AZ-900 Practice Test 4

1. You are building an application using Azure virtual machines. As a security requirement at
that time, it is necessary to monitor threats throughout net network. Which Azure service
should you choose?
a. Azure Monitor
b. Azure Security Center
c. Microsoft Entra ID Protection
d. Microsoft Defender for Identity

2. Choose the correct answer to complete the sentence. _________ is used to store secrets
for Microsoft Entra user accounts
a. Azure Key Vault
b. Microsoft Entra administrator account
c. Personally Identifiable Information (PII)
d. Server application

3. You are building a mechanism to store log files using blob storage. This data is rarely
accesed. Please choose the most cost-optimal storage access tier.
a. Hot
b. Cool
c. Archive
d. Standard

4. You are considering an architecture configuration using Azure. Please select the correct
description for an availability set feature.
a. Fault domains are affected during an Azure maintenance reboot
b. Update domains share common power supplies, network equipment, etc.
c. A maximum of 20 update domains can bet set
d. A maximum of 10 fault domains can be set

5. Choose the best solution for connecting virtual networks between regions.
a. Virtual network peering
b. Site-to-site VPN
c. Global virtual network peering
d. ExpressRoute

6. Select “Yes” if the following statement is true, otherwise select “No”. Using Azure virtual
machines instead of traditional servers improves fault tolerance
a. Yes
b. No

1
7. Select “Yes” if the following statement is true, otherwise select “No”. Using Azure virtual
machines instead of traditional servers makes data backup and protection completely
automatic.
a. Yes
b. No

8. Select “Yes” if the following statement is true, otherwise select “No”. The Azure side
performs patch management for software on Azure virtual machines
a. Yes
b. No

9. Select “Yes” if the following statement is true, otherwise select “No”. Azure Information
Protection can troubleshoot using scanner diagnosis tools.
a. Yes
b. No

10. Select “Yes” if the following statement is true, otherwise select “No”. You can configure
MFA for identities by deploying a federation solution.
a. Yes
b. No

11. Select “Yes” if the following statement is true, otherwise select “No”. On-premises
identities need to be synced to the cloud when setting up MFA for identities.
a. Yes
b. No

12. Select “Yes” if the following statement is true, otherwise select “No”. Creating a new
resource group incurs additional costs in Azure.
a. Yes
b. No

13. How is virtual machine’s uptime calculated?

a. Downtime time in minutes / maximum available minutes x 100
b. Maximum available minutes / 60 x 99.99
c. (max available minutes – downtime time in minutes) / max available minutes x 100
d. (maximum minutes available – downtime time in minutes) / 60 x 100
e. Downtime time in minutes / 1440 x 99.90

14. You have an Microsoft Entra tenant associated with your Azure subscription. All admins
are required to enter a verification code to access the Azure portal. In doing so,
administrators should only be able to access the Azure portal from the on-premises
network. Choose the best solution to achieve this.
a. Microsoft Entre Identity Protection
b. Setting up multi-factor authentication
c. Use the default settings for all roles in Microsoft Entra Privileged Identity
Management
d. Microsoft Entra Identity Protection sign-in risk policy

2
15. Which cloud computing model allows you to run and deploy your own system, without
the need to manage the operating system?
a. PaaS
b. IaaS
c. SaaS
d. DaaS

16. Which are the correct descriptions of Azure Resource Manager’s functionality? Please
select three.
a. Resource group settings
b. Tagging resources
c. Deploying resources with ARM templates
d. Getting Activity Logs
e. Confirming billing details

17. Your company is developing two applications. How would you configure each application
to isolate them from each other and allow independent development?
a. Separate Availability Zones
b. Separate regions
c. Separate subnets
d. Separate virtual networks

18. Your company need a VPN connection between Azure and you on-premises environment.
Which is the best network component to use in this scenario? Please select two.
a. Customer gateway
b. Virtual network gateway
c. Local network gateway
d. NAT gateway
e. Private gateway

19. You are preparing to run an Azure PowerShell script from your Linux computer. What kind
of preparation do you need to do before this? Please select the two most appropiate steps.
a. Install PowerShell software
b. Install PowerShell Core
c. Install Azure PowerShell Core
d. Install PowerShell Terminal
e. Install the Azure PowerShell module

20. Your company is planning a hybrid cloud that uses an on-premises environment and Azure.
Currently, you use Active Directory Domain Service for user management in the office.
Which of the following is the best solution for using information from on-premises to
manage users in Azure?
a. Synchronize with the MFA feature of Microsoft Entra
b. Introduce an Azure policy to enable user account linkage
c. Deploy Microsoft Entra Connect to synchronize information
d. Implement Microsoft Entra and enable user account linkage

3
21. Select “Yes” if the following statement is true, otherwise select “No”. Azure virtual
machines are billed by the second.
a. Yes
b. No

22. Select “Yes” if the following statement is true, otherwise select “No”. Azure virtual
machines are priced differently across availability zones within the same region.
a. Yes
b. No

23. You are looking to streamline compliance management within your subscription using
Azure Blueprints. Select the all correct descriptions of Azure Blueprint’s features.
a. Ability to assign Azure policies
b. Ability to standardize resource tags
c. Ability to template Azure resources
d. Ability to Role-Based Permissions (RBAC)

24. You want to monitor activities conducted by users and take steps to store this data. Please
select the three best services to help do this.
a. Azure Monitor
b. Azure Event Hubs
c. Azure Storage
d. Azure Data Factory
e. Azure logs

25. Your company has configured a hybrid cloud with an on-premises environment and Azure.
It is necessary to develop a way to integrate monitoring of on-premises servers and Azure
virtual machines. Which solution is best for this?
a. Azure Monitor Log Analytics
b. Azure Monitor Logs Monitor
c. Azure Event Hubs
d. Azure Monitor logs

26. Select “Yes” if the following statement is true, otherwise select “No”. Azure enables
immediate global infrastructure deployment.
a. Yes
b. No

27. Select “Yes” if the following statement is true, otherwise select “No”. Zones in Azure are
the same as availability zones.
a. Yes
b. No

28. Select “Yes” if the following statement is true, otherwise select “No”. When monitoring
Azure resources, it is necessary to manage them for each region separately.
a. Yes
b. No

4
29. Select “Yes” if the following statement is true, otherwise select “No”. No additional cost
is required when using Azure globally across multiple regions.
a. Yes
b. No

30. You need a way to move Azure resources in one subscription to another. Which of the
following are the correct details about this topic? Please select two options.
a. Resources cannot be moved between subscriptions
b. There is a fee for moving resources between subscriptions
c. Some resources can be moved between subscriptions, but not all resources
d. During the move, the resources being moved and target resource groups are locked
e. During the move, the resources being moved and target resource groups are limited

31. You subscribe to an Azure support plan and would like to be able to receive telephone
support. Which support plan should you subscribe to in order to get this? Please select
three.
a. Professional Direct
b. Standard
c. Developer
d. Basic
e. Premier Support for Enterprise

32. You would like to subscribe to an Azure support plan that will allow you to receive design
review based on your company’s requirements. Which support plan should you subscribe
to? Choose one suitable support plan.
a. Professional Direct
b. Standard
c. Developer
d. Basic
e. Premier

33. Which type of preview is the second phase of the release process for new Azure services?
a. Private preview
b. Public preview
c. User preview
d. Limited preview

34. You are building a web application using multiple Azure virtual machines. You should
assign the same permissions to all virtual machines. Choose one of the best solutions to
set permissions efficiently.
a. Boot the virtual machines in the same virtual network
b. Set the virtual machines in the same resource group
c. Set the same Azure policy for the virtual machines
d. Set the same network security group for the virtual machines

5
35. Currently you have created 5 virtual networks in one region and launched 6 Azure virtual
machines in each virtual network. You should set the minimal number of network security
group to control traffic for these virtual machines. Choose the correct number of network
security groups.
a. 5
b. 6
c. 30
d. 1

36. You have built your application using Azure virtual machines. This application distributes
video content. Choose the one best solution for improving its delivery processing
performance.
a. Azure CDN
b. Azure DNS
c. Azure Databricks
d. Azure Cache for Redis

37. Select “Yes” if the following statement is true, otherwise select “No”. You can create
resource groups within other resource groups.
a. Yes
b. No

38. Select “Yes” if the following statement is true, otherwise select “No”. You can grant
permissions to all Azure resources within a resource group by setting access permissions
on the resource group.
a. Yes
b. No

39. Select “Yes” if the following statement is true, otherwise select “No”. Platform as a Service
(PaaS) solutions provide useful capabilities for developing custom applications.
a. Yes
b. No

40. Select “Yes” if the following statement is true, otherwise select “No”. Software as a Service
(SaaS) solutions require users to apply software updates.
a. Yes
b. No

41. Select “Yes” if the following statement is true, otherwise select “No”. Azure China is a
group of Azure instances in China that is operated by Microsoft.
a. Yes
b. No

6
42. Which of the following Azure management tools can be used to download data stored in
Azure Storage online? Please choose two.
a. Azure Data Box
b. Azure Storage Explorer
c. Azure Resource Explorer
d. AzCopy

43. Select “Yes” if the following statement is true, otherwise select “No”. If you have created
Azure resources using a service in public preview, you will not be able to continue using
those resources after the service becomes available to the general public.
a. Yes
b. No

44. You need to create an Azure resource that defines a VPN appliance using a specific IP
address within your company. Which Azure resource should you create?
a. Local network gateway
b. NAT gateway
c. Virtual network subnet
d. VPN gateway

45. Which service should you use to limit incoming traffic based on threat intelligence to the
5 virtual networks you’re running?
a. Azure Firewall
b. Azure ExpressRoute
c. Virtual network gateways
d. Application Security Group (ASG)

46. Select “Yes” if the following statement is true, otherwise select “No”. You can apply tags
to resources using Azure policies.
a. Yes
b. No

47. Select “Yes” if the following statement is true, otherwise select “No”. “Authentication” in
the Microsoft identity platform is the process of validating a user’s credentials.
a. Yes
b. No

48. Select “Yes” if the following statement is true, otherwise select “No”. “Federation” in the
Microsoft identity platform can authorize authenticated users to perform a specific action.
a. Yes
b. No

49. Select “Yes” if the following statement is true, otherwise select “No”. You can add multiple
tags to the same Azure resource.
a. Yes
b. No

7
50. Select “Yes” if the following statement is true, otherwise select “No”. You can set multiple
delete locks on the same Azure resource.
a. Yes
b. No

51. Select “Yes” if the following statement is true, otherwise select “No”. Locks granted to
resource groups are inherited by the resources they belong to.
a. Yes
b. No

52. Choose the correct answer to complete the sentece. The ability to deploy applications and
data across multiple regions using the cloud is called _____________.
a. Elasticity
b. Agility
c. Geographical distribution
d. Scalability

53. Choose the correct answer to complete the sentence. Increasing computing capacity in
response to demand is called ____________.
a. High availability
b. Geo-replication
c. Scalability
d. Disaster recovery

54. Choose the correct answer to complete the sentence. Being able to continue using the
system without causing critical downtime, even if a virtual machine instance fails, is called
_____________.
a. High availability
b. Elasticity
c. Scalability
d. Disaster recovery

55. Choose the correct answer to complete the sentence. Optimizing the user experience by
deploying a globally available application in multiple regions close to the user is called
_____________.
a. Geo traffic distribution
b. Geo-replication
c. Global replication
d. Disaster recovery

56. Select “Yes” if the following statement is true, otherwise select “No”. Blob storage archive
access tiers can be set for storage accounts.
a. Yes
b. No

8
57. What are the characteristics of a public cloud compared to an on-premises environment?
Please select two.
a. Reserved pricing is available for public clouds.
b. Public cloud allows for self-service management
c. Pay-as-you-go model can be used on the public cloud
d. The public cloud allows for exclusive use of physical hardware
e. Public cloud is a capital expense

58. Select “Yes” if the following statement is true, otherwise select “No”. Azure Virtual
Desktop (AVD) charges a monthly access fee per active user.
a. Yes
b. No

59. Which OS can be used on Azure Virtual Desktop (AVD)? Please select all applicable options.
a. MacOS client
b. Microsoft Store client
c. Android client
d. iOS client

60. Which of the following are used for accessing Azure Files? Please select three.
a. SMB
b. NFS
c. SAS
d. SCSI
e. Azure Files REST API

61. What is the best way to migrate user account information from on-premises Active
Directory to Azure?
a. Synchronize account information using Password Hash Synchronization (PHS)
b. Synchronize user account information in the on-premises environment by using the
Microsoft Entra migration function
c. Synchronize user account information with Microsoft Entra Domain Service (ADDS)
functionality

62. Select “Yes” if the following statement is true, otherwise select “No”. There is a penalty
for deleting data in the cool access tier of Azure Storage Blob within 30 days.
a. Yes
b. No

63. You are building an IoT solution. Choose the best central management solution to connect,
monitor and manage your IoT devices.
a. IoT Central
b. Azure IoT Hub
c. IoT Edge
d. Azure IoT Solution Accelerator

9
64. Which storage can be used as a data volume to store virtual machine data?
a. Azure Blob Storage
b. Azure Files
c. Azure Table Storage
d. Azure Queue Storage

65. Select “Yes” if the following statement is true, otherwise select “No”. Data center
electricity bill payments are counted as operating expenses (OpEx)
a. Yes
b. No

66. Select “Yes” if the following statement is true, otherwise select “No”. If you create two
Azure virtual machines of the same size, each will always have the same monthly cost.
a. Yes
b. No

67. Choose the correct answer to complete the sentence. If Microsoft plans to end support for
an Azure service that does not have a successor service, Microsoft will provide at least
__________ notice.
a. 12 months
b. 6 months
c. 90 days
d. 30 days

68. Your company plans to build a billing application on Azure. To do so, it is necessary to
install some applications and software on the server in advance. Which cloud model does
this best match?
a. Software as a Service (SaaS)
b. Platform as a Service (PaaS)
c. Infrastrucure as a Service (IaaS)
d. Desktop as a Service (DaaS)

69. Your company uses an on-premises Active Directory to manage 3,000 user accounts. The
company plans to migrate all network resources to Azure and decommission its on-
premises data center. Which solution should you use to minimize the impact on user
management?
a. Implement Azure Multi-Factor Authentication (MFA)
b. Synchronize all ActiveDirectory user accounts to Microsoft Entra
c. Instruct all users to change their passwords
d. Create a guest user account in Microsoft Entra for each user

10