AZ-900 Microsoft Azure Fundamentals Practice Exam – Pa

By /

AZ-900 Microsoft Azure Fundamentals Practice Exam – Part 3/3 – 20 Questions with Answers

Practice for the AZ-900 Microsoft Azure Fundamentals exam with 20 multiple-choice questions. Answer each question before the reveal, then review the explanation to understand the reasoning.

This is Part 3/3 in the CertPunch AZ-900 Microsoft Azure Fundamentals practice exam series.

Topics covered: Azure compute, storage, networking, identity, governance, pricing, and core cloud concepts.

More practice: certpunch.com

Chapters:
00:00 Intro
00:16 Question 1 of 20
00:58 Question 2 of 20
01:49 Question 3 of 20
02:32 Question 4 of 20
03:31 Question 5 of 20
05:01 Question 6 of 20
05:56 Question 7 of 20
06:34 Question 8 of 20
07:06 Question 9 of 20
07:37 Question 10 of 20
08:23 Question 11 of 20
09:09 Question 12 of 20
10:02 Question 13 of 20
10:54 Question 14 of 20
11:40 Question 15 of 20
12:37 Question 16 of 20
13:32 Question 17 of 20
14:13 Question 18 of 20
15:04 Question 19 of 20
15:48 Question 20 of 20

What you will practice

  • You are running your web applications on Azure Web Apps and using Azure Cosmos DB for storing data. Which typ…
  • A company needs to establish a secure, encrypted connection from their on-premises VPN device or gateway to a…
  • Which Azure component is ideal for setting up a hierarchical structure that enables applying policies and acc…
  • What is the primary benefit of Single Sign-On (SSO) in a multi-application environment? Correct answer
  • What is the correct order of the Defense in Depth levels, which represent layers of protection in a security…
  • Which powerful, cloud-native solution provides both Security Information and Event Management (SIEM) and Secu…

Answers and explanations

Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.

Q1. You are running your web applications on Azure Web Apps and using Azure Cosmos DB for storing data. Which type of cloud are you making use of? Correct answer

Answer: A. Public

Azure Web Apps and Cosmos DB are public cloud services. Other options describe private, hybrid, or on-premises models not matching the scenario.

Q2. A company needs to establish a secure, encrypted connection from their on-premises VPN device or gateway to an Azure VPN gateway in a virtual network over the internet. What type of VPN connection is used for this purpose? Correct answer

Answer: A. Site-to-site VPN

Site-to-site VPN connects entire networks on-premises to Azure. Point-to-site is for individual devices, not full network connections.

Q3. Which Azure component is ideal for setting up a hierarchical structure that enables applying policies and access controls across a broad scope, such as multiple subscriptions and resource groups?

Answer: B. Management Groups

Management Groups manage policies across subscriptions. Resource groups and subscriptions are lower in the hierarchy, not for broad management.

Q4. What is the primary benefit of Single Sign-On (SSO) in a multi-application environment? Correct answer

Answer: A. Allows a user to sign in once and use the same credentials to access multiple resources and applications from different providers.

SSO enables one login for multiple apps. The other options describe multi-factor auth or more restrictive security models.

Q5. What is the correct order of the Defense in Depth levels, which represent layers of protection in a security strategy?

Answer: B. Physical Security, Identity and Access, Perimeter Security, Network Security, Compute Security, Application Security, Data Security

Correct answer follows the Defense in Depth order starting with physical, then identity, perimeter, network, compute, application, and data security. Option C wrongly places perimeter before network security.

Q6. Which powerful, cloud-native solution provides both Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities for an enterprise, enabling comprehensive threat detection, inves…

Answer: C. Microsoft Sentinel

Correct answer as Microsoft Sentinel is the only service combining both SIEM and SOAR. Option B is the trap; Defender for Cloud focuses on threat protection, not full SIEM/SOAR.

Q7. TRUE or FALSE: Azure Policy can prevent the creation of Azure resources that do not comply with the defined policy configuration. Correct answer

Answer: A. TRUE

Correct answer as Azure Policy can deny resource creation if it violates rules. This is a key feature for governance and compliance.

Q8. TRUE or FALSE: Data transfer in Azure, both inbound and outbound, is free of charge.

Answer: B. FALSE

Outbound data transfer in Azure is charged, while inbound is typically free. This is a core cost concept on the exam.

Q9. TRUE or FALSE: Creating a resource group in Azure results in additional costs.

Answer: B. FALSE

Resource groups are a free organizational tool. Costs are based on the resources within them, not the group itself.

Q10. Which of these is NOT an advantage of the cloud? Correct answer

Answer: A. Trade variable expense for capital expense

This question tests core cloud benefits, focusing on cost models. The correct answer identifies a common misconception: cloud converts capital expense to variable expense, not the reverse.

Q11. If you decide to stop a Virtual Machine (VM) in Azure to save costs, will you still incur any charges? Consider the aspects of compute resources and storage in your answer.

Answer: C. Yes, for storage

Stopping a VM suspends compute charges but storage fees still apply for the OS and data disks, which is a common exam pitfall.

Q12. In a Software as a Service (SaaS) model, customers use fully developed applications provided by the cloud service provider. Which of the following are examples of SaaS applications?

Answer: B. Microsoft Office 365 and Microsoft Dynamics 365

Microsoft Office 365 and Dynamics 365 are classic SaaS examples as users access fully managed applications. The other options represent different service models: PaaS, IaaS, and infrastructure software.

Q13. In cloud computing, various services fall under different categories based on the level of management and control they offer. Which of these is an example of an Infrastructure as a Service (IaaS) offering?

Answer: C. Azure Virtual Machines

Azure Virtual Machines exemplify IaaS by providing infrastructure-level control over operating systems and applications. App Service is PaaS, Office 365 is SaaS, and SQL Database is a PaaS database offering.

Q14. A company wants to move all their operations to the cloud and eliminate the need for an on-premises data center. Which cloud computing model involves hosting everything in the cloud, so that a data center is no longer required?

Answer: B. Public Cloud

Public cloud hosts all resources externally, eliminating on-premises needs. Private and hybrid clouds still require some on-premises infrastructure.

Q15. Azure ExpressRoute allows you to extend your on-premises networks into the Microsoft cloud over a private connection, facilitated by a connectivity provider. This private connection is known as an ExpressRoute Circuit. Which of the followi…

Answer: C. It is a dedicated private connection set up in advance to securely link your on-premises network to Azure.

ExpressRoute provides a dedicated private connection, not public internet or temporary use. Its key feature is a permanent, secure link.

Q16. When dealing with a resource that has been locked in Azure to prevent accidental changes, what are the necessary steps to modify or delete this resource?

Answer: B. To modify or delete a locked resource, you must first remove the lock. After removing the lock, you can perform the desired actions if you have the necessary permissions.

Correct answer requires removing the lock first. Option A is the trap; Microsoft Support isn’t needed for resource locks in Azure.

Q17. You have created a Resource Group in the West Europe region. Can you provision a resource (e.g., a virtual machine) in a different region and attach it to the same Resource Group? Correct answer

Answer: A. Yes

Correct answer as resource groups are logical containers that can hold resources from any region. Option B is the trap; regions don’t restrict resource group membership.

Q18. Which document or resource provides detailed information on the personal data processed by Microsoft, how Microsoft handles this data, and the purposes for which it is used?

Answer: B. Microsoft Privacy Statement

Correct answer because the Privacy Statement details data handling. Option A is the trap; the Service Trust Portal focuses on compliance reports, not privacy practices.

Q19. TRUE or FALSE: You have created a Virtual Network with two subnets – WebSubnet for deploying your VMs, and DbSubnet for deploying your databases. By default, all VMs in WebSubnet can access databases created in DbSubnet. Correct answer

Answer: A. TRUE

TRUE. By default, VNets allow communication between subnets unless restricted by NSGs. This assumes no security policies are blocking the traffic.

Q20. TRUE or FALSE: Permissions/Roles assigned to user at the resource group level are applied/inherited by all resources in the resource group Correct answer

Answer: A. TRUE

Correct answer because permissions at the resource group level apply to all resources within it. This is a core inheritance rule in Azure.

More [NEW] AZ-900 Microsoft Azure Fundamentals drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.

Scroll to Top
Privacy Terms Contact