Question 1mediummultiple choice
Full question →AZ-900 · topic practice
Azure Governance practice questions
Use this page to practise AZ-900 Azure Governance practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Azure Governance
Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
IaaS, PaaS and SaaS responsibilities and examples.
Public, private, hybrid and community cloud deployment models.
On-premises vs cloud trade-offs: cost, control, scalability.
How cloud connectivity options (VPN, Direct Connect, ExpressRoute) work.
Practice set
Azure Governance questions
20 questions · select your answer, then reveal the explanation
Question 2mediummultiple choice
Full question →A company has a governance requirement that every Azure virtual machine must have a tag named 'CostCenter' with the value 'Unassigned'. If a user creates a VM without the tag, or with a different value for that tag, the tag should be automatically corrected to 'Unassigned' immediately upon resource creation. The IT team is writing an Azure Policy definition to enforce this. Which Policy effect should they use?
Question 3mediummultiple choice
Full question →A company has a policy that all Azure resources must have a tag named 'CostCenter'. The governance team wants to automatically add the tag with a default value 'IT' to any new resource that is created without it. The team wants the tag to be applied during resource creation, not just report non-compliance. The solution must also support remediation for existing non-compliant resources if needed later. Which Azure Policy effect should the team use in their policy definition?
Question 4mediummultiple choice
Full question →A company has a regulatory requirement that all Azure resources must be deployed only in the West Europe region. The governance team needs to automatically prevent any user or application from creating resources in any other region. The team must also ensure that this restriction is applied to all existing and future subscriptions within the tenant. Which Azure service should the governance team use?
Question 5mediummultiple choice
Full question →A company has an Azure Policy assignment that denies the creation of any virtual machine (VM) that does not have a mandatory 'CostCenter' tag. A development team needs to deploy a temporary test VM without the required tag for a short-term experiment. The governance team wants to allow this specific exception while recording the reason for the exception, ensuring the policy is still enforced for all other resources. The exception must also automatically expire after 30 days. Which Azure Policy feature should the governance team use?
Question 6mediummultiple choice
Full question →A company has a policy that every Azure virtual machine must have the Azure Monitor Agent installed and configured to send metrics to a central Log Analytics workspace. To enforce this requirement without relying on manual user action, the governance team wants to automatically deploy the agent to any existing or new VM that is missing it. They also need to generate a compliance report showing any VMs where the installation failed. Which Azure Policy effect should the team use to meet these requirements?
Question 7easymultiple choice
Full question →A company has a resource group named 'RG-Prod' that contains critical virtual machines, a SQL database, and a storage account. The infrastructure team needs to ensure that no one can accidentally delete this resource group or any of its resources. However, users must still be able to create, update, and delete individual resources within the group as needed for normal operations. Which type of Azure Resource Lock should the team apply to 'RG-Prod'?
Question 8easymultiple choice
Full question →A company wants to track and analyze Azure costs across multiple departments. They have tagged resources with 'Department' tags. Which tool should they use to view cost breakdowns by department?
Question 9mediummultiple choice
Full question →A company has a production resource group that contains several Azure virtual machines and a SQL database. The company wants to ensure that no user can accidentally delete these resources, but authorized administrators must still be able to modify the configuration and update the resources. The company needs a straightforward governance feature that can be applied directly to the resource group and can be removed only by an authorized user with the Owner role. Which Azure feature should the company use?
Question 10mediummultiple choice
Full question →A company has an Azure subscription used by several development teams. The governance team wants to identify any virtual machines that are not tagged with a mandatory 'CostCenter' tag. The team does not want to block the creation of untagged VMs; they only want to report on non-compliant resources in Azure Policy's compliance dashboard. Which Azure Policy effect should they use in their policy definition?
Question 11mediummultiple choice
Full question →A company has a production Azure subscription used by multiple teams. The governance team wants to enforce a rule that only virtual machines (VMs) of specific SKU sizes (e.g., Standard_D2s_v3 and Standard_D4s_v3) can be deployed. If a team attempts to deploy a VM of a different SKU size, the deployment must be blocked immediately and the user must see an error message explaining the restriction. Which Azure feature should the governance team use?
Question 12mediummultiple choice
Full question →A company has multiple Azure subscriptions used by different departments. The governance team has created several Azure Policy definitions to enforce tagging rules, restrict allowed VM SKUs, and require HTTPS for storage accounts. The team wants to assign these policies as a single, manageable unit to a management group so that they can track overall compliance across all subscriptions in that group from one dashboard. The compliance summary should show how many resources are compliant against all the combined policies. Which Azure feature should the team use?
Question 13mediummultiple choice
Full question →A company has a policy that all Azure resources must have a 'CostCenter' tag. The governance team wants to identify any resources that are missing the tag without preventing their creation. They need a compliance report generated automatically showing all non-compliant resources. Which Azure Policy effect should they use?
Question 14mediummultiple choice
Full question →A company has multiple Azure subscriptions for different departments. They want to track and analyze costs, and allocate costs to each department based on tags applied to resources. Which Azure tool should they use?
Question 15mediummultiple choice
Full question →A company has a management group hierarchy with a root management group that contains all subscriptions. The governance team assigns a built-in Azure Policy initiative 'Allowed Locations' to the root management group with the 'Deny' effect, restricting resource deployment to East US and West US only. After six months, a new regulatory requirement forces the marketing department's subscription (placed under the root) to deploy resources in North Europe for a specific pilot project. The governance team must allow this exception without changing the original policy assignment and without allowing any other subscription to deploy to North Europe. What should the governance team do?
Question 16mediummultiple choice
Full question →A company has a root management group that contains all Azure subscriptions. A centralized governance team needs to create and assign Azure Policy definitions and set initiatives that apply to all subscriptions. Which built-in role should be assigned to the governance team at the root management group scope to grant the minimum required permissions?
Question 17mediummultiple choice
Full question →A company has a root management group containing three subscriptions: Production, Development, and Sandbox. The governance team assigns an Azure Policy initiative to the root management group that enforces tagging requirements. The Sandbox subscription is used for experimental testing and needs to be temporarily excluded from the tagging requirements while the team evaluates a new tagging schema. The team must ensure the policy assignment remains active in Production and Development but does not affect resources in Sandbox. Which Azure Policy feature should the team use?
Question 18mediummultiple choice
Full question →A company has 30 Azure subscriptions organized under a single management group. The governance team wants to enforce that all resource groups must have a specific tag 'CostCenter' with a valid value. They create an Azure Policy definition with the 'Deny' effect and assign it to the root management group. However, the development team complains that they have a sandbox subscription where they need to create resource groups without the 'CostCenter' tag for testing. The governance team still wants the policy to apply to all other subscriptions but exempt the sandbox subscription. Which solution should the governance team use?
Question 19mediummultiple choice
Full question →A company has several Azure subscriptions that contain hundreds of virtual machines. A new corporate standard requires that all VMs must use Azure managed disks instead of unmanaged disks. The governance team needs to automatically identify existing VMs with unmanaged disks and convert them to managed disks without requiring manual intervention for each VM. The team also wants to ensure that any new VMs created in the future automatically use managed disks. Which Azure feature should they use to meet both requirements?
Question 20mediummultiple choice
Full question →A company has three departments: Sales, Marketing, and IT. Each department has its own Azure subscription. The IT department manages all networking and security policies across all subscriptions. The Sales and Marketing departments should be able to create and manage their own resources but cannot modify networking or security policies. The IT department wants to apply a consistent set of policies (e.g., enforce tagging, restrict VM SKUs) across all subscriptions without needing to assign policies to each subscription individually. Additionally, the IT department wants to delegate administration of a specific custom role to a junior administrator who can assign that role to users within the Sales subscription only. Which combination of Azure governance features should the IT department use?
Watch out for
Common Azure Governance exam traps
- ▸IaaS gives you infrastructure control; SaaS gives you only the application.
- ▸Hybrid cloud combines on-premises and public cloud — not two public clouds.
- ▸Cloud does not automatically mean cheaper or more secure.
- ▸Management responsibility shifts with each service model (IaaS → PaaS → SaaS).
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Azure Governance sessions
Start a Azure Governance only practice session
Every question in these sessions is drawn from the Azure Governance domain — nothing else.
Related practice questions
Related AZ-900 topic practice pages
Move into related areas when this topic feels solid.
AZ-900 cloud concepts practice questions
Practise AZ-900 questions linked to AZ-900 cloud concepts.
AZ-900 Azure services practice questions
Practise AZ-900 questions linked to AZ-900 Azure services.
AZ-900 pricing and support practice questions
Practise AZ-900 questions linked to AZ-900 pricing and support.
AZ-900 security and compliance practice questions
Practise AZ-900 questions linked to AZ-900 security and compliance.
AZ-900 governance practice questions
Practise AZ-900 questions linked to AZ-900 governance.
Frequently asked questions
- What does the AZ-900 exam test about Azure Governance?
- Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Azure Governance questions in a focused session?
- Yes — the session launcher on this page draws every question from the Azure Governance domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other AZ-900 topics?
- Use the topic links above to move to related areas, or go back to the AZ-900 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the AZ-900 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸IaaS gives you infrastructure control; SaaS gives you only the application.
- ▸Hybrid cloud combines on-premises and public cloud — not two public clouds.
- ▸Cloud does not automatically mean cheaper or more secure.
- ▸Management responsibility shifts with each service model (IaaS → PaaS → SaaS).