Azure AZ-900 Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for Microsoft Azure Fundamentals (AZ-900) topics such as cloud concepts, shared responsibility, Azure architecture, service categories, cost management, governance, monitoring, and support choices. AZ-900 rewards clean classification: cloud model first, then Azure service or management tool.

Where these questions fit in the AZ-900 guide

The sample set below is part of the Microsoft AZ-900 guide path:

• Microsoft certification hub
• AZ-900 exam guide
• AZ-900 cheat sheet
• AZ-900 study plan
• AZ-900 FAQ
• AZ-900 resources
• AZ-900 glossary

AZ-900 cloud and Azure service sample questions

Work through each prompt before opening the explanation. These questions stay at the fundamentals level, but they still use scenario clues instead of isolated vocabulary prompts.

---

Question 1

Topic: Choosing the right cloud model

A company wants to run a legacy application on virtual machines in Azure. The operations team still needs control over the guest operating system, installed middleware, and application patches. Which cloud service model best fits this requirement?

• A. Software as a Service, because Microsoft manages all application behavior.
• B. Platform as a Service, because the company should not manage runtime configuration.
• C. Infrastructure as a Service, because the company manages the guest OS and application stack on cloud infrastructure.
• D. Serverless only, because all Azure workloads must avoid virtual machines.

Best answer: C

Explanation: Virtual machines with customer control over the guest operating system are the classic IaaS pattern. Microsoft provides the underlying cloud infrastructure while the customer manages more of the software stack.

Why the other choices are weaker:

• A describes a complete application delivered by a provider, not customer-managed VMs.
• B reduces infrastructure management but does not match the required OS control.
• D overstates serverless and ignores valid VM-based Azure workloads.

What this tests: Separating IaaS, PaaS, SaaS, and serverless from scenario requirements.

Related topics: IaaS; Cloud models; Virtual machines; Shared responsibility

---

Question 2

Topic: Understanding shared responsibility

A team deploys an Azure virtual machine that stores customer files. They ask who is responsible for configuring access to the files and keeping the guest operating system patched. What is the strongest AZ-900 answer?

• A. The customer is responsible for data access controls and guest OS patching for the virtual machine.
• B. Microsoft is responsible for every security setting because the VM is hosted in Azure.
• C. The customer is responsible only for physical datacenter security.
• D. No one is responsible after the VM is deployed because cloud resources are automatically secure.

Best answer: A

Explanation: In IaaS, Microsoft secures the physical datacenter and underlying cloud platform, but the customer still owns data, identities, access configuration, applications, and guest OS responsibilities unless a managed service shifts that boundary.

Why the other choices are weaker:

• B ignores customer responsibilities in IaaS.
• C reverses the boundary; physical facilities are Microsoft responsibilities.
• D is unsafe and contradicts shared responsibility.

What this tests: Applying shared responsibility to Azure virtual machine scenarios.

Related topics: Shared responsibility; Security; Virtual machines; Customer responsibility

---

Question 3

Topic: Enforcing required tags

A finance team wants every new Azure resource in a subscription to include a cost-center tag. Deployments that omit the tag should be blocked automatically. Which Azure capability is the best fit?

• A. Azure Service Health, because it reports service incidents.
• B. Azure Monitor, because it collects metrics and logs.
• C. Microsoft Entra ID, because it stores user accounts.
• D. Azure Policy, because it can enforce governance rules such as required tags.

Best answer: D

Explanation: The stem asks for automatic governance enforcement at deployment time. Azure Policy is the AZ-900-level answer for evaluating and enforcing resource rules such as allowed locations, naming, and required tags.

Why the other choices are weaker:

• A helps track Azure service issues, not tag compliance.
• B is for observability, not policy enforcement.
• C handles identity and access, not resource-compliance rules by itself.

What this tests: Distinguishing governance enforcement from monitoring, service health, and identity.

Related topics: Azure Policy; Tags; Governance; Compliance

---

Question 4

Topic: Choosing a monitoring tool

An operations team wants to collect metrics from Azure resources, create alerts when thresholds are crossed, and review logs from applications and infrastructure. Which service family should they use first?

• A. Azure Cost Management, because it forecasts spend.
• B. Azure Monitor, because it provides metrics, logs, alerts, and observability across Azure resources.
• C. Azure Marketplace, because it lists third-party products.
• D. Azure Advisor, because it provides recommendations after analyzing resource configuration.

Best answer: B

Explanation: Metrics, logs, and alerts are Azure Monitor clues. AZ-900 often tests whether you can separate monitoring from recommendations, billing, and marketplace procurement.

Why the other choices are weaker:

• A is cost-focused, not observability-focused.
• C is for discovering and procuring offerings.
• D can recommend improvements, but it is not the primary metrics-and-logs platform.

What this tests: Matching management and governance tools to the job described in the stem.

Related topics: Azure Monitor; Metrics; Logs; Alerts

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by Microsoft or any certification body.