Policy
D) Microsoft Intune
Answer: D
Explanation: Microsoft Intune allows organizations to implement app protection policies, applying data loss prevention controls to corporate data accessed from specific applications.
Question: How can Azure Policy assist in cost management?
A) By providing cost optimization recommendations based on Azure best practices.
B) By enforcing access control policies for Azure resources.
C) By offering detailed cost analysis and reporting for cloud spending.
D) By setting rules and standards for resource creation and usage to ensure cost optimization.
Answer: D
Explanation: Azure Policy can assist in cost management by setting rules and standards for resource creation and usage, ensuring that resources are deployed according to cost optimization guidelines.
Question: What is the benefit of using tags in Azure for cost management?
A) Tags provide real-time monitoring of resource performance.
B) Tags enable users to access Azure resources securely.
C) Tags allow organizations to categorize resources, making it easier to track and allocate costs to specific projects or departments.
D) Tags automatically optimize the cost of virtual machines.
Answer: C
Explanation: Tags in Azure allow organizations to categorize resources, making it easier to track and allocate costs to specific projects or departments, thus aiding in cost management and resource allocation.
Question: Which Azure feature helps Enterprise Agreement (EA) customers gain deeper insights into their cloud spending and access advanced reporting and analytics capabilities?
A) Azure Advisor
B) Azure Monitor
C) Azure Cost Management and Billing for EA
D) Azure Policy
Answer: C
Explanation: Azure Cost Management and Billing for Enterprise Agreement (EA) customers provides advanced reporting and analytics capabilities to gain deeper insights into cloud spending for organizations with Enterprise Agreements.
Question: What does Azure Advisor do to help optimize cloud spending?
A) Enforce access control policies for Azure resources.
B) Monitor and provide detailed cost breakdowns of Azure spending.
C) Analyze resource usage and configurations to suggest ways to optimize performance and reduce costs.
D) Offer recommendations to implement data loss prevention controls.
Answer: C
Explanation: Azure Advisor analyzes resource usage and configurations to provide recommendations for optimizing performance and reducing costs based on Azure best practices.
Topic – Describe the purpose of Microsoft Purview in Azure
Microsoft Purview in Azure is a data governance service that provides a unified and holistic view of an organization’s data estate. It is designed to help organizations discover, catalog, and manage their data assets scattered across various sources, both on-premises and in the cloud. Purview facilitates data discovery, classification, and lineage, enabling organizations to gain insights into their data landscape, ensure data compliance, and improve data trustworthiness.
Question: What is the primary purpose of Microsoft Purview in Azure?
A) To provide real-time monitoring of virtual machine performance.
B) To catalog and manage an organization’s data assets across various sources and platforms.
C) To enforce access control policies for Azure resources.
D) To analyze and optimize cloud spending in Azure.
Answer: B
Explanation: The primary purpose of Microsoft Purview in Azure is to catalog and manage an organization’s data assets across various sources and platforms, providing a unified view of the data estate.
Question: What does Purview help organizations achieve by automatically classifying and labeling data assets?
A) Faster data processing speed
B) Improved data quality
C) Easier data backup and restore
D) Enhanced virtual machine performance
Answer: B
Explanation: By automatically classifying and labeling data assets, Purview helps organizations improve data quality, as it enables identification of sensitive information and data elements.
Question: What does data lineage in Microsoft Purview refer to?
A) Data access permissions for specific users
B) The movement and transformations of data across various data sources and systems
C) The total cost of ownership of data assets
D) The ability to catalog and search for data assets in real-time
Answer: B
Explanation: Data lineage in Microsoft Purview refers to the movement and transformations of data across various data sources and systems, providing insights into data flow and transformations.
Question: How does Microsoft Purview assist organizations in adhering to data governance policies and regulatory requirements?
A) By providing detailed cost analysis and reporting for cloud spending.
B) By enforcing access control policies for Azure resources.
C) By automatically classifying and labeling data assets based on sensitivity.
D) By offering visibility into data usage, access permissions, and data quality.
Answer: D
Explanation: Microsoft Purview assists organizations in adhering to data governance policies and regulatory requirements by offering visibility into data usage, access permissions, and data quality.
Question: What is the significance of Purview’s integration with other Azure services and data platforms?
A) It helps optimize virtual machine performance.
B) It allows for real-time monitoring of Azure resources.
C) It simplifies data governance and management tasks within the Azure ecosystem.
D) It provides data insights and analytics for all Azure services.
Answer: C
Explanation: The significance of Purview’s integration with other Azure services and data platforms is that it simplifies data governance and management tasks within the Azure ecosystem, enabling unified data management.
Question: Which of the following is a key benefit of using Microsoft Purview in Azure?
A) Real-time monitoring of serverless applications.
B) Improved data encryption for virtual machines.
C) Simplified data governance and compliance.
D) Advanced analytics for Azure SQL Database.
Answer: C
Explanation: A key benefit of using Microsoft Purview in Azure is simplified data governance and compliance, as it helps organizations catalog, classify, and manage their data assets to ensure data quality and compliance.
Question: How does Purview support data-driven decision-making within an organization?
A) By providing automatic backups and restores for data assets.
B) By optimizing virtual machine performance for critical workloads.
C) By offering detailed cost analysis and reporting for cloud spending.
D) By providing a unified and trusted view of data assets for insights and analytics.
Answer: D
Explanation: Purview supports data-driven decision-making within an organization by providing a unified and trusted view of data assets, empowering users to derive insights and analytics from trusted and up-to-date data.
Question: What does Microsoft Purview help organizations achieve with its data lineage capabilities?
A) Improved data classification accuracy.
B) Real-time data analysis for big data workloads.
C) Data movement and transformation tracking across various data sources.
D) Enhanced data integration with on-premises systems.
Answer: C
Explanation: Microsoft Purview helps organizations achieve data movement and transformation tracking across various data sources with its data lineage capabilities, providing insights into data flow and transformations.
Question: How can Purview’s data classification and labeling assist organizations in data compliance?
A) By automatically optimizing data storage costs.
B) By enforcing access control policies for Azure resources.
C) By providing real-time monitoring of data access.
D) By identifying and managing sensitive data to meet regulatory requirements.
Answer: D
Explanation: Purview’s data classification and labeling assist organizations in data compliance by identifying and managing sensitive data, allowing organizations to meet regulatory requirements and enforce data access controls.
Question: Which of the following capabilities in Microsoft Purview allows users to collaborate and share insights on data catalogs?
A) Real-time data monitoring and alerting.
B) Data classification and labeling.
C) Data lineage and relationship mapping.
D) Data catalog collaboration and sharing.
Answer: D
Explanation: The capability in Microsoft Purview that allows users to collaborate and share insights on data catalogs is “Data catalog collaboration and sharing.” This fosters data democratization and promotes a culture of data-driven decision-making within the organization.
Topic – Describe infrastructure as code (IaC)
Infrastructure as Code (IaC) is an approach to managing and provisioning computer infrastructure in a programmable and automated manner using code. Instead of manually configuring and setting up servers, networks, and other infrastructure components, IaC allows developers and system administrators to define and manage these resources through code, typically in a high-level programming language or a domain-specific language (DSL).
By adopting Infrastructure as Code in Microsoft Azure, organizations can achieve improved efficiency, enhanced collaboration between development and operations teams, better resource management, and ultimately, a more reliable and scalable infrastructure to support their applications and services.
Question: What is Infrastructure as Code (IaC)?
a) A programming language used to build infrastructure
b) A set of practices for managing infrastructure using code
c) A cloud service offered by Microsoft Azure
d) A security feature in Microsoft Azure
Answer: B
Explanation: Infrastructure as Code (IaC) is an approach that involves managing infrastructure through code, allowing for automated provisioning, configuration, and management of resources.
Question: Which of the following is NOT an advantage of using IaC in Microsoft Azure?
a) Improved consistency and repeatability
b) Reduced human errors in infrastructure configuration
c) Increased manual intervention for resource provisioning
d) Better collaboration among development and operations teams
Answer: C
Explanation: IaC reduces manual intervention by automating the provisioning process, leading to fewer human errors and increased consistency.
Question: Which Azure service is commonly used for Infrastructure as Code?
a) Azure Functions
b) Azure Kubernetes Service (AKS)
c) Azure Resource Manager (ARM)
d) Azure Logic Apps
Answer: C
Explanation: Azure Resource Manager (ARM) is the primary service in Microsoft Azure used for defining and deploying IaC templates.
Question: What is the file format used for defining Azure resources in an IaC template?
a) JSON (JavaScript Object Notation)
b) YAML (YAML Ain’t Markup Language)
c) XML (eXtensible Markup Language)
d) HTML (Hypertext Markup Language)
Answer: A
Explanation: IaC templates in Azure are typically written in JSON format, although YAML is also becoming popular.
Question: Which IaC tool is commonly used with Microsoft Azure and supports multiple cloud providers?
a) Terraform
b) AWS CloudFormation
c) Google Cloud Deployment Manager
d) Azure Resource Manager (ARM) Templates
Answer: A
Explanation: Terraform is an IaC tool that supports multiple cloud providers, including Microsoft Azure.
Question: Which Azure service provides a registry for storing and managing container images?
a) Azure Container Instances (ACI)
b) Azure Container Registry (ACR)
c) Azure Kubernetes Service (AKS)
d) Azure App Service
Answer: B
Explanation: Azure Container Registry (ACR) is a managed Docker container registry service in Azure, allowing you to store and manage container images securely.
Question: Which IaC principle ensures that running the same code multiple times will result in the same infrastructure state?
a) Idempotency
b) Scalability
c) Automation
d) Flexibility
Answer: A
Explanation: Idempotency ensures that running the same IaC code multiple times will always lead to the same desired infrastructure state.
Question: What is the purpose of using version control for IaC code?
a) To create backups of infrastructure resources
b) To track changes and collaborate among team members
c) To monitor the performance of infrastructure
d) To store API keys and sensitive data securely
Answer: B
Explanation: Version control allows teams to track changes made to IaC code, collaborate efficiently, and revert to previous versions if needed.
Question: Which Azure service is used for continuous integration and continuous deployment (CI/CD) of IaC templates?
a) Azure DevOps Services
b) Azure Monitor
c) Azure Virtual Machines (VMs)
d) Azure Security Center
Answer: A
Explanation: Azure DevOps Services provides tools for CI/CD pipelines, which can be used to automate the deployment of IaC templates.
Question: Which term refers to the practice of recreating infrastructure components instead of modifying them in place?
a) Scalability
b) Version control
c) Immutable Infrastructure
d) Idempotency
Answer: C
Explanation: Immutable Infrastructure refers to the practice of recreating infrastructure components when changes are needed, rather than modifying them in place. This ensures consistency and reliability in the infrastructure deployment process.
Topic – Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell
Azure Cloud Shell is a cloud-based interactive shell environment provided by Microsoft Azure that allows users to manage and interact with Azure resources through the command line. It offers both the Azure Command-Line Interface (CLI) and Azure PowerShell, pre-installed and ready to use without the need for any local installations. Azure Cloud Shell can be accessed through the Azure portal or directly via the Azure mobile app, making it convenient for users to work with Azure resources from anywhere.
Questions: What is Azure Cloud Shell?
a) A local command-line tool for managing Azure resources
b) A cloud-based interactive shell environment for managing Azure resources
c) A visual editor for creating Azure resources
d) A web-based interface for Azure management
Answer: B
Explanation: Azure Cloud Shell is a cloud-based shell environment that provides a command-line interface for managing Azure resources without requiring local installations.
Questions: Which programming language is Azure Command-Line Interface (CLI) built on?
a) Python
b) PowerShell
c) Bash
d) JavaScript
Answer: A
Explanation: Azure CLI is built on Python and offers cross-platform support for managing Azure resources.
Questions: Which operating systems does Azure Command-Line Interface (CLI) support?
a) Windows only
b) macOS only
c) Linux only
d) Windows, macOS, and Linux
Answer: D
Explanation: Azure CLI supports multiple operating systems, including Windows, macOS, and Linux.
Questions: Which Azure service can be used for managing and interacting with Azure resources using Azure CLI or Azure PowerShell?
a) Azure Monitor
b) Azure Cloud Shell
c) Azure App Service
d) Azure Virtual Machine
Answer: B
Explanation: Azure Cloud Shell provides an interactive shell environment for managing and interacting with Azure resources using Azure CLI or Azure PowerShell.
Questions: Which shell environment is used for Azure Command-Line Interface (CLI) in Azure Cloud Shell?
a) PowerShell
b) Bash
c) Command Prompt (CMD)
d) Zsh
Answer: B
Explanation: Azure CLI uses the Bash shell environment in Azure Cloud Shell.
Questions: Which scripting environment is used for Azure PowerShell in Azure Cloud Shell?
a) Python
b) PowerShell
c) Bash
d) JavaScript
Answer: B
Explanation: Azure PowerShell uses the PowerShell scripting environment in Azure Cloud Shell.
Questions: What is the key benefit of using Azure Cloud Shell?
a) Access to Azure Portal
b) Pre-installed development tools
c) Persistent storage for scripts and data
d) Local installation of Azure CLI and Azure PowerShell
Answer: C
Explanation: Azure Cloud Shell provides a persistent storage drive that allows users to store scripts, configuration files, and other data across sessions.
Questions: Which of the following is NOT a choice of shell environment in Azure Cloud Shell?
a) Bash
b) PowerShell
c) Command Prompt (CMD)
d) Zsh
Answer: C
Explanation: Azure Cloud Shell does not support the Command Prompt (CMD) shell environment.
Questions: What is the purpose of Azure CLI and Azure PowerShell in Azure Cloud Shell?
a) To visualize Azure resources in a web-based interface
b) To create and manage Azure resources using code-based templates
c) To manage Azure resources using a local command-line tool
d) To provide analytics and insights for Azure resources
Answer: B
Explanation: Azure CLI and Azure PowerShell in Azure Cloud Shell are used for managing Azure resources through code-based templates and scripts.
Questions: How is Azure Cloud Shell accessed?
a) Via the Azure portal or the Azure mobile app
b) By installing the Azure Cloud Shell application on the local machine
c) Only through the Azure mobile app
d) By installing Azure CLI and Azure PowerShell locally
Answer: A
Explanation: Azure Cloud Shell can be accessed through the Azure portal or the Azure mobile app, providing a convenient way to manage Azure resources from anywhere.
Questions: What type of storage does Azure Cloud Shell provide for users?
a) Cloud-based storage using Azure Blob Storage
b) Persistent storage on the local machine
c) Temporary storage limited to the current session
d) Network-attached storage (NAS)
Answer: C
Explanation: Azure Cloud Shell provides temporary storage that is limited to the current session. The storage is automatically mounted, and the contents are deleted after the session ends.
Questions: Which of the following shells is commonly used with Azure PowerShell?
a) Bash
b) PowerShell Core
c) Zsh
d) CMD
Answer: B
Explanation: Azure PowerShell is commonly used with PowerShell Core, which is cross-platform and can run on Windows, macOS, and Linux.
Questions: What is the command used to view the list of available commands in Azure CLI?
a) az –list
b) az –help
c) az commands
d) az help
Answer: D
Explanation: The az help command displays the list of available commands and provides details about how to use them.
Questions: Which Azure service can be used to create and manage Kubernetes clusters using Azure CLI or Azure PowerShell?
a) Azure Container Registry (ACR)
b) Azure Kubernetes Service (AKS)
c) Azure Logic Apps
d) Azure Functions
Answer: B
Explanation: Azure Kubernetes Service (AKS) allows users to create and manage Kubernetes clusters in Azure using Azure CLI or Azure PowerShell.
Questions: What is the purpose of using Azure Cloud Shell directly from the Azure mobile app?
a) To access Azure resources offline
b) To manage billing and subscriptions
c) To troubleshoot networking issues
d) To manage Azure resources on the go
Answer: D
Explanation: Accessing Azure Cloud Shell from the Azure mobile app allows users to manage Azure resources from their mobile devices, providing flexibility and convenience while on the go.
Expert Corner
The latest exam topics as per the AZ-900 July 2023 Exam Updates provides an overview and allows to assess your knowledge and identify areas for improvement. It is important to note that preparing from AZ-900 online exam dumps is not recommended as they may not include real-time scenarios and could be outdated with the latest exam updates. Microsoft follows a stringent study guide and preparation methodology.
Instead, it is advisable to focus on the key exam objectives and utilize the available Microsoft Instructor-led resources for better results. We recommend taking mock tests to gauge your understanding of the concepts and ensure a good score before proceeding with the actual exam.
For effective preparation, Testprep training offers an online course, tutorials, and practice exam questions specifically designed for the AZ-900 exam, which can greatly aid in navigating your preparation process. This comprehensive approach will help you build a solid foundation and boost your confidence before taking the exam.