Question 1mediummulti select
Full question →AZ-900 · topic practice
Security Privacy Compliance practice questions
Use this page to practise AZ-900 Security Privacy Compliance practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Security Privacy Compliance
Security Privacy Compliance questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Security Privacy Compliance questions
20 questions · select your answer, then reveal the explanation
Question 2easymultiple choice
Full question →A company wants to enforce a set of security policies across all their Azure subscriptions. They have created several individual policy definitions. Which Azure construct should they use to group these policies together and assign them as a single package?
Question 3mediummultiple choice
Full question →A company deploys a line-of-business application on an Azure virtual machine. The IT team wants to ensure the application remains secure. According to the shared responsibility model, which of the following security tasks is the sole responsibility of the customer (the company)?
Question 4mediummultiple choice
Full question →A company has an Azure tenant with a management group hierarchy. The 'Production' management group contains five subscriptions used by the operations team. The IT security team wants to grant the 'Network Contributor' role to a group of network administrators for all subscriptions under the 'Production' management group. The role assignment must automatically apply to any new subscription added under the 'Production' management group in the future. The network administrators already exist as a security group in Azure AD. What is the most efficient way to achieve this?
Question 5mediummultiple choice
Full question →A company has a policy that all Azure Storage accounts must have diagnostic settings enabled to send logs and metrics to a specific Log Analytics workspace. The governance team wants to automatically configure these diagnostic settings when a new storage account is created, without blocking the initial creation. The solution must not require manual intervention. Which Azure Policy effect should the team use in their policy definition?
Question 6mediummultiple choice
Full question →A company has a policy that all Azure resources deployed to production subscriptions must be tagged with a 'CostCenter' tag. They want to automatically prevent the creation of any resource that does not include this tag. Which Azure Policy effect should they use in their policy definition?
Question 7mediummultiple choice
Full question →A cloud provider uses virtualization technology to host multiple customers on the same physical server. Each customer's data, applications, and operating systems are logically isolated and secured from one another. Which characteristic of cloud computing does this scenario best describe?
Question 8mediummultiple choice
Full question →A company has a root management group that contains two child management groups: Production and Development. Each child management group contains several subscriptions. The security team assigns a built-in Azure Policy definition with the 'Deny' effect to the Production management group to enforce encryption on all storage accounts. Later, the Development team requests that storage accounts in their subscriptions must not be encrypted because they host temporary test data that needs to be quickly deleted and recreated. The security team must allow this exception for Development only, without changing the policy for Production. What should the security team do?
Question 9mediummultiple choice
Full question →A company has a policy that all Azure resources must have a tag named 'CostCenter'. The governance team wants to automatically add the tag with a default value 'IT' to any new resource that is created without it. The team wants the tag to be applied during resource creation, not just report non-compliance. The solution must also support remediation for existing non-compliant resources if needed later. Which Azure Policy effect should the team use in their policy definition?
Question 10mediummultiple choice
Full question →A company has a policy that all Azure resources must have a 'CostCenter' tag. They want to automatically audit and deny the creation of any resource that does not include this tag. Which Azure Policy effect should they use?
Question 11mediummultiple choice
Full question →A company has an Azure Policy assignment that denies the creation of any virtual machine (VM) that does not have a mandatory 'CostCenter' tag. A development team needs to deploy a temporary test VM without the required tag for a short-term experiment. The governance team wants to allow this specific exception while recording the reason for the exception, ensuring the policy is still enforced for all other resources. The exception must also automatically expire after 30 days. Which Azure Policy feature should the governance team use?
Question 12mediummultiple choice
Full question →A company has a policy that every Azure virtual machine must have the Azure Monitor Agent installed and configured to send metrics to a central Log Analytics workspace. To enforce this requirement without relying on manual user action, the governance team wants to automatically deploy the agent to any existing or new VM that is missing it. They also need to generate a compliance report showing any VMs where the installation failed. Which Azure Policy effect should the team use to meet these requirements?
Question 13mediummultiple choice
Full question →A company has a team of support engineers who need to be able to restart Azure virtual machines when they become unresponsive. The support engineers must not be able to modify the VM configuration, delete the VMs, or access VM data. The company wants to use the principle of least privilege. No built-in Azure role meets these exact requirements. What should the company do?
Question 14mediummultiple choice
Full question →A company has a policy that all Azure resources must have an 'Owner' tag. They want to automatically add the 'Owner' tag with a value 'Default' to any resource created without it. Which Azure Policy effect should they use?
Question 15mediummultiple choice
Full question →A company has a critical production resource group that contains several virtual machines and an Azure SQL Database. The IT manager wants to prevent anyone from accidentally deleting the resource group or any of its resources. However, authorized administrators must still be able to add, update, or delete individual resources within the group (except deletion of the group itself). Which Azure feature should the manager apply to the resource group?
Question 16mediummultiple choice
Full question →A company has deployed several Windows and Linux virtual machines in an Azure virtual network. For security reasons, the virtual machines have no public IP addresses assigned. The IT administrators need to securely connect to these VMs using Remote Desktop Protocol (RDP) for Windows and Secure Shell (SSH) for Linux without deploying any additional agents on the VMs. The connection must be established directly from the Azure portal, and the service must provide protection against port scanning and brute-force attacks. Which Azure service should the company use?
Question 17mediummultiple choice
Full question →A company has an Azure subscription used by several development teams. The governance team wants to identify any virtual machines that are not tagged with a mandatory 'CostCenter' tag. The team does not want to block the creation of untagged VMs; they only want to report on non-compliant resources in Azure Policy's compliance dashboard. Which Azure Policy effect should they use in their policy definition?
Question 18mediummultiple choice
Full question →A company has an Azure Policy assigned to all subscriptions that denies creation of any resource without a 'CostCenter' tag. During an emergency, a team needs to create a resource without the tag. They want a temporary exception without changing the policy. What should they create?
Question 19mediummultiple choice
Full question →A company has deployed several Azure virtual machines in a VNet. The security policy requires that no VM has a public IP address. However, administrators need to connect to the VMs using RDP and SSH for management. The administrators currently use the Azure portal and must not install any additional client software on their local workstations. Which Azure service should they use to meet these requirements?
Question 20easymultiple choice
Full question →A company has an Azure policy requirement that all new resources in a specific resource group must have a 'Department' tag. If a resource is created without this tag, the tag should be automatically added with a default value of 'Finance'. Which Azure Policy effect should be used?
Watch out for
Common Security Privacy Compliance exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Security Privacy Compliance sessions
Start a Security Privacy Compliance only practice session
Every question in these sessions is drawn from the Security Privacy Compliance domain — nothing else.
Related practice questions
Related AZ-900 topic practice pages
Move into related areas when this topic feels solid.
AZ-900 cloud concepts practice questions
Practise AZ-900 questions linked to AZ-900 cloud concepts.
AZ-900 Azure services practice questions
Practise AZ-900 questions linked to AZ-900 Azure services.
AZ-900 pricing and support practice questions
Practise AZ-900 questions linked to AZ-900 pricing and support.
AZ-900 security and compliance practice questions
Practise AZ-900 questions linked to AZ-900 security and compliance.
AZ-900 governance practice questions
Practise AZ-900 questions linked to AZ-900 governance.
Frequently asked questions
- What does the AZ-900 exam test about Security Privacy Compliance?
- Security Privacy Compliance questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Security Privacy Compliance questions in a focused session?
- Yes — the session launcher on this page draws every question from the Security Privacy Compliance domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other AZ-900 topics?
- Use the topic links above to move to related areas, or go back to the AZ-900 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the AZ-900 exam covers. They are not copied from any real exam or dump site.
Security Privacy Compliance only
Mixed AZ-900 sessionTrack your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.