← Previous Chapter 19 — Azure Compliance & Privacy
Chapter 20 of 20 AZ-900 (Azure Fundamentals Certification) ↑ Index
You’ve reached the last chapter
AZ-900 (Azure Fundamentals Certification) Chapter 20 of 20 by ClinuxTech

Chapter 20 — AZ-900 Exam Preparation Guide

You've Made It!

You've covered all three AZ-900 exam domains:

  • Domain 1: Cloud Concepts (Chapters 02–06)

  • Domain 2: Azure Architecture & Services (Chapters 07–15)

  • Domain 3: Azure Management & Governance (Chapters 16–19)

This final chapter is your exam preparation toolkit — study strategies, tips, practice questions, and an exam-day checklist.

AZ-900 Exam at a Glance (Refresher)

Detail

Info

Exam code

AZ-900

Duration

45–60 minutes

Questions

40–60

Passing score

700 / 1000

Question types

Multiple choice, multi-select, drag-and-drop, scenario-based

Price

~$165 USD (varies by country)

Validity

Lifetime (foundational certs don't expire)

Domain Weightage (Study Priority)

Domain 2: Azure Architecture & Services   35–40%  ← Study most
Domain 3: Azure Management & Governance   30–35%  ← Study second
Domain 1: Cloud Concepts                  25–30%  ← Study third

Total: 100%

Recommended Study Schedule

2-Week Plan (Part-Time — ~2 hours/day)

Day

Focus

Day 1

Chapter 01–03: Intro, What is Cloud, Benefits

Day 2

Chapter 04–06: IaaS/PaaS/SaaS, Deployment Models, Shared Responsibility

Day 3

Chapter 07–08: Global Infrastructure, Resources & Organization

Day 4

Chapter 09–10: Compute Services, Networking

Day 5

Chapter 11–12: Storage, Databases

Day 6

Chapter 13–14: Identity, Security

Day 7

Chapter 15: Monitoring & Management + Review Week 1

Day 8

Chapter 16–17: Cost Management, Governance Tools

Day 9

Chapter 18–19: Locks/Tags/Arc, Compliance

Day 10

Full review + flashcard review

Day 11

Practice exam #1 — identify weak areas

Day 12

Review weak areas from practice exam

Day 13

Practice exam #2 — full timed attempt

Day 14

Light review + rest before exam

4-Week Plan (Casual — ~1 hour/day)

Spread the 2-week plan across 4 weeks, covering one chapter per day with extra time for review and practice tests.

Key Topics to Know Cold

Domain 1: Cloud Concepts

Topic

What to Know

Cloud definition

On-demand, internet-delivered IT resources

5 NIST characteristics

On-demand, broad access, pooling, elasticity, measured

CapEx vs. OpEx

CapEx = upfront, OpEx = pay-as-you-go

IaaS / PaaS / SaaS

What you manage vs. provider manages

Deployment models

Public, Private, Hybrid differences

Cloud benefits

HA, scalability, elasticity, agility, DR, geo-distribution

Shared responsibility

Who owns what per service model

Domain 2: Azure Architecture & Services

Topic

What to Know

Regions & AZs

Region = geography area; AZ = separate DC within region

Region pairs

300+ miles apart, sequential updates, DR

Resource hierarchy

Resource → RG → Subscription → Management Group

VMs

IaaS, you manage OS, VM Scale Sets for auto-scaling

App Service

PaaS, managed web hosting, no OS management

Functions

Serverless, pay per execution, event-triggered

VNet

Private network in Azure

VPN Gateway

Encrypted tunnel over internet

ExpressRoute

Private dedicated connection — no internet

Blob tiers

Hot / Cool / Cold / Archive

SQL Database vs. Managed Instance

Managed Instance = more SQL Server features

Cosmos DB

Global NoSQL, 5 nines SLA, multiple APIs

Entra ID

Cloud identity, NOT traditional AD

MFA

Blocks 99.9% of attacks

Conditional Access

Policy-based smart access control

Defender for Cloud

Secure score + threat protection

Key Vault

Store secrets, keys, certificates

DDoS Protection

Basic (free) vs. Standard (paid)

Domain 3: Management & Governance

Topic

What to Know

Pricing Calculator

Estimate costs BEFORE deployment

TCO Calculator

Compare on-premises vs. Azure cost

Cost Management

Monitor ACTUAL spend

Reservations

Up to 72% savings for 1-3 year commitment

Azure Policy

Enforce rules — Deny, Audit, Append effects

Initiatives

Groups of policies

RBAC

Owner > Contributor > Reader

Resource locks

CanNotDelete vs. ReadOnly

Tags

Key-value metadata for cost/management

Azure Arc

Non-Azure resources in Azure management

Azure Monitor

Metrics, logs, alerts

Azure Advisor

Recommendations for cost, security, reliability

Service Health

Azure outage notifications

Trust Center

Microsoft compliance/privacy hub

GDPR

EU data protection law

Compliance Manager

Compliance score and action items

Commonly Confused Pairs (Exam Traps)

These pairs trip up many candidates. Know them cold:

Pair

Key Difference

Azure AD vs. Entra ID

Same thing — Entra ID is the new name

Authentication vs. Authorization

Auth-N = who you are; Auth-Z = what you can do

VPN Gateway vs. ExpressRoute

VPN = over internet (cheaper); ExpressRoute = private line

Availability Zone vs. Region Pair

AZ = within region; Region Pair = two regions

CapEx vs. OpEx

CapEx = buy; OpEx = rent/subscribe

IaaS vs. PaaS

IaaS = manage OS; PaaS = just deploy code

Azure SQL DB vs. SQL Managed Instance

MI has more SQL Server features, better migration fit

Pricing Calculator vs. TCO Calculator

Pricing = estimate Azure cost; TCO = compare vs. on-prem

Locks vs. RBAC

RBAC = who can act; Locks = prevent actions regardless of RBAC

Azure Monitor vs. Azure Advisor

Monitor = metrics/logs; Advisor = recommendations

NSG vs. Azure Firewall

NSG = basic VNet filter; Firewall = full managed service

Blob Hot vs. Archive

Hot = frequent access; Archive = offline, needs rehydration

Sample Practice Questions

Question 1

Which cloud deployment model is BEST for a company that needs to keep patient health records on-premises for compliance, but wants to use cloud for their public website?

  • A) Public cloud

  • B) Private cloud

  • C) Hybrid cloud

  • D) Multi-cloud

Answer: C — Hybrid cloud combines on-premises (private) for sensitive data with public cloud for general workloads.

Question 2

A company wants to ensure that no Azure resources can be created outside of the East US and West Europe regions. Which Azure service should they use?

  • A) Azure RBAC

  • B) Resource locks

  • C) Azure Policy

  • D) Azure Blueprints

Answer: C — Azure Policy with the "Allowed locations" built-in policy can deny resource creation outside specified regions.

Question 3

Which of the following is ALWAYS the customer's responsibility, regardless of the cloud service model?

  • A) Operating system patching

  • B) Physical data center security

  • C) Customer data and identity management

  • D) Virtualization infrastructure

Answer: C — Data and identity are always the customer's responsibility in all service models.

Question 4

An organization needs to connect their on-premises data center to Azure with guaranteed bandwidth, consistent latency, and without using the public internet. Which service should they use?

  • A) Azure VPN Gateway

  • B) Azure ExpressRoute

  • C) Azure Content Delivery Network

  • D) Azure Virtual Network Peering

Answer: B — ExpressRoute provides a private, dedicated connection to Azure that does not traverse the internet.

Question 5

Which Azure tool provides a PERSONALIZED recommendation to resize an underutilized virtual machine to reduce costs?

  • A) Azure Monitor

  • B) Azure Policy

  • C) Azure Advisor

  • D) Azure Cost Management

Answer: C — Azure Advisor provides personalized cost, security, reliability, and performance recommendations.

Question 6

Which Blob storage access tier has the LOWEST storage cost but requires data to be rehydrated before access?

  • A) Hot

  • B) Cool

  • C) Cold

  • D) Archive

Answer: D — Archive is the cheapest tier but data is offline and must be rehydrated (takes hours) before access.

Question 7

What is the purpose of Azure Availability Zones?

  • A) To replicate data to a secondary geographic region

  • B) To protect applications from failures in individual data centers within a region

  • C) To allow resources to be deployed globally in multiple regions

  • D) To separate billing for different departments

Answer: B — Availability Zones are separate data centers within a region with independent power, cooling, and networking.

Question 8

A company wants to allow their partners to access their Azure resources using the partners' own organizational credentials. Which feature should they use?

  • A) Azure AD B2C

  • B) Azure AD B2B

  • C) Self-Service Password Reset

  • D) Conditional Access

Answer: B — Azure AD B2B allows external partners to use their own identities to access your resources.

Question 9

Which of the following is a characteristic of the consumption-based cloud pricing model?

  • A) Pay a fixed monthly fee regardless of usage

  • B) Pay upfront for maximum anticipated capacity

  • C) Pay only for what you actually use

  • D) Share costs with other cloud customers

Answer: C — The consumption-based model means you pay only for the resources you actually consume.

Question 10

Which resource lock type prevents both modifications and deletions of an Azure resource?

  • A) CanNotDelete

  • B) CanNotModify

  • C) ReadOnly

  • D) DoNotRemove

Answer: C — ReadOnly prevents both modifications and deletions. CanNotDelete allows modifications but prevents deletion.

Exam-Day Checklist

Before the Exam

  • Good night's sleep — you're taking the exam, not cramming at 3 AM

  • Review your weakest domain one more time

  • Know the exam format (multiple choice, drag-and-drop, scenario-based)

  • Have valid government photo ID ready

For Online Proctored Exams (At Home)

  • Quiet room with no interruptions for 60 minutes

  • Stable, fast internet connection

  • Webcam and microphone working

  • Desktop cleared — only computer, monitor, keyboard, mouse

  • No phones or additional monitors in the room

  • Check-in 15–30 minutes before your scheduled time

During the Exam

  • Read every question carefully — AZ-900 uses precise wording

  • For scenario questions, identify WHAT problem is being solved first

  • Eliminate obviously wrong answers first

  • Don't overthink — go with your strongest first instinct

  • Flag uncertain questions and return to them

  • Watch the clock — you have about 60–90 seconds per question

After the Exam

  • Results displayed immediately after submission

  • Digital badge delivered within 24–48 hours via Credly

  • Share badge directly on LinkedIn from Credly

  • Celebrate — you earned it!

Free Study Resources

Resource

URL

Microsoft Learn AZ-900 path

learn.microsoft.com

AZ-900 Exam Skills Outline

Download PDF from the AZ-900 exam page

Azure Free Account ($200 credit)

azure.microsoft.com/free

Microsoft Virtual Training Day

Free instructor-led AZ-900 event — often includes exam voucher

Azure Documentation

learn.microsoft.com/en-us/azure

Final Quick-Reference Cheat Sheet

Cloud Types:   IaaS / PaaS / SaaS (less control → less work)
Deployment:    Public / Private / Hybrid
Benefits:      HA, Scalability, Elasticity, Agility, DR, Geo, CapEx→OpEx

Infrastructure:
  Region (60+) → AZ (3/region) → Region Pair (300+ miles apart)
  Hierarchy: Resource → RG → Subscription → Management Group

Compute:       VM (IaaS) | App Service (PaaS) | Functions (Serverless) | AKS
Network:       VNet | NSG | VPN (internet) | ExpressRoute (private)
Storage:       Blob (Hot→Archive) | File | Queue | Table | Disk
Database:      SQL DB | SQL MI | MySQL | PostgreSQL | Cosmos DB (NoSQL)
Identity:      Entra ID | SSO | MFA | Conditional Access | RBAC
Security:      Defender | Sentinel | Key Vault | DDoS | Firewall

Cost:          Pricing Calc | TCO Calc | Cost Management | Reservations
Governance:    Policy (Deny/Audit) | Blueprints | RBAC | Locks | Tags
Compliance:    Trust Center | GDPR | ISO | SOC | Purview | Compliance Manager
Monitoring:    Azure Monitor | Log Analytics | App Insights | Advisor | Service Health

Official References

You've completed all 20 chapters. Good luck on your AZ-900 exam!

 

Tags: Azure Azure Tutorial Cloud Computing Azure Beginner Microsoft Azure Az900
← Previous Chapter Chapter 19 — Azure Compliance & Privacy
View All Chapters
Course Complete → Back to AZ-900 (Azure Fundamentals Certification) Index