Microsoft AZ-900 Exam Dumps & Practice Test Questions

Question 1:

Your organization operates data centers in both Los Angeles and New York and uses Microsoft Azure services. You are tasked with configuring geo-clustering to ensure service continuity between the two sites. The following conditions must be met:

• Data should be saved across multiple storage nodes.

• Replication must occur between distinct geographic regions.

• The system should support reading data from both the primary and secondary sites.

Which Azure storage redundancy configuration best meets these requirements?

A. Geo-redundant storage
B. Read-access geo-redundant storage
C. Zone-redundant storage
D. Locally redundant storage

Answer: A

Explanation:

To meet the needs of geo-clustering and multi-region access, the appropriate Azure storage redundancy solution must support cross-region replication and accessibility from multiple locations. Among Azure's redundancy offerings, Geo-redundant storage (GRS) is best suited for this task.

GRS replicates your data asynchronously to a secondary region hundreds of miles away from the primary location. This ensures high durability and availability in case of regional failures. Data is stored on multiple nodes across two geographically separate locations, satisfying both resiliency and continuity.

Another important point is the readability of data. While GRS ensures cross-region storage, by default it supports reads only from the primary location. However, Microsoft includes features such as secondary read access via RA-GRS, but GRS alone provides the foundational geo-replication required for your setup.

Let’s review the other options:

• B. Read-access geo-redundant storage (RA-GRS) allows read operations from the secondary region, but it does not support active data writes in both regions. If you require active-active access or write-read capabilities at both ends, GRS is a better baseline.

• C. Zone-redundant storage (ZRS) only replicates data within different availability zones of the same Azure region. It doesn't meet the geo-redundancy requirement.

• D. Locally redundant storage (LRS) replicates data within a single data center or region. This does not support cross-regional resilience.

Therefore, to ensure multi-node, cross-region data durability and future extensibility for geo-redundant operations, Geo-redundant storage (GRS) is the most suitable recommendation.

Question 2:

Your company currently has the Basic Azure support plan. Management wants Microsoft to conduct a design review of their current Azure infrastructure. You need to suggest a support plan upgrade that allows this type of consultation while minimizing cost. 

You recommend upgrading to the Professional Direct support plan. Does this meet the requirement?

A. Yes
B. No

Answer: B

Explanation:

Azure offers several support tiers that vary based on response times, technical guidance, and advisory capabilities. The Basic plan only includes limited support through self-service tools and does not offer direct access to Microsoft support engineers or infrastructure assessments.

The company wants an in-depth evaluation of its Azure environment’s design—a service that involves specialized technical advisory, often tied to architecture validation, optimization, and recommendations for best practices. These services fall under Advisory Services, which are not included in the Professional Direct plan.

Let’s explore the differences between the available plans:

• The Professional Direct support plan does provide 24/7 access to technical engineers and faster response times. However, it does not include proactive consulting services like architecture design assessments or personalized environment reviews. This plan is more focused on technical break/fix support rather than strategic design consultation.

• The Premier support plan, on the other hand, does include architectural guidance, design reviews, and ongoing consultations. It is intended for enterprises needing dedicated technical account managers, solution architects, and direct engagement with Microsoft engineers.

So while Professional Direct represents a significant upgrade from the Basic plan in terms of responsiveness and technical support, it still does not offer the design assessment capability that the company requires.

If the goal is to engage Microsoft for a comprehensive evaluation of the existing Azure design, only the Premier or Unified support plans offer such functionality. Therefore, recommending Professional Direct would fall short of fulfilling the company’s objective.

The correct choice is B. No—the proposed solution does not meet the stated requirement for design assessment services.

Question 3:

You have been instructed to deploy virtual machines in Azure for your organization. You consider using Software as a Service (SaaS) as your cloud deployment model.

Would this approach satisfy the requirement?

A. Yes
B. No

Correct Answer: B

Explanation:

Using Software as a Service (SaaS) to deploy Azure virtual machines is not appropriate because SaaS is not designed for infrastructure management or custom server configurations. To understand why, let’s examine what SaaS is and why it falls short for this task.

SaaS is a cloud computing model that delivers ready-to-use applications over the internet. These applications are fully managed by the provider, including the underlying infrastructure, security, and software updates. Examples of SaaS products include Microsoft 365, Salesforce, and Google Workspace. Users interact with these applications via web interfaces and have no control over the underlying operating system or virtual machines.

In contrast, deploying Azure virtual machines requires direct interaction with the infrastructure. You need to choose the operating system, set configurations, install software, and manage the runtime environment. SaaS does not provide this level of access or flexibility. It is meant for end-users who need application functionality without concerning themselves with how it runs.

Instead, the appropriate model for deploying VMs is Infrastructure as a Service (IaaS). With IaaS, you have control over the virtual machines, including CPU, memory, storage, networking, OS installation, and security patches. Azure Virtual Machines are a core component of IaaS and are built specifically to offer that level of control.

Using SaaS in this scenario is like trying to use a ready-made spreadsheet service to build a custom data processing engine—it’s simply not built for that purpose. It hides all infrastructure elements from the user, making it impossible to deploy or manage virtual machines.

In summary, because SaaS does not allow direct access to infrastructure components, it cannot be used to deploy Azure virtual machines. For this reason, the proposed solution fails to meet the goal.

Question 4:

Your task is to set up Azure virtual machines for your company’s operations. You consider using Platform as a Service (PaaS) as your deployment method.

Does this approach fulfill the requirements?

A. Yes
B. No

Correct Answer: B

Explanation:

Choosing Platform as a Service (PaaS) for deploying Azure virtual machines is not suitable, because PaaS abstracts the infrastructure layer and does not offer the granular control required for VM deployment.

PaaS is intended to provide a platform for developing, running, and managing applications without dealing with the complexity of building and maintaining the underlying hardware or software layers. Common Azure PaaS services include Azure App Service, Azure Functions, and Azure SQL Database. These services are designed to handle application hosting and database management, allowing developers to focus on code instead of server setup.

While PaaS is excellent for creating scalable and efficient application environments, it does not give users control over virtual machine configuration. You cannot select the operating system, customize security policies, or manage VM-level resources. These tasks are essential when deploying and managing virtual machines.

On the other hand, Infrastructure as a Service (IaaS) is the cloud service model designed specifically for deploying and managing virtual machines. With IaaS, you gain full control over the virtual machines, including OS selection, installation of required software, and configuration of network and storage settings.

Let’s consider a simple analogy: PaaS is like renting a furnished office space—you can decorate and use it, but you can’t remodel the walls or change the floor plan. IaaS is like leasing an empty building shell—you have the freedom to configure everything inside it to your exact specifications.

Because deploying Azure VMs demands complete control over infrastructure, PaaS is too abstracted and doesn’t meet the technical requirement. The deployment goal requires customization that only IaaS can provide.

In conclusion, PaaS does not meet the goal because it limits control over the environment, making it impossible to configure or deploy virtual machines directly. Therefore, the correct choice is B. No.

Question 5:

You are planning to deploy Azure virtual machines to support your organization’s computing needs. You opt to use Infrastructure as a Service (IaaS) for this deployment.

Does this decision meet the goal?

A. Yes
B. No

Correct Answer: A

Explanation:

Selecting Infrastructure as a Service (IaaS) to deploy Azure virtual machines is absolutely the correct approach, because IaaS is the cloud service model specifically designed to provide control over virtual infrastructure resources.

With IaaS, cloud providers like Microsoft Azure supply virtualized hardware components—such as compute, storage, and networking—over the internet. These resources are fully managed in terms of hardware and physical maintenance, but users retain full control over everything above that layer: the operating system, middleware, runtime, and applications.

Azure Virtual Machines are a classic example of an IaaS offering. When you deploy a VM in Azure, you can:

• Choose the operating system (Windows or Linux)

• Configure CPU, memory, and disk

• Set up your own networking and security settings

• Install and run custom applications

This level of flexibility makes IaaS the best option when you need a customizable environment, which is precisely the case for virtual machine deployment.

Other service models, like Platform as a Service (PaaS) and Software as a Service (SaaS), do not provide this control. PaaS allows you to host applications but abstracts away the OS and server management. SaaS delivers ready-made applications with no visibility into the underlying infrastructure. Neither of these models enables VM configuration.

Another major benefit of IaaS is scalability—you can scale your VM resources as needed. You can also control costs by resizing VMs or using pricing models like reserved instances or spot VMs for specific workloads.

In summary, IaaS is the only cloud model that meets all the requirements for deploying and managing Azure virtual machines, giving users the necessary level of customization, control, and flexibility. Therefore, the correct answer is A. Yes.

Question 6:

Your development team has created ten web applications that must be hosted on Azure. The hosting plan must meet the following requirements:

• Support for custom domain names

• 10 GB of storage per app

• Dedicated compute for each app

• Built-in load balancing

• Cost-effectiveness

Which Azure App Service plan should you select?

A. Standard
B. Basic
C. Free
D. Shared

Correct Answer: A

Explanation:

To host ten production-ready web applications in Azure with specific requirements, the Standard App Service Plan is the most suitable option. Let’s review why it meets all your needs.

First, let's break down the requirements:

1. Custom domains – Essential for branding and secure access, this is not supported in the Free and Shared tiers, but is available in both Basic and Standard tiers.

2. 10 GB storage per app – This rules out the Free tier, which offers only 1 GB of storage. Basic provides 10 GB, but Standard offers 50 GB, giving more flexibility for future growth.

3. Dedicated compute instances – The Free and Shared tiers use shared infrastructure, meaning applications do not run on isolated compute resources. Both Basic and Standard provide dedicated compute, which ensures consistent performance.

4. Built-in load balancing – This feature is essential for distributing traffic evenly across app instances. The Standard tier includes load balancing, while Basic does not include advanced autoscaling and high availability options.

5. Cost-effectiveness – While Basic may seem cheaper, the Standard tier provides better long-term value through autoscaling, increased storage, and high availability, making it a more cost-effective choice for production workloads.

Additionally, the Standard tier supports features such as autoscaling, daily backups, SSL certificates, and regional deployment, which are important for maintaining uptime and security in production environments.

In conclusion, while other tiers may meet some of the criteria, only the Standard tier satisfies all the requirements: custom domains, storage capacity, dedicated compute, load balancing, and cost-efficiency for production use. Therefore, the correct answer is A. Standard.

Question 7

You are tasked with migrating a company to Azure. Each division within the company will have its own administrator responsible for managing the Azure resources used by that division. You want to design the Azure environment so that resources can be logically separated by division, but the administrative overhead is kept to a minimum. Your proposed solution is to use multiple Azure Active Directory (Azure AD) directories, one for each division. 

Will this solution effectively achieve the goal?

A. Yes
B. No

Answer: B

Explanation:

The goal here is to segment Azure resources per division while minimizing administrative complexity. The proposed solution suggests creating multiple Azure Active Directory (Azure AD) directories—one for each division. While it may seem logical to isolate divisions by separate directories, this approach actually increases administrative complexity and is not the best way to achieve resource segmentation in Azure.

Azure AD directories are primarily identity and access management constructs. Each directory operates independently with its own users, groups, and policies. When multiple directories exist, managing cross-division user access, resource permissions, and administration becomes complicated. This fragmentation makes it harder to maintain consistency and increases overhead for identity synchronization, user provisioning, and role management.

Furthermore, segmentation of Azure resources (like virtual machines, storage accounts, and networks) is generally handled within a single Azure AD tenant through the use of Azure subscriptions and resource groups. Subscriptions act as billing and resource containers that naturally segment resources, while resource groups provide further logical organization within subscriptions. Using Azure Role-Based Access Control (RBAC), administrators can delegate permissions finely and securely to division-specific administrators without needing separate directories.

Maintaining a single Azure AD tenant with multiple subscriptions or resource groups reduces complexity and operational overhead. It simplifies user management and enables centralized governance and compliance.

Thus, using multiple Azure AD directories contradicts the goal of minimizing administrative effort. The correct design is to use a single Azure AD tenant and segregate resources through subscriptions and resource groups.

Therefore, the answer is B. No—using multiple Azure AD directories does not meet the goal.

Question 8:

Your development team has built a portal web application intended for users in the Miami office. The app will be publicly accessible via the URL miami.weyland.com. It currently runs on-premises but you plan to migrate it to Azure. The web app must run on two instances for redundancy, include SSL support, have at least 12 GB of storage, and minimize costs. 

Which Azure App Service pricing tier should you select?

A. Standard
B. Basic
C. Free
D. Shared

Answer: A

Explanation:

Choosing the right Azure App Service tier depends on meeting all the functional and cost requirements without overspending. Let’s analyze each tier against the requirements.

1. Free Tier: This is intended for development or test workloads. It does not support custom domains (like miami.weyland.com) or SSL, and has only 1 GB of storage. It also doesn’t support multiple instances. This makes it unsuitable.

2. Shared Tier: Designed to share compute resources among many users, this tier does not offer custom domain support or SSL. Performance may be unpredictable, and storage is limited. It does not meet the business’s security or scale requirements.

3. Basic Tier: This tier supports custom domains, SSL, and multiple instances, making it a possible fit. However, Basic tier provides only 10 GB of storage, which is below the 12 GB required. While it supports scaling up to a few instances, it lacks autoscaling and some advanced features.

4. Standard Tier: This tier supports all the necessary features — custom domains, SSL, scaling across multiple instances, autoscaling, and advanced capabilities like staging slots. It also provides up to 50 GB of storage, comfortably exceeding the 12 GB requirement. Although slightly more costly than Basic, it balances cost with the needed functionality.

Given the need for two instances for availability, SSL support, custom domain, and at least 12 GB of storage, the Standard tier is the most appropriate. It ensures the application is secure, scalable, and meets performance and storage needs while maintaining cost efficiency for a production workload.

Thus, A. Standard is the best choice for hosting the Miami web app on Azure.

Question 9:

Which of the following Azure services provides a fully managed platform for building, deploying, and scaling web applications without managing the underlying infrastructure?

A. Azure Virtual Machines
B. Azure App Service
C. Azure Blob Storage
D. Azure Functions

Answer: B

Explanation:

Azure offers various services catering to different cloud computing needs, from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) and Function as a Service (FaaS).

• Azure Virtual Machines (A) provide IaaS, where users manage virtualized servers including OS updates and software installation. It requires managing the underlying infrastructure, which doesn’t meet the requirement for a fully managed platform.

• Azure App Service (B) is a Platform as a Service (PaaS) offering designed specifically for hosting web applications and APIs. It abstracts away infrastructure management, including OS patching, load balancing, and scaling, allowing developers to focus on app development. This makes Azure App Service the best fit for building, deploying, and scaling web apps without worrying about the underlying hardware or OS.

• Azure Blob Storage (C) is a storage service for unstructured data such as images and videos. It’s not used to deploy or run applications.

• Azure Functions (D) is a serverless compute service for running small pieces of code in response to events. While it abstracts infrastructure, it’s optimized for event-driven and short-lived tasks, not full web apps.

Therefore, Azure App Service is the correct answer because it provides a fully managed, scalable environment specifically for web applications, eliminating the need for managing servers or OS-level tasks.

Question 10:

Your organization needs to ensure that only authorized employees can access certain Azure resources. Which Azure service provides centralized identity management and access control?

A. Azure Active Directory
B. Azure Monitor
C. Azure Security Center
D. Azure DevOps

Answer: A

Explanation:

Managing access to cloud resources is critical to ensuring security and compliance. Microsoft Azure provides several services related to security and identity management.

• Azure Active Directory (A) is Microsoft’s cloud-based identity and access management service. It enables centralized authentication and authorization for users and groups, integrates with on-premises Active Directory, and supports Single Sign-On (SSO) for thousands of applications. Azure AD helps ensure that only authorized employees can access specified Azure resources, making it the best choice for centralized identity management.

• Azure Monitor (B) is a service for collecting, analyzing, and acting on telemetry from Azure and on-premises environments. It is not designed for managing user identities or access.

• Azure Security Center (C) provides unified security management and threat protection across Azure resources, but it does not manage user identities or control access permissions.

• Azure DevOps (D) is a suite of development tools for planning, building, and deploying software, unrelated to identity management.

Hence, the service that best fits the requirement of centralized identity and access management is Azure Active Directory.