AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 5 Flashcards
Your company is building a mission critical application and wants asynchronous message management for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices. They also expect sudden bursts of requests and are looking to prevent servers from being overwhelmed.
Which of the following is the right choice?
Azure Async Manager
Azure Queue Storage
Azure FileSync
Azure Table Storage
Azure Files
Azure Data Box Gateway
Azure Queue Storage
Explanation:
You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices
The Azure Data Box family provides a range of physical devices and a virtual device to help customers with their offline and online data transfer needs, respectively called Data Box, Data Box Disk, Data Box Heavy, and Data Box ________.
Edge
Corner
Node
Ultra
Edge
Explanation:
The correct answer is “Edge”. The full list of Azure Data Box devices is: Data Box, Data Box Disk, Data Box Heavy, Data Box Edge.
Which of the following Azure AD features allows users to use their existing corporate credentials to sign in to cloud-based applications?
Correct answer
Azure AD B2C
Azure AD B2B
Azure AD Domain Services
Azure AD Connect
Azure AD B2C
Explanation:
The correct option is - Azure AD B2C. It allows users to use their existing corporate credentials, social accounts, or local accounts to sign in to cloud-based applications.
Other options -
Azure AD Connect, is used to synchronize identities between on-premises Active Directory and Azure AD. Azure AD B2B, enables collaboration between users in different organizations by allowing external users to access resources in a partner organization's Azure AD. Azure AD Domain Services, provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication without the need for domain controllers.
You have multiple offices with file servers that need to access and share the same files. Which Azure service would be the most suitable to achieve this while minimizing latency and maintaining a central copy of the data?
Your answer is correct
Azure File Sync
Azure Data Lake Storage
Azure Blob Storage
Azure Storage Service Encryption
Azure File Sync
Explanation:
The correct answer is Azure File Sync. It is the most suitable service for this scenario as it allows you to synchronize files between on-premises file servers and Azure Files. This enables multiple offices with file servers to access and share the same files while minimizing latency by using a local cache. Additionally, it maintains a central copy of the data in Azure Files, which can be accessed and managed centrally.
Which tier of Azure Files allows you to enable Azure File Sync?
Premium
Standard
Both Premium and Standard
None of the above
Both Premium and Standard
Explanation:
Azure File Sync supports both Premium and Standard tiers of Azure Files, which means you can enable Azure File Sync on either tier depending on your performance and cost requirements.
Premium tier offers higher performance with lower latency, but at a higher cost compared to the Standard tier. However, it is not the only tier supported for Azure File Sync. Standard tier provides cost-effective storage but with lower performance compared to the Premium tier.
True or False: Azure Data Box can be used to transfer data from Azure to on-premises data centers or other cloud providers.
Your answer is incorrect
False
True
True
Explanation:
Yes, Azure Data Box can be used to transfer data from Azure to other cloud providers. This can be useful when customers need to move data between different cloud providers or from on-premises data centers to cloud providers other than Azure.
Which of the following does not affect a storage account billing?
Your answer is correct
Data Ingress within the same AZ
Data Egress outside a region
Redundancy
Access Tier
Region
Account Type
Data Ingress within the same AZ
Explanation:
An Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable.
Azure Storage bills based on your storage account usage. All objects in a storage account are billed together as a group. Storage costs are calculated according to the following factors:
Region refers to the geographical region in which your account is based. Account type refers to the type of storage account you're using. Access tier refers to the data usage pattern you’ve specified for your general-purpose v2 or Blob Storage account. Capacity refers to how much of your storage account allotment you're using to store data. Redundancy determines how many copies of your data are maintained at one time, and in what locations. Transactions refer to all read and write operations to Azure Storage. Data egress refers to any data transferred out of an Azure region. When the data in your storage account is accessed by an application that isn’t running in the same region, you're charged for data egress. For information about using resource groups to group your data and services in the same region to limit egress charges, see What is an Azure resource group?.
The Azure Storage pricing page provides detailed pricing information based on account type, storage capacity, replication, and transactions. The Data Transfers pricing details provides detailed pricing information for data egress. You can use the Azure Storage pricing calculator to help estimate your costs.
True or False: Private endpoints provide secure access to Azure resources over the public internet.
Your answer is incorrect
True
False
False
Explanation:
This statement is false. Private endpoints provide secure access to Azure resources, but they do so without using the public internet. Private endpoints allow resources to be accessed privately through the Azure backbone network, enhancing security by avoiding exposure to the public internet.
Which of the following are free?
Data transfer within the same region
Data Ingress
Data transfer within same Availability Zone
Data transfer from one region to another
Data transfer within the same region
Data Ingress
Data transfer within same Availability Zone
Explanation:
The Basic service tier is automatically enabled for free as part of your Azure subscription.
No
Yes
Yes
Explanation:
This is True, the basic Tier is activated and provided as part of your Azure Subscription!
What is the key advantage of using ARM templates for resource deployment?
They ensure consistent and repeatable resource deployments.
They allow you to deploy resources manually.
They provide direct access to Azure data centers and are hence faster.
They eliminate the need for Azure subscriptions.
They ensure consistent and repeatable resource deployments.
Explanation:
ARM templates enable consistent and repeatable deployments by defining the desired state of resources in a declarative manner. This reduces manual errors and ensures a predictable environment.
What is the key benefit of using Azure AD B2C for managing customer identities?
Ability to enforce security policies on internal applications.
Centralized management of employee identities and access.
Customizable user experiences for sign-up and sign-in processes.
Integration with on-premises Active Directory.
Customizable user experiences for sign-up and sign-in processes.
Explanation:
Azure AD B2C allows you to provide custom user experiences during sign-up and sign-in processes for your applications. This enhances customer engagement and satisfaction by delivering a branded and consistent identity experience.
There is no programmatic access to the Blob, Queue, Table, and File services in Azure, though you can access VMs using API calls.
False
True
False
Explanation:
The REST APIs for the Microsoft Azure storage services offer programmatic access to the Blob, Queue, Table, and File services in Azure or in the development environment via the storage emulator.
All storage services are accessible via REST APIs. Storage services may be accessed from within a service running in Azure, or directly over the Internet from any application that can send an HTTP/HTTPS request and receive an HTTP/HTTPS response.
Important:
The Azure storage services support both HTTP and HTTPS; however, using HTTPS is highly recommended.
Storage Account
All access to storage services takes place through the storage account. The storage account is the highest level of the namespace for accessing each of the fundamental services. It is also the basis for authorization.
The REST APIs for storage services expose the storage account as a resource.
How does Microsoft Purview contribute to data collaboration within an organization?
It provides tools to discover and share trusted data sources across teams.
It facilitates secure communication between on-premises servers and Azure services.
It enables real-time communication between virtual machines.
It offers a cloud-based file sharing and storage solution.
It provides tools to discover and share trusted data sources across teams.
Explanation:
Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview enables data collaboration by providing tools for discovering and sharing trusted data sources across different teams and departments. It helps improve data accessibility and collaboration while maintaining governance and security.
Which of the following scenarios would be best suited for using Azure Active Directory (AAD) rather than Role-Based Access Control (RBAC)?
Limiting access to specific resource groups within an Azure subscription.
Managing user identities for a cloud-based application.
Managing access to a specific Azure resource for a group of users.
Providing role-based access control to an Azure Virtual Machine.
Managing user identities for a cloud-based application.
Explanation:
The correct answer is : Managing user identities for a cloud-based application.
Azure Active Directory (AAD) is a cloud-based identity and access management service that is used to manage user identities and their access to various cloud-based applications and services, including those hosted in Azure. AAD provides a centralized location for managing user accounts, passwords, and access to applications.
In contrast, Role-Based Access Control (RBAC) is used to manage access control for specific Azure resources, including virtual machines, storage accounts, and other Azure services. RBAC provides a way to assign permissions to specific roles rather than individual users, making it easier to manage access control in large environments.
Other options -
Managing access to a specific Azure resource for a group of users : This describes a scenario that would be best suited for using RBAC. Providing role-based access control to an Azure Virtual Machine : This also describes a scenario that would be best suited for using RBAC, as RBAC is used to provide role-based access control to Azure Virtual Machines. Limiting access to specific resource groups within an Azure subscription: This also describes a scenario that would be best suited for using RBAC, as it involves limiting access to specific resource groups within an Azure subscription.
Therefore, the correct answer is Managing user identities for a cloud-based application, as Azure Active Directory is best suited for managing user identities for cloud-based applications, whereas RBAC is best suited for managing access control to specific Azure resources.
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most unrestrictive lock in the inheritance takes precedence.
Yes
No
No
Explanation:
As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.
If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.
When you cancel an Azure subscription:
A resource lock doesn't block the subscription cancellation. Azure preserves your resources by deactivating them instead of immediately deleting them. Azure only deletes your resources permanently after a waiting period.
An Insurance company is planning to migrate sensitive client records to Azure. They are concerned about the security of their data during the transfer process. They have decided to use Azure Data Box for this migration. Which of the following security features can they rely on to ensure their data remains secure during the transfer process?
Data-at-rest encryption
Firewall protection
Multi-factor authentication
Tamper-resistant storage
Data-at-rest encryption
Tamper-resistant storage
Explanation:
Azure Data Box offers several security features to protect data during the transfer process, including data-at-rest encryption and tamper-resistant storage. Data-at-rest encryption ensures that data is encrypted while it is being stored on the Data Box device. Tamper-resistant storage is designed to help protect against unauthorized access or tampering during the transit.
A company can extend a private cloud by adding its own physical servers to the public cloud.
No
Yes
No
Explanation:
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.
Which of the following can you use to estimate the cost savings you can get by migrating your workloads to Azure?
Azure Cost Management
Azure TCO Calculator
Azure Pricing Calculator
Azure Advisor
Azure TCO Calculator
Explanation:
Azure Total Cost of Ownership (TCO) Calculator helps you estimate the cost savings you can realise by migrating your workloads to Azure
What is a key advantage of using Infrastructure as Code (IaC) in cloud deployments?
It reduces the need for data backups.
It increases physical hardware utilization.
It enables version control and automated provisioning.
It eliminates the need for network monitoring.
It enables version control and automated provisioning.
Explanation:
Infrastructure as Code (IaC) is a key DevOps practice that involves the management of infrastructure, such as networks, compute services, databases, storages, and connection topology, in a descriptive model. IaC allows teams to develop and release changes faster and with greater confidence.
Also, Infrastructure as Code (IaC) allows you to store your infrastructure configuration as code in version control systems. This enables tracking changes over time, collaborating with team members, and automating the provisioning and management of resources.
Since your company has shifted to a fully-remote working model, they are looking to provide employees with the best virtualized experience while saving costs by using existing eligible Windows licences. They also want to enable Bring your own device (BYOD) to access their desktop and applications over the Internet.
Which of the following would you suggest?
Azure FileSync
Azure Virtual Machines
Azure ExpressRoute
Azure Virtual Desktop
Azure Kubernetes
Azure Arc
Azure Virtual Desktop
Explanation:
Azure Virtual Desktop allows you to enable a secure remote desktop experience from virtually anywhere. You can set up Azure Virtual Desktop (formerly Windows Virtual Desktop) in minutes to enable secure remote work. It is also possible to provide the familiarity and compatibility of Windows 11 with the new scalable multi-session experience for your end users and save costs by using existing eligible Windows licences.
Which Azure service allows you to provide a self-service sign-up experience for customers accessing your application?
Azure Active Directory Domain Services
Azure Multi-Factor Authentication
Azure B2B Collaboration
Azure Active Directory B2C
Azure Active Directory B2C
Explanation:
Azure Active Directory B2C (Business-to-Customer) is designed to handle customer identities and provides a self-service sign-up experience. It enables organizations to customize and control how customers sign up, sign in, and manage their profiles when accessing applications.
Select the valid options to pay for Azure? ( Choose 3 )
Your selection is incorrect
Microsoft Stores
Azure Website
Microsoft Representative
Azure Partner
Any 3rd Party Vendor
Xbox Website
Azure Website
Microsoft Representative
Azure Partner
Explanation:
Your company plans to migrate all on-premises data to Azure.
However, before this, the legal department has asked you to fetch all information such as Audit and Compliance Reports to identify whether Azure complies with the company’s regional requirements.
Which of the following can help with this?
The Knowledge Center
The Trust Center
The Azure portal
Azure Marketplace
The Trust Center
Explanation:
You can use the Trust Center to check the Audit and Compliance requirements (compliance manager).