AZ-900 Exam Study Guide (Microsoft Azure Fundamentals)

AZ-900 Microsoft Azure Fundamentals Certificate Study Guide

Preparing for the AZ-900 Microsoft Azure Fundamentals Certificate exam? Don’t know where to start? This post is the Azure Fundamentals AZ-900 Certificate Study Guide (with links to each exam objective).

I have curated a detailed list of articles from Microsoft documentation for each objective of the AZ-900 exam. Please share the post within your circles so it helps them to prepare for the exam. To download the pdf version of this study guide, check here

AZ-900 Azure Fundamentals Online Course

AZ-900 Azure Fundamentals Practice Test

AZ-900 Azure Fundamentals Learning Material

Looking for AZ-900 Dumps? Read This!

Using az-900 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

To view other Azure certificate study guides, click here.

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Describe Cloud Concepts (20-25%)

Identify the Benefits and Considerations of Using Cloud Services

Identify the benefits of cloud computing such as High Availability, Scalability, Elasticity, Agility, and Disaster Recovery

Disaster Recovery vs. High Availability vs. Fault Tolerance

Cloud Elasticity vs Cloud Scalability

Watch here a wonderful lecture on Elasticity

Cloud Computing: Two Kinds of Agility

An application consists of a set of virtual machines hosted in a Virtual Network. In a month, the application has a load of around 20% for 3 weeks. During the last week, the load on the application is 80%.

Which of the following benefits of Azure Cloud would ensure the cost and efficiency of the underlying application infrastructure?

a. High availability

b. Elasticity

c. Disaster recovery

d. Fault tolerance

Explanation: You can do the following in this scenario:

Define a Virtual Machine Scale set in Azure and create an initial set of VMs to run for the first 3 weeks.

Azure initial configuration VMSS

Then add a scaling policy to add more Virtual Machines to support the application during the last week. This is scaling out.

Virtual machine scale set scale out

And, another scaling policy to remove extra VMs at the end of last week to save on costs. This is scaling in.

VMSS Scale in

This concept is referred to as Elasticity which is defined as the extent to which a process can adapt to changes in workload by provisioning/de-provisioning resources automatically in a way that at every instant of time, the available resources closely match the ongoing demand.

Reference Link:

https://azure.microsoft.com/en-us/pricing/details/active-directory/

https://pablo-iorio.medium.com/elasticity-does-not-equal-scalability(See image for the difference between elasticity & scalability).

This question is part of the free AZ-900 Whizlabs practice test. A detailed explanation is given on my YouTube channel as well!

Identify the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx)

Capital Expenditure (CapEx) and Operational Expenditure (OpEx)

Describe the consumption-based model

Consumption-based model

az-900 Exam details & Tips

Describe the Differences between Categories of Cloud Services

Describe the shared responsibility model

Shared responsibility in the Azure cloud

Describe Infrastructure-as-a-Service (IaaS)

What is Infrastructure as a service (IaaS)?

A company is planning to create several Virtual Machines in Azure. Which of the following is the right category to which the Azure Virtual Machine belongs to?

a. Infrastructure as a service (IaaS)

b. Platform as a service (PaaS)

c. Software as a service (SaaS)

d. Function as a service (FaaS)

Explanation: Well, all that has to do with physical infrastructure are IaaS.

Here, all the servers and storage, Networking firewalls, and data center belong to the IaaS category. That means services like Azure VMs, Azure Storage accounts, Azure Networking fall into IaaS.

Infrastructure as a Service

SaaS and PaaS use IaaS components and are built on top of IaaS.

So, Infrastructure as a service (IaaS) is the correct answer.

Reference Link:

https://azure.microsoft.com/en-us/overview/what-is-iaas/

This question is part of the free AZ-900 Whizlabs practice test. A detailed explanation is given on my YouTube channel as well!

Describe Platform-as-a-Service (PaaS)

What is Platform as a service (PaaS)?

Describe serverless computing

An introduction to serverless technologies

Describe Software-as-a-Service (SaaS)

What is Software as a Service (SaaS)?

Identify a service type based on a use case

Types of cloud services

Describe the Differences between Types of Cloud Computing

Define cloud computing

What is cloud computing?

Describe the public cloud

What is a public cloud in Microsoft Azure?

Describe private cloud

What is a private cloud – Definition?

Describe a hybrid cloud

What is a hybrid cloud?

Compare and contrast the three types of cloud computing

Cloud deployment models

Describe Core Azure Services (15-20%)

Describe the Core Azure Architectural Components

Describe the benefits and usage of Regions and Region Pairs

Understand Datacenters and Regions in Azure

Describe the benefits and usage of Availability Zones

Understand Availability Zones in Azure

Describe the benefits and usage of Resource Groups

Resource groups

Describe the benefits and usage of Subscriptions

What is an Azure subscription?

Describe the benefits and usage of Management Groups

What are Azure Management Groups?

Describe the benefits and usage of Azure Resource Manager

What is Azure Resource Manager?

Explain Azure resources

What is an Azure resource?

Describe Core Resources Available in Azure

Your company uses Azure App Service to host its set of web applications. In case of need as per requirement, does Azure provides the ability to scale the platform automatically?

a. Yes

b. No

Explanation: Of course, you do have options for both scaling up and scaling out your app in Azure App Service.

You can scale up your app to get more CPU, memory, disk space by changing the pricing tier of the App Service plan that your app belongs to.

Upgrading your pricing tier brings in extra features like custom domains, certificates, staging slots, autoscaling, and more.

Azure app service plans upgrade

And within a set pricing tier, you can scale out to increase the number of VM instances that run your app.

Azure App Service plans

So, the correct answer is ‘Yes.’

Reference Link:

https://azure.microsoft.com/en-us/pricing/details/active-directory/

This question is part of the free Whizlabs practice test. A detailed explanation is given on my YouTube channel as well!

Describe Core Solutions and Management Tools on Azure (10-15%)

Describe Core Solutions Available in Azure

Azure certification Frequently Asked Questions

Describe Azure Management Tools

Describe the functionality and usage of the Azure Portal, Azure PowerShell, Azure CLI, Cloud Shell, and Azure Mobile App

Azure Portal overview

Getting started with Azure PowerShell

What is Azure CLI?

Overview of Azure Cloud Shell

About Mobile Apps in Azure App Service

Describe the functionality and usage of Azure Advisor

Introduction to Azure Advisor

Describe the functionality and usage of Azure Resource Manager (ARM) templates

What are Azure Resource Manager (ARM) Templates and how they are used?

Describe the functionality and usage of Azure Monitor

Azure Monitor overview

Describe the functionality and usage of Azure Service Health

What is Azure Service Health?

Microsoft Azure for dummies (AZ-900)

Amazon link (affiliate)

Describe General Security and Network Security Features (10-15%)

Describe Azure Security Features

Describe basic features of Azure Security Center, including policy compliance, security alerts, secure score, and resource hygiene

What is Azure Security Center?

Security alerts – a reference guide

Introduction to secure score in Azure Security Center

Security Center: Resource Security Hygiene

Improve your regulatory compliance

Describe the functionality and usage of Key Vault

About Azure Key Vault

Describe the functionality and usage of Azure Sentinel

What is Azure Sentinel?

Describe the functionality and usage of Azure Dedicated Hosts

Benefits & limitations of Azure Dedicated Hosts

Describe Azure Network Security

Describe the concept of defense in depth

Defense in depth security in Azure

Azure Essentials: Defense in depth security

Describe the functionality and usage of Network Security Groups (NSG)

Network security groups

How network security groups filter network traffic?

Describe the functionality and usage of Azure Firewall

What is Azure Firewall?

List all the features of Azure Firewall

Describe the functionality and usage of Azure DDoS protection

Azure DDoS Protection Standard overview

Describe Identity, Governance, Privacy, and Compliance Features (20-25%)

Describe Core Azure Identity Services

Explain the difference between authentication and authorization

Medium Post: authentication-vs-authorization

Define Azure Active Directory

Definition of Azure Active Directory

Describe the functionality and usage of Azure Active Directory

Features of Azure Active Directory

Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA), and Single Sign-On (SSO)

Usage of Conditional Access

Multi-factor Authentication in Azure

What is single sign-on (SSO)?

A company is upgrading its current Azure AD Free plan to the Azure AD Premium P1 plan. Does Microsoft provide the same feature set for both plans?

a. Yes

b. No

Explanation: Well, Azure Active Directory comes in 4 editions—Free, Office 365 apps, Premium P1, and Premium P2.

When you sign up for a free Azure account, you get the Free edition of Azure Active Directory.

You can also choose to upgrade to the Premium P1 plan if you need premium features like Password protection, Conditional access, etc., which do not come in the free plan.

So, yes, the Azure Active Directory free plan and the Premium P1 Plan are quite different as the Premium plan has additional different feature sets.

Azure AD editions

Reference Link:

https://azure.microsoft.com/en-us/pricing/details/active-directory/

This question is part of the free Whizlabs practice test. A detailed explanation is given on my YouTube channel as well!

Describe Azure Governance Features

Describe the functionality and usage of Role-Based Access Control (RBAC)

Overview of Role-based Access Control

Describe the functionality and usage of resource locks

Lock Azure resources to prevent unexpected changes

Describe the functionality and usage of tags

Use tags to organize your Azure resources

Describe the functionality and usage of Azure Policy

Overview of Azure Policy

Describe the functionality and usage of Azure Blueprints

What are Azure Blueprints?

Describe the Cloud Adoption Framework for Azure

What is the Microsoft Cloud Adoption Framework for Azure?

Describe Privacy and Compliance Resources

Describe the Microsoft core tenets of Security, Privacy, and Compliance

Seven Key Principles of Cloud Security and Privacy

Microsoft’s 6 key privacy principles

Compliance and Ethics at Microsoft

Compliance in the trusted cloud

Describe the purpose of the Microsoft Privacy Statement, Online Services Terms (OST) and Data Protection Amendment (DPA)

Microsoft Privacy Statement

Microsoft Online Service Terms (OST)

Microsoft DPA documents

A company wants to ensure that whenever users authenticate to Azure, they have to make use of Multi-Factor Authentication.

Which of the following can help them achieve this?

a. Azure Service Trust Portal

b. Azure Security Centre

c. Azure DDoS protection

d. Azure Privileged Identity Management

Explanation: You can use Privileged Identity Management (PIM) to enforce multi-factor authentication to activate any role. But, what exactly does PIM do?

Well, your organization has users who have lots of permissions to resources in Azure or Azure AD. PIM just makes sure that only the ones who really require access and only for the time they need the access gets them.

In other words, PIM mitigates the risk of excessive or unnecessary permissions on resources. And, enforcing MFA is just one of the ways to do it.

So, Azure Privileged Identity Management is the right answer.

Option b is incorrect since Azure security center is just a unified infrastructure security management system in Azure.

Reference Link:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

This question is part of the free Whizlabs practice test. A detailed explanation is given on my YouTube channel as well!

Describe the purpose of the Trust Center

Azure Trust Center Launched

Describe the purpose of the Azure compliance documentation

Azure compliance documentation

Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud services)

What is Azure Government?

Available services in Azure government

Microsoft Azure operated by 21Vianet in China

Service availability and roadmaps in Azure China

Describe Azure Cost Management and Service Level Agreements (10-15%)

Describe Methods for Planning and Managing Costs

Identify factors that can affect costs (resource types, services, locations, ingress, and egress traffic)

Factors affecting costs in Azure

Pricing for inbound & outbound data traffic

A company has just set up an Azure virtual private connection between its on-premises network and the Azure virtual network. Does the company have to pay additional costs to transfer several gigabits of data from their on-premise network to Azure?

a. Yes

b. No

Explanation: On the Bandwidth Pricing page, it is mentioned that data transfers into Azure are free of cost.

azure pricing page - bandwidth details

Also, data transferred within an Azure region is not charged. Whereas data egress beyond a certain limit will cost you.

data egress azure pricing

So, the correct answer is, No, the company doesn’t have to pay to transfer data from their on-premises network to Azure.

Reference Link:

https://azure.microsoft.com/en-us/pricing/details/bandwidth/

This question is part of the free Whizlabs practice test. You can find my detailed explanation on my YouTube channel as well.

A company currently has the following unused resources in its subscription.

  • 10 user accounts, 5 user groups in Azure AD
  • 10 public IP address and
  • 10 network Interfaces

They want to reduce the costs of resources and decide to remove the user groups from Azure AD.

Would this fulfill the requirement?

a. Yes

b. No

Explanation:

Well, if you look at the pricing for Azure Active Directory, you can create up to 5,00,000 objects even in the free version of Azure AD. These objects include both users and groups.

AZ-900 Azure AD Pricing

So, removing user groups will not cut down the cost.

If you want to cut down the cost, then a better choice would be removing Public IP addresses, as each IP address is billed by the hour.

Reference Link:

https://azure.microsoft.com/en-in/pricing/details/active-directory/

https://azure.microsoft.com/en-in/pricing/details/ip-addresses/

This question is part of the free AZ-900 Whizlabs practice test. You can find my detailed explanation on my YouTube channel as well.

Describe the functionality and usage of the Pricing calculator and the Total Cost of Ownership (TCO) calculator

Microsoft Azure Pricing calculator

Estimate costs with the Azure pricing calculator

Total Cost of Ownership (TCO) Calculator

Estimate the Total Cost of Ownership with the Azure TCO calculator

Describe the functionality and usage of Azure Cost Management

What is Azure Cost Management?

Use Azure Cost Management for free

A company deploys a number of Azure resources in their subscription. They want to be informed if the cost of any resource goes beyond a certain threshold. Which of the following can help you achieve this?

a. Create an alert in Azure Monitor.

b. Create a budget in Azure Cost Management.

c. Create an alert in Azure Advisor.

d. Create a cost tag for the resource group.

Explanation: Azure Monitor Alerts notify you of any events or changes in metric values on Azure resources.

Azure Advisor alerts lets you receive recommendations on how to optimize your Azure deployments. So, they both don’t deal with Azure costs and billing.

Tags are used just for organizing Azure resources. They don’t have any alerting facility.

The obvious answer is to create a budget in Azure Cost Management, where you can set spending limits and receive alerts if the cost goes beyond the threshold.

For example, you can create a budget in your subscription at a particular scope, set a budget for a specific duration, and enter the budget amount. With the alerting feature, you can receive alerts if the spending reaches the threshold value.

Reference Link:

https://docs.microsoft.com/en-us/azure/cost-management/tutorial-acm-create-budgets

This question is part of the free Whizlabs practice test. A detailed explanation (with demo) is given on my YouTube channel as well!

Describe Azure Service Level Agreements (SLAs) and Service Lifecycles

This brings us to the end of the AZ-900 Microsoft Azure Fundamentals Study Guide.

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you how your az-900 certification preparation is going on!

In case you are looking for other Azure certification exams check out this page

Follow Me to Receive Updates on AZ-900 Exam

Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the AZ-900 Study Guide in Your Network

  •  
  • 12
  • 13
  • 10
  •  
  •  
    35
    Shares

You may also like