Practice set
Microsoft Azure Fundamentals AZ-900 questions
Question 1hardmultiple choice
Full question →A developer is building a serverless application that requires integration with an on-premises SQL Server database for real-time data processing. The on-premises network is connected to Azure via a site-to-site VPN. Which Azure service would allow the function to securely access the on-premises database without exposing it to the public internet?
Question 2mediummulti select
Full question →A solutions architect is designing a storage solution for a large media company. The company needs to store video files that are accessed infrequently but must be retained for several years for compliance. Which two Azure storage options meet these requirements? (Select two.)
Question 3mediummultiple choice
Full question →A company deploys a multi-tier application using Azure virtual machines. The web tier VMs must be evenly distributed across two distinct data centers within an Azure region to avoid a single point of failure from an infrastructure outage. Which Azure construct should they use to meet this requirement?
Question 4easymultiple choice
Full question →A company wants to enforce a set of security policies across all their Azure subscriptions. They have created several individual policy definitions. Which Azure construct should they use to group these policies together and assign them as a single package?
Question 5mediummultiple choice
Full question →A company deploys a line-of-business application on an Azure virtual machine. The IT team wants to ensure the application remains secure. According to the shared responsibility model, which of the following security tasks is the sole responsibility of the customer (the company)?
Question 6mediummultiple choice
Full question →A company develops a web API that runs on Azure App Service. The development team wants to deploy a new version of the API to a staging environment, run integration tests against it, and then gradually shift production traffic to the new version. If any issues are detected, they want to immediately roll back to the previous version without redeploying. Which Azure App Service feature should the team use to meet these requirements?
Question 7hardmultiple choice
Full question →A company deploys a critical application across two Azure regions for disaster recovery. They want to automatically failover traffic to the secondary region if the primary becomes unavailable. They also want to improve performance by routing users to the closest region. Which Azure service should they use?
Question 8mediummultiple choice
Full question →A company currently runs its application on-premises in a data center. The IT manager calculates that the cost per server per month is approximately $200 when considering hardware depreciation, electricity, cooling, and staff. The company is considering moving to Azure and discovers that Azure can provision the same server capacity for $150 per month, but only if the company commits to a three-year reservation. Which cloud concept best explains why Azure can offer a lower price even with the reservation commitment?
Question 9mediummultiple choice
Full question →A company has an Azure tenant with a management group hierarchy. The 'Production' management group contains five subscriptions used by the operations team. The IT security team wants to grant the 'Network Contributor' role to a group of network administrators for all subscriptions under the 'Production' management group. The role assignment must automatically apply to any new subscription added under the 'Production' management group in the future. The network administrators already exist as a security group in Azure AD. What is the most efficient way to achieve this?
Question 10mediummultiple choice
Full question →A company deploys two Azure virtual machines in an availability set. The application requires that at least one VM remains running during Azure platform-initiated maintenance, such as operating system updates to the underlying host. Which component of the availability set directly ensures that the VMs are not updated at the same time?
Question 11mediummultiple choice
Full question →A company has a policy that all Azure Storage accounts must have diagnostic settings enabled to send logs and metrics to a specific Log Analytics workspace. The governance team wants to automatically configure these diagnostic settings when a new storage account is created, without blocking the initial creation. The solution must not require manual intervention. Which Azure Policy effect should the team use in their policy definition?
Question 12mediummultiple choice
Full question →A company deploys a mission-critical application across three Azure availability zones. The application is designed to continue operating without any interruption if an entire availability zone becomes unavailable. Which cloud computing characteristic does this scenario best illustrate?
Question 13mediummultiple choice
Full question →A company has a governance requirement that every Azure virtual machine must have a tag named 'CostCenter' with the value 'Unassigned'. If a user creates a VM without the tag, or with a different value for that tag, the tag should be automatically corrected to 'Unassigned' immediately upon resource creation. The IT team is writing an Azure Policy definition to enforce this. Which Policy effect should they use?
Question 14mediummultiple choice
Full question →A company has a policy that all Azure resources deployed to production subscriptions must be tagged with a 'CostCenter' tag. They want to automatically prevent the creation of any resource that does not include this tag. Which Azure Policy effect should they use in their policy definition?
Question 15mediummultiple choice
Full question →A cloud provider uses virtualization technology to host multiple customers on the same physical server. Each customer's data, applications, and operating systems are logically isolated and secured from one another. Which characteristic of cloud computing does this scenario best describe?
Question 16mediummultiple choice
Full question →A company has a root management group that contains two child management groups: Production and Development. Each child management group contains several subscriptions. The security team assigns a built-in Azure Policy definition with the 'Deny' effect to the Production management group to enforce encryption on all storage accounts. Later, the Development team requests that storage accounts in their subscriptions must not be encrypted because they host temporary test data that needs to be quickly deleted and recreated. The security team must allow this exception for Development only, without changing the policy for Production. What should the security team do?
Question 17hardmultiple choice
Full question →A company deploys a critical application on Azure virtual machines. They want to ensure that the VMs are distributed across physically separate datacenters within a single Azure region to protect against a single datacenter failure. Which Azure feature should they use?
Question 18mediummultiple choice
Full question →A company has a policy that all Azure resources must have a tag named 'CostCenter'. The governance team wants to automatically add the tag with a default value 'IT' to any new resource that is created without it. The team wants the tag to be applied during resource creation, not just report non-compliance. The solution must also support remediation for existing non-compliant resources if needed later. Which Azure Policy effect should the team use in their policy definition?
Question 19mediummultiple choice
Full question →A company has a regulatory requirement that all Azure resources must be deployed only in the West Europe region. The governance team needs to automatically prevent any user or application from creating resources in any other region. The team must also ensure that this restriction is applied to all existing and future subscriptions within the tenant. Which Azure service should the governance team use?
Question 20mediummultiple choice
Full question →A company has a policy that all Azure resources must have a 'CostCenter' tag. They want to automatically audit and deny the creation of any resource that does not include this tag. Which Azure Policy effect should they use?
Question 21hardmultiple choice
Full question →A company has created an Azure Blueprint to define a standard environment with role assignments and policies. They have published multiple versions. They want all existing subscriptions that were created from an older version to automatically receive the updates from the latest version. What should they do?
Question 22mediummultiple choice
Full question →A company has deployed several Azure virtual machines that host a critical internal application. The IT team needs to provide secure remote desktop access to these VMs for system administrators without assigning public IP addresses to the VMs or maintaining a VPN connection. The solution must provide seamless, browser-based RDP connectivity using SSL. Which Azure service should the IT team use?
Question 23mediummultiple choice
Full question →A company has an Azure Policy assignment that denies the creation of any virtual machine (VM) that does not have a mandatory 'CostCenter' tag. A development team needs to deploy a temporary test VM without the required tag for a short-term experiment. The governance team wants to allow this specific exception while recording the reason for the exception, ensuring the policy is still enforced for all other resources. The exception must also automatically expire after 30 days. Which Azure Policy feature should the governance team use?
Question 24easymultiple choice
Full question →