Question 1hardmultiple choice
Full question →AZ-900 · topic practice
Describe Azure Management And Governance practice questions
Use this page to practise AZ-900 Describe Azure Management And Governance practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Describe Azure Management And Governance
Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
IaaS, PaaS and SaaS responsibilities and examples.
Public, private, hybrid and community cloud deployment models.
On-premises vs cloud trade-offs: cost, control, scalability.
How cloud connectivity options (VPN, Direct Connect, ExpressRoute) work.
Practice set
Describe Azure Management And Governance questions
20 questions · select your answer, then reveal the explanation
Question 2mediummulti select
Full question →A solutions architect is designing a storage solution for a large media company. The company needs to store video files that are accessed infrequently but must be retained for several years for compliance. Which two Azure storage options meet these requirements? (Select two.)
Question 3mediummultiple choice
Full question →A company deploys a multi-tier application using Azure virtual machines. The web tier VMs must be evenly distributed across two distinct data centers within an Azure region to avoid a single point of failure from an infrastructure outage. Which Azure construct should they use to meet this requirement?
Question 4easymultiple choice
Full question →A company wants to enforce a set of security policies across all their Azure subscriptions. They have created several individual policy definitions. Which Azure construct should they use to group these policies together and assign them as a single package?
Question 5mediummultiple choice
Full question →A company deploys a line-of-business application on an Azure virtual machine. The IT team wants to ensure the application remains secure. According to the shared responsibility model, which of the following security tasks is the sole responsibility of the customer (the company)?
Question 6mediummultiple choice
Full question →A company develops a web API that runs on Azure App Service. The development team wants to deploy a new version of the API to a staging environment, run integration tests against it, and then gradually shift production traffic to the new version. If any issues are detected, they want to immediately roll back to the previous version without redeploying. Which Azure App Service feature should the team use to meet these requirements?
Question 7hardmultiple choice
Full question →A company deploys a critical application across two Azure regions for disaster recovery. They want to automatically failover traffic to the secondary region if the primary becomes unavailable. They also want to improve performance by routing users to the closest region. Which Azure service should they use?
Question 8mediummultiple choice
Full question →A company currently runs its application on-premises in a data center. The IT manager calculates that the cost per server per month is approximately $200 when considering hardware depreciation, electricity, cooling, and staff. The company is considering moving to Azure and discovers that Azure can provision the same server capacity for $150 per month, but only if the company commits to a three-year reservation. Which cloud concept best explains why Azure can offer a lower price even with the reservation commitment?
Question 9mediummultiple choice
Full question →A company has an Azure tenant with a management group hierarchy. The 'Production' management group contains five subscriptions used by the operations team. The IT security team wants to grant the 'Network Contributor' role to a group of network administrators for all subscriptions under the 'Production' management group. The role assignment must automatically apply to any new subscription added under the 'Production' management group in the future. The network administrators already exist as a security group in Azure AD. What is the most efficient way to achieve this?
Question 10mediummultiple choice
Full question →A company deploys two Azure virtual machines in an availability set. The application requires that at least one VM remains running during Azure platform-initiated maintenance, such as operating system updates to the underlying host. Which component of the availability set directly ensures that the VMs are not updated at the same time?
Question 11mediummultiple choice
Full question →A company has a policy that all Azure Storage accounts must have diagnostic settings enabled to send logs and metrics to a specific Log Analytics workspace. The governance team wants to automatically configure these diagnostic settings when a new storage account is created, without blocking the initial creation. The solution must not require manual intervention. Which Azure Policy effect should the team use in their policy definition?
Question 12mediummultiple choice
Full question →A company deploys a mission-critical application across three Azure availability zones. The application is designed to continue operating without any interruption if an entire availability zone becomes unavailable. Which cloud computing characteristic does this scenario best illustrate?
Question 13mediummultiple choice
Full question →A company has a governance requirement that every Azure virtual machine must have a tag named 'CostCenter' with the value 'Unassigned'. If a user creates a VM without the tag, or with a different value for that tag, the tag should be automatically corrected to 'Unassigned' immediately upon resource creation. The IT team is writing an Azure Policy definition to enforce this. Which Policy effect should they use?
Question 14mediummultiple choice
Full question →A company has a policy that all Azure resources deployed to production subscriptions must be tagged with a 'CostCenter' tag. They want to automatically prevent the creation of any resource that does not include this tag. Which Azure Policy effect should they use in their policy definition?
Question 15mediummultiple choice
Full question →A cloud provider uses virtualization technology to host multiple customers on the same physical server. Each customer's data, applications, and operating systems are logically isolated and secured from one another. Which characteristic of cloud computing does this scenario best describe?
Question 16mediummultiple choice
Full question →A company has a root management group that contains two child management groups: Production and Development. Each child management group contains several subscriptions. The security team assigns a built-in Azure Policy definition with the 'Deny' effect to the Production management group to enforce encryption on all storage accounts. Later, the Development team requests that storage accounts in their subscriptions must not be encrypted because they host temporary test data that needs to be quickly deleted and recreated. The security team must allow this exception for Development only, without changing the policy for Production. What should the security team do?
Question 17hardmultiple choice
Full question →A company deploys a critical application on Azure virtual machines. They want to ensure that the VMs are distributed across physically separate datacenters within a single Azure region to protect against a single datacenter failure. Which Azure feature should they use?
Question 18mediummultiple choice
Full question →A company has a policy that all Azure resources must have a tag named 'CostCenter'. The governance team wants to automatically add the tag with a default value 'IT' to any new resource that is created without it. The team wants the tag to be applied during resource creation, not just report non-compliance. The solution must also support remediation for existing non-compliant resources if needed later. Which Azure Policy effect should the team use in their policy definition?
Question 19mediummultiple choice
Full question →A company has a regulatory requirement that all Azure resources must be deployed only in the West Europe region. The governance team needs to automatically prevent any user or application from creating resources in any other region. The team must also ensure that this restriction is applied to all existing and future subscriptions within the tenant. Which Azure service should the governance team use?
Question 20mediummultiple choice
Full question →A company has a policy that all Azure resources must have a 'CostCenter' tag. They want to automatically audit and deny the creation of any resource that does not include this tag. Which Azure Policy effect should they use?
Watch out for
Common Describe Azure Management And Governance exam traps
- ▸IaaS gives you infrastructure control; SaaS gives you only the application.
- ▸Hybrid cloud combines on-premises and public cloud — not two public clouds.
- ▸Cloud does not automatically mean cheaper or more secure.
- ▸Management responsibility shifts with each service model (IaaS → PaaS → SaaS).
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Describe Azure Management And Governance sessions
Start a Describe Azure Management And Governance only practice session
Every question in these sessions is drawn from the Describe Azure Management And Governance domain — nothing else.
Related practice questions
Related AZ-900 topic practice pages
Move into related areas when this topic feels solid.
AZ-900 cloud concepts practice questions
Practise AZ-900 questions linked to AZ-900 cloud concepts.
AZ-900 Azure services practice questions
Practise AZ-900 questions linked to AZ-900 Azure services.
AZ-900 pricing and support practice questions
Practise AZ-900 questions linked to AZ-900 pricing and support.
AZ-900 security and compliance practice questions
Practise AZ-900 questions linked to AZ-900 security and compliance.
AZ-900 governance practice questions
Practise AZ-900 questions linked to AZ-900 governance.
Frequently asked questions
- What does the AZ-900 exam test about Describe Azure Management And Governance?
- Cloud concepts questions usually test the service model (IaaS/PaaS/SaaS) and deployment model (public/private/hybrid/community) appropriate for a given scenario.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Describe Azure Management And Governance questions in a focused session?
- Yes — the session launcher on this page draws every question from the Describe Azure Management And Governance domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other AZ-900 topics?
- Use the topic links above to move to related areas, or go back to the AZ-900 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the AZ-900 exam covers. They are not copied from any real exam or dump site.
Describe Azure Management And Governance only
Mixed AZ-900 sessionTrack your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸IaaS gives you infrastructure control; SaaS gives you only the application.
- ▸Hybrid cloud combines on-premises and public cloud — not two public clouds.
- ▸Cloud does not automatically mean cheaper or more secure.
- ▸Management responsibility shifts with each service model (IaaS → PaaS → SaaS).