Microsoft Azure AZ-900 Best Exam Study Guide
2021: Complete Certification Prep with Practice
Questions, Cloud Concepts, and Key Topics
Explained
Scenario 1: Your company has a server named FinServer that requires highly isolated network
communication from all other servers.
Question: Which Azure solution should you recommend to meet this requirement?
A. a resource group for FinServer and another resource group for all the other servers
B. a virtual network for FinServer and another virtual network for all the other servers
C. a VPN for FinServer and a virtual network gateway for each other server
D. one resource group for all the servers and a resource lock for FinServer
Correct Answer: B. a virtual network for FinServer and another virtual network for all the other
servers
Rationale:
• B. a virtual network for FinServer and another virtual network for all the other servers:
Azure Virtual Networks (VNets) provide network isolation. By placing FinServer in its
own VNet and all other servers in a separate VNet, you ensure that network
communication between them is isolated by default. Communication between separate
VNets requires explicit peering or VPN gateways, providing the desired "highly isolated
network communication."
• A. a resource group for FinServer and another resource group for all the other servers:
Resource groups are logical containers for Azure resources. They aid in management,
billing, and permissions, but they do not provide network isolation. Resources in
different resource groups can still reside in the same virtual network and communicate.
• C. a VPN for FinServer and a virtual network gateway for each other server: This is an
overly complex and unnecessary solution for achieving isolation within Azure. VPNs are
, typically used to connect on-premises networks to Azure VNets, or to connect VNets
across regions that don't support peering. It doesn't simplify or directly provide isolation
for individual servers within Azure.
• D. one resource group for all the servers and a resource lock for FinServer: A resource
lock prevents accidental deletion or modification of a resource. It has no bearing on
network isolation or communication.
Scenario 2: You plan to map a network drive from several computers that run Windows 10 to
Azure Storage. You need to create a storage solution in Azure for the planned mapped drive.
Question: What should you create?
A. an Azure SQL database
B. a virtual machine data disk
C. a Files service in a storage account
D. a Blobs service in a storage account
Correct Answer: C. a Files service in a storage account
Rationale:
• C. a Files service in a storage account (Azure Files): Azure Files provides fully managed
file shares in the cloud that are accessible via the industry-standard Server Message
Block (SMB) protocol. This allows Windows 10 computers (and Linux/macOS) to mount
these shares directly as network drives, just like traditional file shares on an on-premises
server.
• A. an Azure SQL database: Azure SQL Database is a relational database service, not a file
share service.
• B. a virtual machine data disk: A virtual machine data disk is block-level storage
attached to a specific Azure Virtual Machine. It cannot be directly mapped as a network
drive from external computers without setting up file sharing on the VM itself.
• D. a Blobs service in a storage account (Azure Blob Storage): Azure Blob Storage is
optimized for storing large amounts of unstructured object data (like documents,
images, videos). While data can be accessed via APIs or tools like Azure Storage Explorer,
it cannot be directly mapped as a network drive using standard SMB protocols.
, Scenario 3: HOTSPOT - You plan to implement an Azure database solution. You need to
implement a database solution that meets the following requirements:
• Can add data concurrently from multiple regions
• Can store JSON documents
Question: Which database service should you deploy? To answer, select the appropriate service
in the answer area.
Hot Area Options:
• Azure Cosmos DB
• SQL databases
• Azure Database for MySQL servers
• Azure Database for PostgreSQL servers
Correct Answer: Azure Cosmos DB
Rationale:
• Azure Cosmos DB is a globally distributed, multi-model database service. It is specifically
designed to:
o Add data concurrently from multiple regions: It offers multi-master write
capabilities, allowing data to be written to any region where your database is
replicated, enabling low-latency, concurrent writes from globally distributed
users.
o Store JSON documents: Cosmos DB natively supports various data models,
including DocumentDB (for JSON documents), Cassandra, Gremlin (graph), and
Table. Its core document model is JSON.
• SQL databases (like Azure SQL Database) are relational databases and primarily store
structured data, not natively optimized for JSON documents or multi-master global
writes.
• Azure Database for MySQL servers and Azure Database for PostgreSQL servers are
managed relational database services for open-source database engines. They are not
designed for native JSON document storage or multi-master global write capabilities
required here.
2021: Complete Certification Prep with Practice
Questions, Cloud Concepts, and Key Topics
Explained
Scenario 1: Your company has a server named FinServer that requires highly isolated network
communication from all other servers.
Question: Which Azure solution should you recommend to meet this requirement?
A. a resource group for FinServer and another resource group for all the other servers
B. a virtual network for FinServer and another virtual network for all the other servers
C. a VPN for FinServer and a virtual network gateway for each other server
D. one resource group for all the servers and a resource lock for FinServer
Correct Answer: B. a virtual network for FinServer and another virtual network for all the other
servers
Rationale:
• B. a virtual network for FinServer and another virtual network for all the other servers:
Azure Virtual Networks (VNets) provide network isolation. By placing FinServer in its
own VNet and all other servers in a separate VNet, you ensure that network
communication between them is isolated by default. Communication between separate
VNets requires explicit peering or VPN gateways, providing the desired "highly isolated
network communication."
• A. a resource group for FinServer and another resource group for all the other servers:
Resource groups are logical containers for Azure resources. They aid in management,
billing, and permissions, but they do not provide network isolation. Resources in
different resource groups can still reside in the same virtual network and communicate.
• C. a VPN for FinServer and a virtual network gateway for each other server: This is an
overly complex and unnecessary solution for achieving isolation within Azure. VPNs are
, typically used to connect on-premises networks to Azure VNets, or to connect VNets
across regions that don't support peering. It doesn't simplify or directly provide isolation
for individual servers within Azure.
• D. one resource group for all the servers and a resource lock for FinServer: A resource
lock prevents accidental deletion or modification of a resource. It has no bearing on
network isolation or communication.
Scenario 2: You plan to map a network drive from several computers that run Windows 10 to
Azure Storage. You need to create a storage solution in Azure for the planned mapped drive.
Question: What should you create?
A. an Azure SQL database
B. a virtual machine data disk
C. a Files service in a storage account
D. a Blobs service in a storage account
Correct Answer: C. a Files service in a storage account
Rationale:
• C. a Files service in a storage account (Azure Files): Azure Files provides fully managed
file shares in the cloud that are accessible via the industry-standard Server Message
Block (SMB) protocol. This allows Windows 10 computers (and Linux/macOS) to mount
these shares directly as network drives, just like traditional file shares on an on-premises
server.
• A. an Azure SQL database: Azure SQL Database is a relational database service, not a file
share service.
• B. a virtual machine data disk: A virtual machine data disk is block-level storage
attached to a specific Azure Virtual Machine. It cannot be directly mapped as a network
drive from external computers without setting up file sharing on the VM itself.
• D. a Blobs service in a storage account (Azure Blob Storage): Azure Blob Storage is
optimized for storing large amounts of unstructured object data (like documents,
images, videos). While data can be accessed via APIs or tools like Azure Storage Explorer,
it cannot be directly mapped as a network drive using standard SMB protocols.
, Scenario 3: HOTSPOT - You plan to implement an Azure database solution. You need to
implement a database solution that meets the following requirements:
• Can add data concurrently from multiple regions
• Can store JSON documents
Question: Which database service should you deploy? To answer, select the appropriate service
in the answer area.
Hot Area Options:
• Azure Cosmos DB
• SQL databases
• Azure Database for MySQL servers
• Azure Database for PostgreSQL servers
Correct Answer: Azure Cosmos DB
Rationale:
• Azure Cosmos DB is a globally distributed, multi-model database service. It is specifically
designed to:
o Add data concurrently from multiple regions: It offers multi-master write
capabilities, allowing data to be written to any region where your database is
replicated, enabling low-latency, concurrent writes from globally distributed
users.
o Store JSON documents: Cosmos DB natively supports various data models,
including DocumentDB (for JSON documents), Cassandra, Gremlin (graph), and
Table. Its core document model is JSON.
• SQL databases (like Azure SQL Database) are relational databases and primarily store
structured data, not natively optimized for JSON documents or multi-master global
writes.
• Azure Database for MySQL servers and Azure Database for PostgreSQL servers are
managed relational database services for open-source database engines. They are not
designed for native JSON document storage or multi-master global write capabilities
required here.
