Describe Azure architecture and services practice questions
The Azure Architecture and Services domain is the heart of the AZ-900 exam, covering the core building blocks of Microsoft Azure. In plain English, this domain is about understanding the fundamental components that make up Azure's cloud infrastructure—things like virtual machines, storage accounts, databases, networking, and identity services. You'll learn how these pieces fit together to create scalable, secure, and cost-effective solutions. For example, you'll explore how Azure Virtual Machines let you run Windows or Linux in the cloud, how Azure Blob Storage stores massive amounts of unstructured data like photos or videos, and how Azure SQL Database provides a managed relational database service. This domain also introduces key architectural concepts like regions (geographic locations of data centers), availability zones (isolated data centers within a region for high availability), and resource groups (logical containers for managing related resources). Understanding these basics is crucial because they form the foundation for everything else in Azure.
Why is this important for real-world IT, security, and cloud work? Because Azure is one of the leading cloud platforms, and professionals across all IT roles need to know how to design and manage cloud solutions. For instance, a system administrator might need to decide between using Azure VMs or Azure App Service to host a web application, weighing factors like scalability, maintenance, and cost. A security analyst must understand Azure's shared responsibility model—where Microsoft secures the physical infrastructure (data centers, network) and you secure your data, identities, and access. Without grasping these architectural components, you can't make informed decisions about cloud adoption, cost optimization, or security. Real-world scenarios include setting up a disaster recovery plan using Azure Site Recovery, or configuring Azure Active Directory for single sign-on across multiple apps. This domain gives you the vocabulary and mental model to talk about these solutions with colleagues and clients.
On the AZ-900 exam, this domain tests your knowledge of Azure's core services and how they work together. Specifically, you'll need to identify the right service for a given business requirement. For example, a question might ask: "Which Azure service should you use to host a web app that automatically scales based on demand?" (Answer: Azure App Service). Or "Which storage option is best for storing virtual machine disks?" (Answer: Azure Managed Disks). You'll also be tested on high-level architectural concepts like the difference between IaaS, PaaS, and SaaS, and when to use each. The exam doesn't require deep technical skills—you won't be asked to write code or configure a network—but you must understand the purpose and typical use cases of each service. Expect questions about Azure regions, availability zones, resource groups, and management tools like Azure Portal, Azure CLI, and Azure PowerShell. The weight of this domain (35-40%) means you'll see many questions here, so it's critical to master it.
To approach studying this domain effectively, start by creating a mental map of Azure's service categories: compute, networking, storage, databases, identity, and management. Use Microsoft's official documentation and free learning paths on Microsoft Learn, which include interactive modules and sandboxes. For each service, ask yourself: What problem does it solve? When would I use it? What are its key features? Then, reinforce your learning with practice exams that mimic the real test format. Focus on scenarios that require choosing between similar services, like Azure SQL Database vs. SQL Server on a VM, or Azure Blob vs. Azure Files. Finally, use mnemonic devices to remember tricky concepts—for example, remember that availability zones protect against data center failures, while region pairs protect against regional disasters. By building this foundational knowledge, you'll not only pass the exam but also be prepared for real-world Azure work.
Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.
What to know about Describe Azure architecture and services
Azure Architecture and Services covers the core components of Azure—compute, networking, storage, databases, identity, and management—and how they work together to build cloud solutions, tested through scenario-based questions on service selection and architectural concepts.
Identify the appropriate Azure compute service (e.g., VMs, App Service, Functions) for a given workload scenario
Differentiate between Azure storage options (Blob, Disk, File, Queue, Table) based on use case
Understand Azure networking concepts (VNet, load balancer, VPNGateway, CDN) and their purposes
Describe Azure database services (SQL Database, Cosmos DB, Azure Database for MySQL/PostgreSQL) and when to use each
Explain Azure identity services (Azure AD, RBAC, MFA) and their role in security
Recognize Azure management tools (Portal, CLI, PowerShell, Cloud Shell) and their typical uses
Watch out for
Common Describe Azure architecture and services exam traps
▸Confusing Azure Blob Storage (unstructured data) with Azure Files (managed file shares) or Azure Disk (VM disks)
▸Thinking that availability zones and region pairs are the same thing—zones protect within a region, pairs protect across regions
▸Assuming all virtual machines are IaaS, but Azure VMs are IaaS while App Service is PaaS—know the difference for scenario questions
▸Mixing up Azure SQL Database (PaaS) with SQL Server on Azure VM (IaaS) in terms of management responsibility
▸Forgetting that Azure AD is for identity and access management, not just Active Directory in the cloud—it's a separate service
Practice set
Describe Azure architecture and services questions
20 questions · select your answer, then reveal the explanation
A company is planning to migrate its on-premises applications to Azure. They have a mix of monolithic and microservices-based applications. Which Azure compute service should they choose for a microservices architecture that requires independent scaling and deployment of components?
Trap 1: Azure Functions
Azure Functions is suitable for event-driven serverless workloads but not for orchestrating multiple microservices with independent scaling requirements.
Trap 2: Azure App Service
Azure App Service is best for web apps and APIs but does not provide the granular orchestration needed for microservices.
Trap 3: Azure Virtual Machines
Virtual Machines offer raw compute but require manual management of scaling and orchestration, making them less suitable for microservices.
Why wrong: Azure Functions is suitable for event-driven serverless workloads but not for orchestrating multiple microservices with independent scaling requirements.
B
Azure App Service
Why wrong: Azure App Service is best for web apps and APIs but does not provide the granular orchestration needed for microservices.
C
Azure Kubernetes Service (AKS)
AKS provides container orchestration, enabling independent scaling, deployment, and management of microservices.
D
Azure Virtual Machines
Why wrong: Virtual Machines offer raw compute but require manual management of scaling and orchestration, making them less suitable for microservices.
A solutions architect is designing a storage solution for a large media company. The company needs to store video files that are accessed infrequently but must be retained for several years for compliance. Which two Azure storage options meet these requirements? (Select two.)
Trap 1: Blob Storage - Hot tier
Hot tier is designed for frequently accessed data and has higher storage costs, not ideal for infrequently accessed video files.
Trap 2: Azure Files - Premium tier
Azure Files Premium tier is for high-performance file shares, not optimized for long-term archival storage.
A developer is building a serverless application that requires integration with an on-premises SQL Server database for real-time data processing. The on-premises network is connected to Azure via a site-to-site VPN. Which Azure service would allow the function to securely access the on-premises database without exposing it to the public internet?
Trap 1: Azure Functions in Consumption plan
Consumption plan functions cannot access resources in a VNet; they require Premium plan for VNet integration.
Trap 2: Azure SQL Database
The question is about accessing an on-premises SQL Server, not migrating to Azure SQL Database.
Trap 3: Hybrid Connections
Hybrid Connections are typically for connecting Azure App Service to on-premises resources, not directly for Functions; also they rely on a relay agent.
Why wrong: Consumption plan functions cannot access resources in a VNet; they require Premium plan for VNet integration.
B
Azure Functions in Premium plan with VNet integration
Premium plan allows VNet integration, enabling secure access to on-premises resources over the VPN.
C
Azure SQL Database
Why wrong: The question is about accessing an on-premises SQL Server, not migrating to Azure SQL Database.
D
Hybrid Connections
Why wrong: Hybrid Connections are typically for connecting Azure App Service to on-premises resources, not directly for Functions; also they rely on a relay agent.
A company is designing a multi-tier application on Azure. The web tier needs to scale out based on CPU usage, while the database tier requires high-performance storage for transactional data. Which combination of Azure services should they choose?
Trap 1: Azure Functions and Azure Cosmos DB
Azure Functions can scale, but it's serverless, not typical for a web tier; Cosmos DB is a NoSQL database, not ideal for transactional SQL workloads.
Trap 2: Azure Virtual Machine Scale Sets and Azure Files
VMSS can scale, but managing VMs is more complex; Azure Files is a file share, not a transactional database.
Trap 3: Azure Kubernetes Service and Blob Storage
AKS is for containers; Blob Storage is object storage, not suitable for transactional workloads.
Why wrong: Azure Functions can scale, but it's serverless, not typical for a web tier; Cosmos DB is a NoSQL database, not ideal for transactional SQL workloads.
B
Azure App Service and Azure SQL Database
App Service provides autoscaling for web applications, and Azure SQL Database offers high-performance transactional storage with built-in scaling.
C
Azure Virtual Machine Scale Sets and Azure Files
Why wrong: VMSS can scale, but managing VMs is more complex; Azure Files is a file share, not a transactional database.
D
Azure Kubernetes Service and Blob Storage
Why wrong: AKS is for containers; Blob Storage is object storage, not suitable for transactional workloads.
A company is deploying a mission-critical application that must remain available even if a physical Azure datacenter within a region fails. The application will run on multiple virtual machines. Which Azure feature should they use to protect against this specific failure scenario?
Trap 1: Availability Sets
Availability Sets protect against hardware failures within a single datacenter by grouping VMs across update and fault domains, but not against a full datacenter failure.
Trap 2: Virtual Machine Scale Sets
Scale Sets allow you to automatically scale the number of VMs, but they do not inherently provide datacenter-level redundancy across physical locations within a region.
Trap 3: Azure Load Balancer
Azure Load Balancer distributes incoming traffic among healthy VMs, but it does not protect against a datacenter failure unless the VMs are placed in different Availability Zones.
Availability Zones are physically separate locations within an Azure region that provide redundancy at the datacenter level.
B
Availability Sets
Why wrong: Availability Sets protect against hardware failures within a single datacenter by grouping VMs across update and fault domains, but not against a full datacenter failure.
C
Virtual Machine Scale Sets
Why wrong: Scale Sets allow you to automatically scale the number of VMs, but they do not inherently provide datacenter-level redundancy across physical locations within a region.
D
Azure Load Balancer
Why wrong: Azure Load Balancer distributes incoming traffic among healthy VMs, but it does not protect against a datacenter failure unless the VMs are placed in different Availability Zones.
A company deploys a web application on Azure App Service. During a marketing campaign, they expect traffic to double. The app uses a Standard tier App Service plan. They want to ensure that the additional load is handled without performance degradation while keeping costs minimal. Which action should they take?
Trap 1: Scale up the App Service plan to a Premium tier for more resources.
Scaling up increases performance per instance but is more expensive; scaling out is typically more cost-effective for temporary load.
Trap 2: Enable autoscale on the existing plan to let Azure handle scaling…
Autoscale is a good practice for the future, but to handle an expected doubling of traffic, you would need to configure it in advance; the question asks for an action to take now.
Trap 3: Deploy Azure CDN to cache static content.
CDN improves performance for static content delivery but does not increase compute capacity to handle more concurrent users.
Scale out the App Service plan by increasing the instance count.
Scaling out adds more VM instances to handle increased load, is cost-effective, and can be done manually or via autoscale.
B
Scale up the App Service plan to a Premium tier for more resources.
Why wrong: Scaling up increases performance per instance but is more expensive; scaling out is typically more cost-effective for temporary load.
C
Enable autoscale on the existing plan to let Azure handle scaling automatically.
Why wrong: Autoscale is a good practice for the future, but to handle an expected doubling of traffic, you would need to configure it in advance; the question asks for an action to take now.
D
Deploy Azure CDN to cache static content.
Why wrong: CDN improves performance for static content delivery but does not increase compute capacity to handle more concurrent users.
A company wants to deploy a custom Linux-based application in Azure. They need full control over the operating system, including installing custom software and configuration. Which Azure compute service should they choose?
Trap 1: Azure App Service
App Service abstracts the OS; you cannot install arbitrary software or have full control over the underlying OS.
Trap 2: Azure Container Instances
Containers share the host OS kernel and provide isolation but not full OS control; you manage only the container image.
Trap 3: Azure Functions
Azure Functions are serverless and execute code in response to events; they do not provide OS-level control.
A company uses Azure and wants to organize all their virtual machines, databases, and storage accounts into logical containers for management and billing purposes. Which Azure component should they use to group these resources?
Trap 1: Azure Policy
Azure Policy is used to enforce compliance rules on resources, not to group them.
Trap 2: Management Group
Management groups are used to manage governance and access across multiple subscriptions, not to group resources within a subscription.
Trap 3: Azure Subscription
An Azure subscription provides billing and access boundaries, but it is not the container for individual resources; resource groups are inside subscriptions.
Why wrong: Azure Policy is used to enforce compliance rules on resources, not to group them.
B
Resource Group
A resource group is a logical container for resources like VMs, databases, and storage accounts. It enables unified management and billing tracking.
C
Management Group
Why wrong: Management groups are used to manage governance and access across multiple subscriptions, not to group resources within a subscription.
D
Azure Subscription
Why wrong: An Azure subscription provides billing and access boundaries, but it is not the container for individual resources; resource groups are inside subscriptions.
Which Azure region feature provides fault tolerance by isolating failures within a single region? It consists of physically separate datacenters with independent power, cooling, and networking.
Trap 1: Availability Sets
Availability Sets distribute VMs within a single datacenter across fault domains and update domains, but they do not protect against datacenter failures.
Trap 2: Region Pairs
Region pairs are two regions that are paired for disaster recovery and system updates, but they span geographic areas, not within a single region.
Trap 3: Fault Domains
Fault domains represent a group of hardware that shares a common power source and network switch, but they are within a single datacenter in an Availability Set.
Why wrong: Availability Sets distribute VMs within a single datacenter across fault domains and update domains, but they do not protect against datacenter failures.
B
Availability Zones
Availability Zones are distinct physical locations within a region that are isolated from failures in other zones. They protect an entire datacenter failure.
C
Region Pairs
Why wrong: Region pairs are two regions that are paired for disaster recovery and system updates, but they span geographic areas, not within a single region.
D
Fault Domains
Why wrong: Fault domains represent a group of hardware that shares a common power source and network switch, but they are within a single datacenter in an Availability Set.
A healthcare organization stores patient records in Azure Blob Storage. They require that data remains available even if an entire Azure datacenter fails, and they also need to ensure data is replicated within the same region for low latency. Which storage redundancy option should they choose?
Trap 1: Locally Redundant Storage (LRS)
LRS replicates data three times within a single datacenter. Thus, if that datacenter fails, data may be lost.
Trap 2: Geo-Redundant Storage (GRS)
GRS replicates data to a secondary region, providing geographic redundancy, but the secondary region is distant, increasing latency.
Why wrong: LRS replicates data three times within a single datacenter. Thus, if that datacenter fails, data may be lost.
B
Zone-Redundant Storage (ZRS)
ZRS replicates data across availability zones within the same region, protecting against datacenter failures while maintaining low latency.
C
Geo-Redundant Storage (GRS)
Why wrong: GRS replicates data to a secondary region, providing geographic redundancy, but the secondary region is distant, increasing latency.
D
Read-Access Geo-Redundant Storage (RA-GRS)
Why wrong: RA-GRS is similar to GRS but allows read access from the secondary region; still involves cross-region replication, not within the same region.
A development team wants to deploy a microservices-based application using containers. They want to orchestrate the containers with automatic scaling and rolling updates, but they want to avoid managing the underlying infrastructure such as virtual machines. Which Azure compute service meets these requirements?
Trap 1: Azure Virtual Machines
VMs require manual management of the OS and container runtime; they do not provide built-in orchestration or automatic scaling.
Trap 2: Azure Container Instances
ACI runs a single container on demand without orchestration features like scaling or rolling updates.
Trap 3: Azure App Service
App Service is a platform for hosting web applications, not designed for container orchestration with microservices.
A company wants to migrate an on-premises SQL Server database to Azure. They require full administrative control over the database engine, including the ability to configure SQL Server Agent jobs and use cross-database queries. They also want to avoid patching the operating system. Which Azure service should they choose?
Trap 1: Azure SQL Database
Azure SQL Database is a single database PaaS offering but lacks SQL Agent and cross-database query capabilities.
Trap 2: SQL Server on Azure Virtual Machines
While it provides full control, it requires managing and patching the OS, which the customer wants to avoid.
Trap 3: Azure Database for SQL
There is no service named 'Azure Database for SQL'; Azure offers SQL Database, SQL Managed Instance, and SQL Server on VMs.
Why wrong: Azure SQL Database is a single database PaaS offering but lacks SQL Agent and cross-database query capabilities.
B
Azure SQL Managed Instance
Managed Instance offers full SQL Server engine capabilities with native virtual network support, SQL Agent, and cross-database queries, with no OS management.
C
SQL Server on Azure Virtual Machines
Why wrong: While it provides full control, it requires managing and patching the OS, which the customer wants to avoid.
D
Azure Database for SQL
Why wrong: There is no service named 'Azure Database for SQL'; Azure offers SQL Database, SQL Managed Instance, and SQL Server on VMs.
A company is designing a disaster recovery solution for a multi-tier application hosted in Azure. They need to ensure that if an entire Azure region becomes unavailable, the application can fail over to another region. The application uses Azure SQL Database. Which Azure feature should they use to replicate the database across regions?
Trap 1: A) Azure SQL Database geo-replication
Geo-replication provides asynchronous replication but requires manual failover, not automatic.
Trap 2: C) Azure Traffic Manager
Traffic Manager routes user traffic based on DNS, it does not replicate database data.
Trap 3: D) Azure Site Recovery
Site Recovery is used for replicating and failing over VMs or physical servers, not Azure SQL Database.
A company has a virtual machine running a legacy application that needs high-performance, low-latency storage for transactional data. They need to attach a storage solution that provides the highest IOPS and throughput. Which Azure managed disk type should they choose?
Trap 1: A) Standard HDD
Standard HDD offers the lowest IOPS and throughput, not suitable for high-performance needs.
Trap 2: B) Standard SSD
Standard SSD provides moderate performance but not the highest IOPS.
Trap 3: C) Premium SSD
Premium SSD offers high performance but Ultra Disk provides even higher IOPS and lower latency.
A company needs to store large amounts of unstructured data, such as images and videos, for a web application. They need to access data from anywhere via HTTP/HTTPS. Which Azure storage service should they use?
Trap 1: B) Azure File Storage
File Storage provides network file shares using SMB, not primarily for HTTP access.
Trap 2: C) Azure Queue Storage
Queue Storage is for messaging between application components, not for storing large files.
Trap 3: D) Azure Table Storage
Table Storage is a NoSQL datastore for structured data, not suitable for large binary files.
A company deploys virtual machines in Azure. They want to ensure that the VMs are distributed across multiple fault domains and update domains within an Azure datacenter to protect against hardware failures and maintenance. Which Azure construct should they use?
Trap 1: B) Availability Zone
Availability zones are physically separate datacenters within a region, not focused on fault/update domains within a single datacenter.
Trap 2: C) Region Pair
Region pairs pair two regions for disaster recovery, not for distributing VMs within a datacenter.
Trap 3: D) Resource Group
Resource groups are logical containers for resources; they do not provide hardware redundancy.
A company deploys a multi-tier application using Azure virtual machines. The web tier VMs must be evenly distributed across two distinct data centers within an Azure region to avoid a single point of failure from an infrastructure outage. Which Azure construct should they use to meet this requirement?
Trap 1: Availability set
An availability set provides fault tolerance within a single Azure datacenter by distributing VMs across multiple fault domains and update domains. It does not span separate data centers within a region.
Trap 2: Proximity placement group
A proximity placement group is used to reduce network latency by co-locating resources. It does not spread VMs across different data centers for fault tolerance.
Trap 3: Azure Load Balancer
Azure Load Balancer distributes incoming traffic but does not inherently ensure that VMs are placed in different physical locations. It can work with availability sets or zones, but it is not the construct for physical placement.
Why wrong: An availability set provides fault tolerance within a single Azure datacenter by distributing VMs across multiple fault domains and update domains. It does not span separate data centers within a region.
B
Availability zone
Availability zones are physically separate data centers within an Azure region. Deploying VMs across zones protects against an entire data center failure. This matches the requirement of using distinct data centers.
C
Proximity placement group
Why wrong: A proximity placement group is used to reduce network latency by co-locating resources. It does not spread VMs across different data centers for fault tolerance.
D
Azure Load Balancer
Why wrong: Azure Load Balancer distributes incoming traffic but does not inherently ensure that VMs are placed in different physical locations. It can work with availability sets or zones, but it is not the construct for physical placement.
A company wants to migrate an on-premises application to Azure. The application requires consistently high disk throughput for database files. They plan to use Azure virtual machines with managed disks. Which disk type should they choose to get the highest possible IOPS and throughput at a premium cost?
Trap 1: Standard SSD
Standard SSDs offer cost-effective storage with moderate IOPS and throughput, but not the highest performance available.
Trap 2: Premium SSD v2
Premium SSD v2 delivers high performance with lower latency than Standard SSDs, but Ultra Disk provides even higher IOPS and throughput.
Trap 3: Standard HDD
Standard HDD is suitable for backup and non-critical workloads but has low IOPS and throughput, not appropriate for high-performance database files.
Why wrong: Standard SSDs offer cost-effective storage with moderate IOPS and throughput, but not the highest performance available.
B
Premium SSD v2
Why wrong: Premium SSD v2 delivers high performance with lower latency than Standard SSDs, but Ultra Disk provides even higher IOPS and throughput.
C
Ultra Disk
Ultra Disk is designed for data-intensive workloads, offering the highest IOPS and throughput with low latency, making it ideal for high-performance database storage.
D
Standard HDD
Why wrong: Standard HDD is suitable for backup and non-critical workloads but has low IOPS and throughput, not appropriate for high-performance database files.
A company plans to run a large-scale batch processing job on Azure that runs for 10 hours every night. The job is fault-tolerant and can be interrupted. They want to minimize cost as much as possible. Which Azure virtual machine pricing option should they use?
Trap 1: Reserved Instances
Reserved Instances provide a discount for committing to a 1 or 3 year term. However, they are not cost-effective for a nightly 10-hour job because the reservation covers the VM 24/7, even when not used.
Trap 2: Pay-as-you-go
Pay-as-you-go is the default pricing, but it is more expensive than Spot VMs. Since the job can tolerate interruptions, Spot VMs are a better cost optimization.
Trap 3: Dedicated Hosts
Dedicated hosts provide physical servers dedicated to a single customer, which is the most expensive option. They are not used for cost savings, but for licensing or compliance requirements.
Why wrong: Reserved Instances provide a discount for committing to a 1 or 3 year term. However, they are not cost-effective for a nightly 10-hour job because the reservation covers the VM 24/7, even when not used.
B
Spot VMs
Spot VMs offer the lowest cost because they use surplus Azure capacity. The job is fault-tolerant and can be interrupted, which is a key requirement for using Spot VMs. This maximizes cost savings.
C
Pay-as-you-go
Why wrong: Pay-as-you-go is the default pricing, but it is more expensive than Spot VMs. Since the job can tolerate interruptions, Spot VMs are a better cost optimization.
D
Dedicated Hosts
Why wrong: Dedicated hosts provide physical servers dedicated to a single customer, which is the most expensive option. They are not used for cost savings, but for licensing or compliance requirements.
What does the AZ-900 exam test about Describe Azure architecture and services?
Azure Architecture and Services covers the core components of Azure—compute, networking, storage, databases, identity, and management—and how they work together to build cloud solutions, tested through scenario-based questions on service selection and architectural concepts.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Describe Azure architecture and services questions in a focused session?
Yes — the session launcher on this page draws every question from the Describe Azure architecture and services domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-900 topics?
Use the topic links above to move to related areas, or go back to the AZ-900 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-900 exam covers. They are not copied from any real exam or dump site.