AZ-900 Microsoft Azure Fundamentals Real Exam
Questions: Updated 2025 Practice Test with Verified
Answers and Study Tips
Scenario 1: Which cloud computing features allow a company to provide services worldwide
during a power outage?
Question: Which cloud computing features allow a company to provide services worldwide
during a power outage?
A. Local Caching and Content Delivery Networks (CDNs)
B. Global Scalability and Data Replication
C. On-premises Backup and Recovery
D. Single Data Center Deployment
Correct Answer: B. Global Scalability and Data Replication
Rationale:
• Global Scalability means the ability to distribute and provision resources across multiple
geographic regions and data centers.
• Data Replication involves synchronously or asynchronously copying data to multiple
locations.
• Together, these features allow services to failover to a different region if one region
experiences a power outage, ensuring worldwide availability.
• Local caching and CDNs primarily improve performance but don't inherently guarantee
service during a regional power outage.
• On-premises backup and recovery would not help if the company's own premises have a
power outage or if they've migrated entirely to the cloud.
• Single data center deployment makes the service vulnerable to a single point of failure
like a power outage.
,Scenario 2: Contoso Construction Inc. wants to move its services to the cloud but needs a
private on-premises network that is connected securely to the public cloud network.
Question: Which Microsoft Azure services can offer a secure hybrid cloud model with the
required security features?
A. Azure DNS, Azure Traffic Manager, Azure Front Door
B. Virtual Networks, ExpressRoute, VPN Gateway (Site-to-Site/Point-to-Site)
C. Azure App Service, Azure Functions, Azure Logic Apps
D. Azure Active Directory, Azure Key Vault, Azure Security Center
Correct Answer: B. Virtual Networks, ExpressRoute, VPN Gateway (Site-to-Site/Point-to-Site)
Rationale:
• Virtual Networks (VNets) are fundamental in Azure for creating isolated network
environments where your cloud resources reside and allow for secure connectivity.
• ExpressRoute provides a private, dedicated, high-bandwidth connection between your
on-premises network and Azure, offering higher reliability and speed than typical
internet connections.
• VPN Gateway (Site-to-Site VPN) allows for secure IPsec/IKE encrypted tunnels over the
public internet between your on-premises network and an Azure VNet. (The provided
answer mentioned "Hybrid connections", which can also refer to Azure Relay for specific
application-level connectivity, or more broadly to the concept of hybrid networking
itself). VPN Gateway and ExpressRoute are the core services for establishing network-
level secure hybrid connectivity.
• Options A, C, and D are either related to web traffic management, platform services, or
identity/security management, but not the core network connectivity for a secure hybrid
cloud model.
Scenario 3: Which packaged offering includes software and hardware, allowing a customer to
run Azure services on-premises, making it easier to transfer applications to the cloud with
minimal amount of work?
Question: Which packaged offering includes software and hardware, allowing a customer to run
Azure services on-premises, making it easier to transfer applications to the cloud with minimal
amount of work?
,A. Azure Stack
B. Azure Arc
C. Azure VMware Solution
D. Azure Sentinel
Correct Answer: A. Azure Stack
Rationale:
• Azure Stack is a portfolio of products (e.g., Azure Stack Hub, HCI) that extends Azure
services and capabilities to your on-premises environment. Azure Stack Hub, specifically,
is an integrated system of software and validated hardware that allows you to run Azure
services and applications in your data center, providing a consistent Azure experience for
hybrid cloud scenarios. This consistency minimizes the work required to transfer
applications between on-premises and Azure.
• Azure Arc extends Azure management to any infrastructure (on-premises, multi-cloud)
but doesn't provide the ability to run Azure services on that infrastructure directly as an
integrated hardware/software solution.
• Azure VMware Solution allows you to run your VMware environment natively on Azure,
not to run Azure services on-premises.
• Azure Sentinel is a cloud-native Security Information and Event Management (SIEM)
service.
Scenario 4: What is the actual difference between a public and a private cloud?
Question: What is the actual difference between a public and a private cloud?
A. Cost and management responsibility.
B. Infrastructure and data privacy.
C. Scalability and elasticity.
D. Application types supported.
Correct Answer: B. Infrastructure and data privacy.
Rationale:
, • The fundamental difference lies in the ownership and management of the underlying
infrastructure and the resulting implications for data privacy and security.
• In a public cloud, the infrastructure is owned and managed by a third-party cloud
provider and shared among multiple tenants (multi-tenancy). Data privacy relies on the
provider's security measures and isolation mechanisms.
• In a private cloud, the infrastructure is dedicated to a single organization, which typically
owns, manages, and has exclusive control over it, leading to higher levels of data privacy
and dedicated security.
• While cost, management responsibility, scalability, elasticity, and application types can
differ, they are consequences of the underlying infrastructure and privacy models, not
the core distinguishing factor.
Scenario 5: Match each of the Azure cloud services with its correct description by dragging the
sort elements into the corresponding boxes.
Question: Match the following Azure cloud concepts with their correct descriptions:
Concepts:
1. Governance
2. Reliability
3. High Availability
4. Manageability
Descriptions:
a. Ensuring all related VMs are allocated in the same infrastructure using fault tolerance.
b. Monitoring cloud resources using application insights and alerts.
c. Policies that prevent users from creating resources that carry high costs.
d. Guarantees network, power, and system uptime close to 100%.
Correct Matchings:
• Governance: c. Policies that prevent users from creating resources that carry high costs.
• Reliability: a. Ensuring all related VMs are allocated in the same infrastructure using
fault tolerance. (Note: The rationale for "Reliability" in the original text seems to be
Questions: Updated 2025 Practice Test with Verified
Answers and Study Tips
Scenario 1: Which cloud computing features allow a company to provide services worldwide
during a power outage?
Question: Which cloud computing features allow a company to provide services worldwide
during a power outage?
A. Local Caching and Content Delivery Networks (CDNs)
B. Global Scalability and Data Replication
C. On-premises Backup and Recovery
D. Single Data Center Deployment
Correct Answer: B. Global Scalability and Data Replication
Rationale:
• Global Scalability means the ability to distribute and provision resources across multiple
geographic regions and data centers.
• Data Replication involves synchronously or asynchronously copying data to multiple
locations.
• Together, these features allow services to failover to a different region if one region
experiences a power outage, ensuring worldwide availability.
• Local caching and CDNs primarily improve performance but don't inherently guarantee
service during a regional power outage.
• On-premises backup and recovery would not help if the company's own premises have a
power outage or if they've migrated entirely to the cloud.
• Single data center deployment makes the service vulnerable to a single point of failure
like a power outage.
,Scenario 2: Contoso Construction Inc. wants to move its services to the cloud but needs a
private on-premises network that is connected securely to the public cloud network.
Question: Which Microsoft Azure services can offer a secure hybrid cloud model with the
required security features?
A. Azure DNS, Azure Traffic Manager, Azure Front Door
B. Virtual Networks, ExpressRoute, VPN Gateway (Site-to-Site/Point-to-Site)
C. Azure App Service, Azure Functions, Azure Logic Apps
D. Azure Active Directory, Azure Key Vault, Azure Security Center
Correct Answer: B. Virtual Networks, ExpressRoute, VPN Gateway (Site-to-Site/Point-to-Site)
Rationale:
• Virtual Networks (VNets) are fundamental in Azure for creating isolated network
environments where your cloud resources reside and allow for secure connectivity.
• ExpressRoute provides a private, dedicated, high-bandwidth connection between your
on-premises network and Azure, offering higher reliability and speed than typical
internet connections.
• VPN Gateway (Site-to-Site VPN) allows for secure IPsec/IKE encrypted tunnels over the
public internet between your on-premises network and an Azure VNet. (The provided
answer mentioned "Hybrid connections", which can also refer to Azure Relay for specific
application-level connectivity, or more broadly to the concept of hybrid networking
itself). VPN Gateway and ExpressRoute are the core services for establishing network-
level secure hybrid connectivity.
• Options A, C, and D are either related to web traffic management, platform services, or
identity/security management, but not the core network connectivity for a secure hybrid
cloud model.
Scenario 3: Which packaged offering includes software and hardware, allowing a customer to
run Azure services on-premises, making it easier to transfer applications to the cloud with
minimal amount of work?
Question: Which packaged offering includes software and hardware, allowing a customer to run
Azure services on-premises, making it easier to transfer applications to the cloud with minimal
amount of work?
,A. Azure Stack
B. Azure Arc
C. Azure VMware Solution
D. Azure Sentinel
Correct Answer: A. Azure Stack
Rationale:
• Azure Stack is a portfolio of products (e.g., Azure Stack Hub, HCI) that extends Azure
services and capabilities to your on-premises environment. Azure Stack Hub, specifically,
is an integrated system of software and validated hardware that allows you to run Azure
services and applications in your data center, providing a consistent Azure experience for
hybrid cloud scenarios. This consistency minimizes the work required to transfer
applications between on-premises and Azure.
• Azure Arc extends Azure management to any infrastructure (on-premises, multi-cloud)
but doesn't provide the ability to run Azure services on that infrastructure directly as an
integrated hardware/software solution.
• Azure VMware Solution allows you to run your VMware environment natively on Azure,
not to run Azure services on-premises.
• Azure Sentinel is a cloud-native Security Information and Event Management (SIEM)
service.
Scenario 4: What is the actual difference between a public and a private cloud?
Question: What is the actual difference between a public and a private cloud?
A. Cost and management responsibility.
B. Infrastructure and data privacy.
C. Scalability and elasticity.
D. Application types supported.
Correct Answer: B. Infrastructure and data privacy.
Rationale:
, • The fundamental difference lies in the ownership and management of the underlying
infrastructure and the resulting implications for data privacy and security.
• In a public cloud, the infrastructure is owned and managed by a third-party cloud
provider and shared among multiple tenants (multi-tenancy). Data privacy relies on the
provider's security measures and isolation mechanisms.
• In a private cloud, the infrastructure is dedicated to a single organization, which typically
owns, manages, and has exclusive control over it, leading to higher levels of data privacy
and dedicated security.
• While cost, management responsibility, scalability, elasticity, and application types can
differ, they are consequences of the underlying infrastructure and privacy models, not
the core distinguishing factor.
Scenario 5: Match each of the Azure cloud services with its correct description by dragging the
sort elements into the corresponding boxes.
Question: Match the following Azure cloud concepts with their correct descriptions:
Concepts:
1. Governance
2. Reliability
3. High Availability
4. Manageability
Descriptions:
a. Ensuring all related VMs are allocated in the same infrastructure using fault tolerance.
b. Monitoring cloud resources using application insights and alerts.
c. Policies that prevent users from creating resources that carry high costs.
d. Guarantees network, power, and system uptime close to 100%.
Correct Matchings:
• Governance: c. Policies that prevent users from creating resources that carry high costs.
• Reliability: a. Ensuring all related VMs are allocated in the same infrastructure using
fault tolerance. (Note: The rationale for "Reliability" in the original text seems to be
