Preparing for the AZ-900 Microsoft Azure Fundamentals Certificate exam? Don’t know where to start? This post is the Azure Fundamentals AZ-900 Certificate Study Guide (with links to each exam objective).
I have curated a detailed list of articles from Microsoft documentation for each objective of the AZ-900 exam. Please share the post within your circles so it helps them to prepare for the exam. To download the pdf version of this study guide, check here
AZ-900 Azure Fundamentals Online Course
AZ-900 Azure Fundamentals Practice Test
AZ-900 Azure Fundamentals Learning Material
Looking for AZ-900 Dumps? Read This!
Describe Cloud Concepts (20-25%)
Identify the Benefits and Considerations of Using Cloud Services
Identify the benefits of cloud computing such as High Availability, Scalability, Elasticity, Agility, and Disaster Recovery
An application consists of a set of virtual machines hosted in a Virtual Network. In a month, the application has a load of around 20% for 3 weeks. During the last week, the load on the application is 80%.
Which of the following benefits of Azure Cloud would ensure the cost and efficiency of the underlying application infrastructure?
a. High availability
c. Disaster recovery
d. Fault tolerance
Explanation: You can do the following in this scenario:
Define a Virtual Machine Scale set in Azure and create an initial set of VMs to run for the first 3 weeks.
Then add a scaling policy to add more Virtual Machines to support the application during the last week. This is scaling out.
And, another scaling policy to remove extra VMs at the end of last week to save on costs. This is scaling in.
This concept is referred to as Elasticity which is defined as the extent to which a process can adapt to changes in workload by provisioning/de-provisioning resources automatically in a way that at every instant of time, the available resources closely match the ongoing demand.
https://pablo-iorio.medium.com/elasticity-does-not-equal-scalability(See image for the difference between elasticity & scalability).
Identify the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx)
Describe the consumption-based model
Describe the Differences between Categories of Cloud Services
A company is planning to create several Virtual Machines in Azure. Which of the following is the right category to which the Azure Virtual Machine belongs to?
a. Infrastructure as a service (IaaS)
b. Platform as a service (PaaS)
c. Software as a service (SaaS)
d. Function as a service (FaaS)
Explanation: Well, all that has to do with physical infrastructure are IaaS.
Here, all the servers and storage, Networking firewalls, and data center belong to the IaaS category. That means services like Azure VMs, Azure Storage accounts, Azure Networking fall into IaaS.
SaaS and PaaS use IaaS components and are built on top of IaaS.
So, Infrastructure as a service (IaaS) is the correct answer.
Describe the Differences between Types of Cloud Computing
Describe Core Azure Services (15-20%)
Describe the Core Azure Architectural Components
Describe the benefits and usage of Regions and Region Pairs
Describe the benefits and usage of Availability Zones
Describe the benefits and usage of Resource Groups
Describe the benefits and usage of Subscriptions
Describe the benefits and usage of Management Groups
Describe the benefits and usage of Azure Resource Manager
Explain Azure resources
Describe Core Resources Available in Azure
Describe the benefits and usage of Virtual Machines, Azure App Services, Azure
Container Instances (ACI), Azure Kubernetes Service (AKS), and Windows Virtual Desktop
Your company uses Azure App Service to host its set of web applications. In case of need as per requirement, does Azure provides the ability to scale the platform automatically?
Explanation: Of course, you do have options for both scaling up and scaling out your app in Azure App Service.
You can scale up your app to get more CPU, memory, disk space by changing the pricing tier of the App Service plan that your app belongs to.
Upgrading your pricing tier brings in extra features like custom domains, certificates, staging slots, autoscaling, and more.
And within a set pricing tier, you can scale out to increase the number of VM instances that run your app.
So, the correct answer is ‘Yes.’
Describe the benefits and usage of Virtual Networks, VPN Gateway, Virtual Network peering, and ExpressRoute
Describe the benefits and usage of Container (Blob) Storage, Disk Storage, File Storage, and storage tiers
Describe the benefits and usage of Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL, and SQL Managed Instance
Describe the benefits and usage of Azure Marketplace
Describe Core Solutions and Management Tools on Azure (10-15%)
Describe Core Solutions Available in Azure
Describe the benefits and usage of Internet of Things (IoT) Hub, IoT Central, and Azure Sphere
Describe the benefits and usage of Azure Synapse Analytics, HDInsight, and Azure Databricks
Describe the benefits and usage of Azure Machine Learning, Cognitive Services and Azure Bot Service
Describe the benefits and usage of serverless computing solutions that include Azure Functions and Logic Apps
Describe the benefits and usage of Azure DevOps, GitHub, GitHub Actions, and Azure DevTest Labs
Describe Azure Management Tools
Describe the functionality and usage of the Azure Portal, Azure PowerShell, Azure CLI, Cloud Shell, and Azure Mobile App
Describe the functionality and usage of Azure Advisor
Describe the functionality and usage of Azure Resource Manager (ARM) templates
Describe the functionality and usage of Azure Monitor
Describe the functionality and usage of Azure Service Health
Describe General Security and Network Security Features (10-15%)
Describe Azure Security Features
Describe basic features of Azure Security Center, including policy compliance, security alerts, secure score, and resource hygiene
Describe the functionality and usage of Key Vault
Describe the functionality and usage of Azure Sentinel
Describe the functionality and usage of Azure Dedicated Hosts
Describe Azure Network Security
Describe the concept of defense in depth
Describe the functionality and usage of Network Security Groups (NSG)
Describe the functionality and usage of Azure Firewall
Describe the functionality and usage of Azure DDoS protection
Describe Identity, Governance, Privacy, and Compliance Features (20-25%)
Describe Core Azure Identity Services
Explain the difference between authentication and authorization
Define Azure Active Directory
Describe the functionality and usage of Azure Active Directory
Describe the functionality and usage of Conditional Access, Multi-Factor Authentication (MFA), and Single Sign-On (SSO)
A company is upgrading its current Azure AD Free plan to the Azure AD Premium P1 plan. Does Microsoft provide the same feature set for both plans?
Explanation: Well, Azure Active Directory comes in 4 editions—Free, Office 365 apps, Premium P1, and Premium P2.
When you sign up for a free Azure account, you get the Free edition of Azure Active Directory.
You can also choose to upgrade to the Premium P1 plan if you need premium features like Password protection, Conditional access, etc., which do not come in the free plan.
So, yes, the Azure Active Directory free plan and the Premium P1 Plan are quite different as the Premium plan has additional different feature sets.
Describe Azure Governance Features
Describe the functionality and usage of Role-Based Access Control (RBAC)
Describe the functionality and usage of resource locks
Describe the functionality and usage of tags
Describe the functionality and usage of Azure Policy
Describe the functionality and usage of Azure Blueprints
Describe the Cloud Adoption Framework for Azure
Describe Privacy and Compliance Resources
Describe the Microsoft core tenets of Security, Privacy, and Compliance
Describe the purpose of the Microsoft Privacy Statement, Online Services Terms (OST) and Data Protection Amendment (DPA)
A company wants to ensure that whenever users authenticate to Azure, they have to make use of Multi-Factor Authentication.
Which of the following can help them achieve this?
a. Azure Service Trust Portal
b. Azure Security Centre
c. Azure DDoS protection
d. Azure Privileged Identity Management
Explanation: You can use Privileged Identity Management (PIM) to enforce multi-factor authentication to activate any role. But, what exactly does PIM do?
Well, your organization has users who have lots of permissions to resources in Azure or Azure AD. PIM just makes sure that only the ones who really require access and only for the time they need the access gets them.
In other words, PIM mitigates the risk of excessive or unnecessary permissions on resources. And, enforcing MFA is just one of the ways to do it.
So, Azure Privileged Identity Management is the right answer.
Option b is incorrect since Azure security center is just a unified infrastructure security management system in Azure.
Describe the purpose of the Trust Center
Describe the purpose of the Azure compliance documentation
Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud services)
Describe Azure Cost Management and Service Level Agreements (10-15%)
Describe Methods for Planning and Managing Costs
A company has just set up an Azure virtual private connection between its on-premises network and the Azure virtual network. Does the company have to pay additional costs to transfer several gigabits of data from their on-premise network to Azure?
Explanation: On the Bandwidth Pricing page, it is mentioned that data transfers into Azure are free of cost.
Also, data transferred within an Azure region is not charged. Whereas data egress beyond a certain limit will cost you.
So, the correct answer is, No, the company doesn’t have to pay to transfer data from their on-premises network to Azure.
Identify factors that can reduce costs (reserved instances, reserved capacity, hybrid use benefit, spot pricing)
A company currently has the following unused resources in its subscription.
- 10 user accounts, 5 user groups in Azure AD
- 10 public IP address and
- 10 network Interfaces
They want to reduce the costs of resources and decide to remove the user groups from Azure AD.
Would this fulfill the requirement?
Well, if you look at the pricing for Azure Active Directory, you can create up to 5,00,000 objects even in the free version of Azure AD. These objects include both users and groups.
So, removing user groups will not cut down the cost.
If you want to cut down the cost, then a better choice would be removing Public IP addresses, as each IP address is billed by the hour.
Describe the functionality and usage of the Pricing calculator and the Total Cost of Ownership (TCO) calculator
Describe the functionality and usage of Azure Cost Management
A company deploys a number of Azure resources in their subscription. They want to be informed if the cost of any resource goes beyond a certain threshold. Which of the following can help you achieve this?
a. Create an alert in Azure Monitor.
b. Create a budget in Azure Cost Management.
c. Create an alert in Azure Advisor.
d. Create a cost tag for the resource group.
Explanation: Azure Monitor Alerts notify you of any events or changes in metric values on Azure resources.
Azure Advisor alerts lets you receive recommendations on how to optimize your Azure deployments. So, they both don’t deal with Azure costs and billing.
Tags are used just for organizing Azure resources. They don’t have any alerting facility.
The obvious answer is to create a budget in Azure Cost Management, where you can set spending limits and receive alerts if the cost goes beyond the threshold.
For example, you can create a budget in your subscription at a particular scope, set a budget for a specific duration, and enter the budget amount. With the alerting feature, you can receive alerts if the spending reaches the threshold value.
Describe Azure Service Level Agreements (SLAs) and Service Lifecycles
Describe the purpose of an Azure Service Level Agreement (SLA)
Identify actions that can impact an SLA (i.e. Availability Zones)
Describe the service lifecycle in Azure (Public Preview and General Availability)
This brings us to the end of the AZ-900 Microsoft Azure Fundamentals Study Guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you how your az-900 certification preparation is going on!
In case you are looking for other Azure certification exams check out this page
Follow Me to Receive Updates on AZ-900 Exam
Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
Share the AZ-900 Study Guide in Your Network
12 13 10