AZ-900 · topic practice

Security Privacy Compliance practice questions

Practise Microsoft Azure Fundamentals AZ-900 Security Privacy Compliance practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security Privacy Compliance

What the exam tests

What to know about Security Privacy Compliance

Security Privacy Compliance questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security Privacy Compliance exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security Privacy Compliance questions

20 questions · select your answer, then reveal the explanation

A company wants to ensure that all Azure resources are tagged with a 'CostCenter' tag at creation time. If a resource is created without the tag, it should be automatically denied. Which Azure Policy effect should they use?

Question 2mediummultiple choice
Review the full subnetting walkthrough →

A company uses Azure to host multiple virtual machines and virtual networks. The network team is responsible for configuring and maintaining virtual networks, subnets, and network security groups. The company wants to ensure that the network team can manage these network resources but cannot modify or delete virtual machines. Which Azure built-in role should the company assign to the network team?

A global company creates a new Azure subscription for each major project. To ensure compliance and consistency, the governance team needs a single, versioned, auditable package that, when assigned to a subscription, automatically deploys a standard set of Azure Policy assignments, role assignments, a resource group structure, and a pre-configured virtual network. The solution must allow these packages to be updated centrally and have changes tracked for auditing. Which Azure service should the governance team use?

A company wants to enforce a naming convention for all Azure resources. For example, all resources must start with 'Contoso-'. They want to automatically audit and deny creation of resources that do not follow the naming convention. Which Azure Policy effect should they use?

A company wants to query all Azure resources across multiple subscriptions to find all storage accounts without encryption enabled. They need to use a powerful query language to filter and join data. Which Azure tool should they use?

A financial services firm uses a hybrid cloud strategy. They run customer-facing applications in a public cloud and store sensitive customer data in an on-premises data center to meet regulatory compliance. The firm wants to allow its applications in the public cloud to securely access the on-premises data when needed. Which cloud deployment model best describes this setup?

A company wants to ensure that all new Azure storage accounts have a specific encryption setting enabled. They also want to automatically remediate any existing non-compliant storage accounts without manual effort. Which Azure Policy effect should they use?

A financial services company must migrate a critical application to Azure. Regulatory compliance requires that the virtual machines (VMs) hosting this application run on physical servers that are dedicated solely to the company and not shared with any other Azure customer. The company needs full control over server hardware maintenance, including the ability to schedule updates and isolate the environment at the physical layer. Which Azure compute solution should the company use?

Question 9mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization migrates its patient data management application to Azure. The organization's compliance team learns that Azure's underlying physical infrastructure, including servers and storage, is shared by many customers globally. The team is concerned about data leakage and wants to understand which fundamental cloud computing characteristic allows the provider to share physical hardware among multiple tenants while ensuring that each tenant's data and compute resources remain logically isolated and secure from one another.

A financial institution must keep sensitive customer financial data on-premises to comply with regulatory requirements. However, they also want to use Azure to run compute-intensive analytics on anonymized datasets, taking advantage of scalable resources without managing physical servers. Which cloud deployment model should they adopt?

Question 11mediummultiple choice
Read the full NAT/PAT explanation →

A hospital is subject to strict data residency laws that require patient data to remain within the country's borders. They are considering using a public cloud provider. Which cloud deployment model would best meet this compliance requirement?

Question 12mediummultiple choice
Read the full NAT/PAT explanation →

A multinational company has 10 Azure subscriptions, each managed by a different department. The central governance team wants to deploy a standardized environment that includes a specific network topology (virtual network, subnets, and network security groups), a set of Azure Policy definitions to enforce tagging and encryption, and a role assignment granting the 'Reader' role to a central security team in every subscription. The team must be able to update this standard definition in one place, and any changes should automatically apply to all existing deployments that were created from the definition. Which Azure service should they use?

Question 13mediummultiple choice
Read the full NAT/PAT explanation →

A multinational company has multiple Azure subscriptions managed by different teams. The compliance team requires that all new virtual machines deployed in any subscription must have a specific tag (e.g., 'CostCenter') and must be deployed in approved regions only. They also want to automatically enforce these requirements without manual intervention. Which Azure service should the compliance team use to achieve this?

Question 14mediummultiple choice
Read the full NAT/PAT explanation →

A retail company is planning to migrate its e-commerce application to Azure. The application will run on an Azure virtual machine that the company will manage. The IT manager wants to ensure that security patches are applied promptly. According to the shared responsibility model, who is responsible for applying security updates to the guest operating system of the Azure virtual machine?

Question 15mediummultiple choice
Read the full NAT/PAT explanation →

A hospital stores patient data in the cloud. They are concerned about physical security at the datacenter. Which aspect of the shared responsibility model describes the cloud provider's obligation to secure the physical infrastructure?

A financial services company processes sensitive customer data and must strictly control the physical location of the servers. They want to use cloud computing but with dedicated hardware that is not shared with other customers. Which cloud deployment model should they choose?

A financial services company must deploy a standardized environment for a new customer-facing application. The environment must include a specific set of Azure resources (such as virtual networks, databases, and App Service plans), pre-configured role assignments for the compliance team, and a collection of Azure Policy definitions that enforce encryption and tagging rules. The company needs to package all these components into a single, versioned artifact that can be consistently deployed across multiple subscriptions and regions, with the ability to track changes and updates. Which Azure service should the company use to achieve this?

A financial services company is evaluating a public cloud provider. They are concerned about the shared responsibility model for security. The company must ensure that their customer data is encrypted at rest and in transit. Under the shared responsibility model, which security control is the cloud provider typically responsible for?

Question 19mediummultiple choice
Study the full virtualization explanation →

A hospital stores patient data in the cloud. The hospital is responsible for encrypting the data before uploading, managing user access, and complying with healthcare regulations. The cloud provider is responsible for securing the physical datacenter, network infrastructure, and hypervisor. This model describes which concept?

What is the purpose of Azure tags?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security Privacy Compliance sessions

Start a Security Privacy Compliance only practice session

Every question in these sessions is drawn from the Security Privacy Compliance domain — nothing else.

Related practice questions

Related AZ-900 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AZ-900 exam test about Security Privacy Compliance?
Security Privacy Compliance questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security Privacy Compliance questions in a focused session?
Yes — the session launcher on this page draws every question from the Security Privacy Compliance domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-900 topics?
Use the topic links above to move to related areas, or go back to the AZ-900 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-900 exam covers. They are not copied from any real exam or dump site.