MC Microsoft Certified Azure Fundamentals Study Guide E-Book

Table of Contents

Cover

Table of Contents

Title Page

Copyright

Acknowledgments

About the Author

About the Technical Editor

Introduction

Assessment Test

Answers to Assessment Test

Chapter 1: Cloud Concepts

Understanding Cloud Computing

Benefits of Cloud Computing

Financial Models

Cloud Computing Models and Responsibilities

Public, Private, and Hybrid Cloud Models

Summary

Exam Essentials

Review Questions

Chapter 2: Azure Core Services

Core Azure Architectural Components

Azure Subscriptions and Billing Scope

Core Azure Services

Core Data Services

Serverless Computing Solutions

Microsoft Marketplace

Summary

Exam Essentials

Review Questions

Chapter 3: Azure Storage and Migration

Core Azure Storage

Storage Redundancy

Storage Migration

Summary

Exam Essentials

Review Questions

Chapter 4: Azure Core Networking Services

Networking Concepts

Virtual Networks

Load Balancers

VPN Gateway

Content Delivery Networks

Summary

Exam Essentials

Review Questions

Chapter 5: Identity, Access, and Security

Network Security

Authentication and Authorization

Security Tools and Features

Summary

Exam Essentials

Review Questions

Chapter 6: Azure Monitoring, Governance, and Compliance

Azure Governance Methodologies

Microsoft Purview

Azure Monitoring and Reporting Options

Compliance and Data Protection Standards

Summary

Exam Essentials

Review Questions

Chapter 7: Azure Pricing, Service Levels, and Lifecycle

Purchasing Azure Services

Planning and Managing Azure Costs

Service Level Agreements

Service Lifecycles

Summary

Exam Essentials

Review Questions

Chapter 8: Creating and Managing Azure Resources

Azure Management Tools

Creating and Managing Resources

Summary

Exam Essentials

Review Questions

Appendix Answers to Review Questions

Chapter 1: Cloud Concepts

Chapter 2: Azure Core Services

Chapter 3: Azure Storage and Migration

Chapter 4: Azure Core Networking Services

Chapter 5: Identity, Access, and Security

Chapter 6: Azure Monitoring, Governance, and Compliance

Chapter 7: Azure Pricing, Service Levels, and Lifecycle

Chapter 8: Creating and Managing Azure Resources

Index

Advertisement

End User License Agreement

List of Illustrations

Chapter 1

Figure 1.1 A hybrid cloud scenario.

Figure 1.2 Horizontal scaling adds resources when they are needed and removes them when no ...

Figure 1.3 Vertical scaling adjusts the capacity of existing resources to accommodate deman...

Figure 1.4 Microsoft 365 is an example of a SaaS offering.

Figure 1.5 A simplified illustration of a virtualized SharePoint farm in Azure.

Figure 1.6 Creating a web app named JBTestApp99 to use ASP.NET 4.9 and run on Windows.

Figure 1.7 IaaS, PaaS, and SaaS are all categories of cloud computing and share a nested re...

Figure 1.8 The three categories of Azure cloud computing have different levels of shared re...

Chapter 2

Figure 2.1 The relationships between geographies, regions, region pairs, and data centers.

Figure 2.2 Availability zones offer an additional layer of service availability.

Figure 2.3 Creating a resource in Azure.

Figure 2.4 Billing scopes for a Microsoft Customer Agreement account.

Figure 2.5 A shared application is an example of multitenancy.

Figure 2.6 Multiple guest VMs on a physical host.

Figure 2.7 Availability sets distribute VMs across multiple fault domains and update domains.

Figure 2.8 An example of a container group.

Chapter 3

Figure 3.1 Azure Files can be accessed in many different ways by applications and users.

Figure 3.2 A table storage account can encompass multiple tables and data entities.

Figure 3.3 Locally redundant storage replicates data across one or more availability zones ...

Figure 3.4 Zone-redundant storage copies data across multiple physical data centers.

Figure 3.5 GRS and GZRS both create copies in a paired secondary region, but GZRS uses thre...

Chapter 4

Figure 4.1 A simple home network.

Figure 4.2 The load-balancing services in Azure can work individually or in concert, as in ...

Figure 4.3 A VPN connection establishes a secure tunnel between networks.

Figure 4.4 ExpressRoute establishes a secure route from your on-premises network to Azure.

Figure 4.5 A CDN places content close to users geographically.

Chapter 5

Figure 5.1 Use Azure Firewall to scan and filter network traffic.

Figure 5.2 Web Application Firewall works in conjunction with the Application Gateway, Fron...

Figure 5.3 A network security group is a simple firewall offering in Azure.

Figure 5.4 Management groups serve as containers for subscriptions and enable you to contro...

Figure 5.5 Group role assignment is transitive.

Figure 5.6 RBAC uses an additive model to apply permissions.

Figure 5.7 External identities enable consumers and business partners to interact with reso...

Figure 5.8 Workforce and external tenants enable collaboration in different ways.

Figure 5.9 The Secure Score report helps you visualize current security posture and identit...

Chapter 6

Figure 6.1 Azure Monitor encompasses multiple services and features to enable you to collec...

Figure 6.2 You can view health data for resources in the Azure Service Health environment.

Figure 6.3 You can view health data for resources in your Azure environment and create rule...

Figure 6.4 Use Azure Advisor to optimize resources through actionable recommendations based...

Chapter 7

Figure 7.1 Begin in the Pricing Calculator by selecting the products to include in your solution.

Figure 7.2 Specify the options for each resource.

Figure 7.3 Use Azure Advisor to help manage costs.

Chapter 8

Figure 8.1 You can use the Azure portal to manage most Azure resources.

Figure 8.2 The Compute category is selected in the Azure portal with all Compute resources ...

Figure 8.3 The Azure Cloud Shell running Azure PowerShell.

Figure 8.4 You can quickly access the Cloud Shell from the Azure portal.

Figure 8.5 Use Azure Arc to extend management and governance to non-Azure resources.

Figure 8.6 Use the Resource Groups page to create and manage resource groups.

Figure 8.7 Enter information to create your first storage account.

Figure 8.8 A storage account created in Azure called jimboycestorage1.

Figure 8.9 Use the Azure Storage Explorer to view storage in Azure.

Figure 8.10 You can choose among several options when creating a preconfigured VM.

Figure 8.11 Viewing status of a VM in the Azure portal.

Figure 8.12 Use the Create SQL Database page to create an instance of a SQL database.

Figure 8.13 The Azure portal shows the status of a newly created SQL Database instance.

Figure 8.14 Use All Resources to view and manage your Azure resources.

List of Tables

Chapter 2

Table 2.1 Billing Scopes for Microsoft Online Services Program

Table 2.2 Billing Scopes for Enterprise Agreements

Table 2.3 Billing Scopes for Microsoft Customer Agreements

Chapter 3

Table 3.1 Standard Storage Service Endpoints

Guide

Cover

Table of Contents

Title Page

Copyright

Acknowledgments

About the Author

About the Technical Editor

Introduction

Assessment Test

Answers to Assessment Test

Begin Reading

Appendix: Answers to Review Questions

Index

Advertisement

End User License Agreement

Pages

iii

iv

v

vi

vii

viii

xvii

xviii

xix

xx

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

xlv

xlvi

xlvii

xlviii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

MC Microsoft Certified Azure FundamentalsStudy Guide

Exam AZ-900

Second Edition

Copyright © 2026 by John Wiley & Sons, Inc. All rights reserved, including rights for text and data mining and training of artificial intelligence technologies or similar technologies.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

The manufacturer’s authorized representative according to the EU General Product Safety Regulation is Wiley-VCH GmbH, Boschstr. 12, 69469 Weinheim, Germany, e-mail: [email protected].

Trademarks: Wiley and the Wiley logo, and the Sybex logo, are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and the authors have used their best efforts in preparing this work, including a review of the content of the work, neither the publisher nor the authors make any representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. For product technical support, you can find answers to frequently asked questions or reach us via live chat at https://sybexsupport.wiley.com.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data Applied For:

Paperback ISBN: 9781394350018

ePDF ISBN: 9781394350025

ePub ISBN: 9781394350032

Cover Design: Wiley

Cover Image: © Jeremy Woodhouse/Getty Images

Acknowledgments

I’ve written more than 65 books over the past 30+ years, and each has been a unique experience. With every book, however, success comes from a team approach. Once again, I need to thank the members of the team who helped bring this book together.

First, thanks to Kenyon Brown for bringing me this opportunity and helping to get it off the ground. Thanks also to my agent, Carole Jelen, for all she has done through the years and for this project. Many thanks also to Adaobi Obi Tulton, the book’s project editor, and to Doug Holland, the technical editor for this project, who I suspect has forgotten more about Azure than I know. Thanks also go to Kezia Endsley, the book’s copyeditor, and to Navin Vijayakumar, Managing Editor, for all the help they have provided. Last but not least, thanks also to Maduramuthu Krisharaj for helping polish the content, and to all of the other people who push the buttons and move the levers to turn words on virtual paper into a finished product.

About the Author

Jim Boyce has been involved in IT since the late 1970s in a wide range of roles. He has been a structural steel designer, CAD operator and trainer, college instructor, consultant, ISP owner, and freelance author. He was a director at Xerox, where he managed globally distributed teams providing managed services for Windows Server and collaboration platforms, including SharePoint and Documentum. Over the past 14 years, Jim has held multiple roles as an individual contributor and people manager at Microsoft, including Technical Account Manager, Delivery Management Manager, and now Principal Customer Success Account Manager. In a writing career spanning over 30 years, Jim has written more than 65 books and upward of a thousand articles for many print and online publications, including InfoWorld, TechRepublic.com, WINDOWS Magazine, and Microsoft.com. He has also created video training content for WatchIT and Lynda.com (now LinkedIn Learning). In his spare time, he works on construction and woodworking projects; flies model aircraft, drones, and full-sized aircraft; and participates as a coach and unified player for Special Olympics.

About the Technical Editor

Doug Holland is the founder and principal software engineer at Intrepid Reality. He holds a master’s degree in software engineering from Oxford University and has been recognized for his technical leadership as a Microsoft MVP and Intel Black Belt Developer. Before founding Intrepid Reality, Doug’s career spanned almost 25 years at companies such as Microsoft Corporation, Intel Corporation, and Hewlett Packard.

Introduction

I currently manage the support and proactive services experience for a portfolio of Microsoft customers, many of whom have either already made a significant transition from on-premises to Azure or are in the process of evaluating a move to Azure. Some of the customers I’ve managed are very large enterprise customers with massive Azure implementations that spend millions of dollars a month in Azure, while others are very small and have very small Azure footprints.

I field questions daily about Azure services, deployment strategies, and proactive services designed to not only educate our customers on Azure and Microsoft 365 but also assist them in planning, deploying, and supporting their Azure and M365 workloads.

Continuing technical training is one of the commitments that most Microsoft employees have in addition to the core responsibilities of their roles. As part of that commitment, I completed the AZ-900 Microsoft Azure Fundamentals Certification several years ago. The certification helped broaden my background across the entire Azure service portfolio. It also reinforced my understanding that not only highly technical roles benefit from the training and certification—less technical roles benefit from the certification as well.

That’s the approach I’ve taken for this book. The content is intended to help you understand the requirements of the AZ-900 Fundamentals exam and prepare to successfully pass the exam. The book does not go deep in Azure but rather focuses on core concepts, services, and resources in Azure that are covered by the exam objectives. The goal of the AZ-900 exam is not to give you a technical depth in Azure, but rather to give you a broad understanding that will enable you to understand the benefits that Azure offers and begin to integrate Azure into your role, whether technical or not.

Microsoft AZ-900 Certification Exam

Microsoft currently offers over 30 certifications at many levels across the Azure cloud offering, ranging from fundamental to very technical. The AZ-900 exam and certification should be the first certification step in your Azure certification path if you do not yet have a fundamental understanding of cloud offerings and Azure in particular. So, whether you are interested in certification in Azure solutions, data, AI, or other areas, your certification path often begins with AZ-900.

The following sections explore the certification paths and process in more detail.

How Do You Become Certified on Azure?

As explained earlier, Microsoft currently offers over 30 certifications for Azure. Obviously, fundamentals is one certification area, but there are multiple certification paths for Azure administration, app development, data, AI, security, DevOps, IoT, and Power Platform, to name some. These certifications are currently supported by many exams. Even if you plan to pursue certification in, for example, Azure AI, you should consider AZ-900 Fundamentals to give you a broader understanding of Azure; the knowledge you gain will supplement your understanding of your selected certification. It will also help you leverage and integrate additional Azure workloads in your area of specialization.

Becoming certified in Azure is relatively simple. Choose the certification you want to achieve, work through the prescribed learning path for the certification, prepare for the exam, and pass it. Preparation can take many forms, and this book is intended to be your primary one. People have different learning styles, varying backgrounds and experiences, differing amounts of time to study, and so on. So, this book can be one of a handful of key resources you use to prepare for the exam.

To begin, work through the chapters of this book and develop a strong understanding of the questions and answers offered in each one. Practice does make perfect, so consider working through additional practice test options before taking the exam. Microsoft offers some knowledge checks online within the content at the following URL:

docs.microsoft.com/en-us/learn/certifications/azure-fundamentals

You will also find other sample test options online, some for free and some for a fee. All of them provide good additional preparation for the exam. The more questions you work through before taking the exam, the more likely you are to be successful on your first attempt.

Types of Exam Questions

I have tried to model the sample questions in this book as closely to the types of questions you will see in the official AZ-900 exam. Because the test is online, however, some types of questions are difficult to model in print. The following sections explore the types of questions you will experience in the official, online AZ-900 exam.

Multiple Choice

These are generally straightforward and come in two variants. The first is a simple question followed by a selection of possible answers. The test question indicates whether there is a single answer or multiple correct answers. Each correct response counts toward your point total. Example (you would choose one answer):

Which one of the following provides container orchestration services for containers in Azure?

Azure Container Instances (ACI)

Azure Kubernetes

Azure Logic Apps

Azure Container Orchestration Services

Many multiple-choice questions are scenario based, describing a planning, deployment, or management scenario, followed by a question about the scenario. Example (you would choose one or more correct solutions):

You are the IT director for Contoso Corporation. Your CIO has asked you to recommend a solution that will enable the development team to quickly deploy VMs for testing applications. The solution must provide flexibility but also result in the least cost. Which of the following solutions meets these requirements?

Drag-and-Drop and Select Questions

Drag-and-drop questions provide a list of answers that you must match with a corresponding description. For example, the answers might include Disaster Recovery, Fault Tolerance, Low Latency, and Dynamic Scalability. You would drag each of these answers into a box beside the correct description of each.

Select questions describe a scenario and you must choose the correct answer from a drop-down list that typically offers three possible answers. Example:

Which cloud deployment model is used for Azure VMs and Azure SQL Database instances?

(You would choose Infrastructure-as-a-Service from a drop-down list beside Azure VMs and choose Platform-as-a-Service from the drop-down list beside Azure SQL Database.)

Yes/No Questions

These questions typically include three questions related to a specific topic and are essentially a collection of true or false questions. You answer by selecting either Yes or No beside each one. Example (for each you would select Yes or No):

Azure resources can access other resources only in the resource group in which they reside. Yes No

Deleting a resource group also deletes all resources in the group. Yes No

A resource group can include resources from multiple Azure regions. Yes No

Text Replacement Questions

These questions offer a statement with part of the statement underlined. The statements sometimes include leading sentences providing additional information. The question offers four options, A through D. Three offer alternative text that you would use in place of the underlined text to make it correct. Or, you choose the answer No change is needed if the underlined text is correct. Example:

Azure Data Lake Analytics is a PaaS solution that enables you to query data in a data lake and build visualizations without deploying hardware or supporting services.

is built on SQL Managed Service to provide analytics for large SQL implementations

is a component of Azure IoT Central that provides deep analysis of IoT telemetry

integrates with Azure DevTest Labs to provide code analysis capabilities

No change is needed.

In this example, the underlined text makes the statement correct, so the appropriate answer is D (no change is needed). But, if Azure Data Lake Analytics were instead a component of Azure IoT that provided deep analysis of IoT telemetry (it is not), then you would choose B.

Achieving AZ-900 Fundamentals Certification

The previous sections have explored the concepts surrounding AZ-900 certification. The following sections offer guidance on preparing and registering for the exam, and for taking the exam.

Preparing for the Exam

Each person has a unique learning style, and one preparation method is not necessarily the best for everyone. However, the following list of preparation methods will help anyone be successful if used as a whole:

Studying:

This book obviously provides a great set of resources for learning about Azure fundamentals, but you might prefer a deeper discussion of some topics to help you better understand them. Many online sources are available, but Microsoft’s website is perhaps the best, most authoritative source. When I need to go deeper in a particular topic, I usually open Bing in a browser and use a search similar to the following, specifying where to confine the search and the search terms (replace

Service Health

with the topic you need to find):

site:

docs.microsoft.com

Azure Service Health

.

Your favorite AI partner:

I often use Copilot to gain insight and understanding in a particular area or topic. I’ve used ChatGPT, as well. You can ask both to create sample questions for you for a specific topic, and both will return the questions with answers and explanations.

Hands-on experience:

You can create a free Azure subscription that provides a monthly credit that you can use to deploy and experiment with Azure resources and services. Although you can’t feasibly experience all of Azure this way (you’re unlikely to deploy Azure Data Lake and begin mining data), but you can at least explore basic concepts and resources such as VMs, virtual networking, and so on. Equally important, you can gain an understanding of and experience with the Azure portal and other management tools covered by the AZ-900 exam.

Sample tests:

The test questions in this book are designed to cover the exam objectives outlined by Microsoft for the AZ-900 exam. However, it’s a good idea to use additional sample test resources to prepare for the test. Not only does this expose you to a broader base of questions, but it helps avoid the “memorize the question and answer” issue that often arises from using a single sample source. This is particularly important because the questions in this book are not taken verbatim from the exam, nor are most of the sample questions you’ll find from other sources.

Registering for the Exam

When you feel confident in your ability to pass the exam, your next step is to register for the exam. To do so, navigate to docs.microsoft.com/en-us/learn/certifications/exams/az-900. There you will find information about the exam and links to register for the exam with a testing provider. The test might be administered in person at a testing site or remotely. In either case, you will need to provide photo identification when registering and provide that same identification when you take the exam.

You will not be able to use any electronic devices or other resources during the exam. If taking the exam remotely, your device must have a camera through which a proctor can watch you throughout. The proctor will also ask you to turn the camera around the room to ensure that you are not using any other resources to look up the answers.

Taking the Exam

Unless you already have a strong background in Azure and taking the AZ-900 exam is a formality, I recommend you set aside a few days to prepare for the exam even after you complete your training and study. Spend several hours reviewing the material and the practice questions. Ensure that you are well rested on the day of the exam.

When you are taking the exam, carefully read through each question in full, even if you think you know the intent of the question from samples that you have seen. Be deliberate about each question. As you review the possible answers, consider that one answer might provide a more complete answer than another, and choose the one that most completely suits the question. Think carefully about the scenario outlined by each question when choosing your answer.

Here is a summary of points to help you be successful:

Arrive or go online early to give yourself time to review content and mentally prepare for the exam.

As emphasized previously, read each question carefully and don’t jump to a snap answer. Be deliberate about reading each question and choosing the correct answer.

Answer all questions as you go along in case you run out of time. You will likely have time when you finish to go back through your answers and adjust as needed any answers you were unsure of on the first pass.

Sometimes the additional information included in a question is relevant to the answer, but in others it only colors the scenario. Know that there are no trick questions. Read carefully to understand the intent of the question.

If you are unsure of the correct answer, eliminate the answers that you know are incorrect to narrow the possibilities.

Who Should Read This Book?

IT administrators and other deeply technical roles are not the only ones who can benefit from Azure fundamentals training. If you are in technical sales, project management, or other less technical roles, understanding Azure and its services can help you in your role as well. That’s why I designed this book and its content to provide broad coverage of Azure fundamentals at an introductory level rather than a deep technical level. The book is appropriate for anyone who wants to understand Azure in a broad sense and prepare for the AZ-900 exam, even if you are not highly technical. Other resources can help you go deeper in specific areas when needed.

What’s Included in the Book?

This book consists of eight chapters plus supplementary information: a glossary, this introduction, flashcards, and the assessment test after the introduction. The chapters are organized as follows:

Chapter 1

, “

Cloud Concepts

,” explores the basic concepts of cloud computing to lay the foundation for the rest of the book.

Chapter 1

covers categories of cloud computing, the financial benefits of cloud computing, and the various cloud models available with Microsoft Azure.

Chapter 2

, “

Azure Core Services

,” explores the core services available with Azure, including key concepts such as subscriptions and billing, tenants, resources, and resource management. The chapter begins the exploration of key Azure services, including virtual machines, storage, and data services.

Chapter 3

, “

Azure Storage and Migration

,” describes the types of storage options available in Azure, how to create and manage them, and how to move data within Azure and between Azure and other locations, such as an on-premises data center.

Chapter 4

, “

Azure Core Networking Services

,” begins with an explanation of basic networking concepts to create a framework for the discussion of Azure-specific networking services. The chapter explores virtual networks, load balancers, VPN gateways, and content delivery networks.

Chapter 5

, “

Identity, Access, and Security

,” covers concepts, services, and solutions in Azure related to identity and authentication services supported by Azure, as well as access and security-related services. Topics covered include Azure network security resources, authentication and authorization, and key Azure security services such as Security Center, Key Vault, among others.

Chapter 6

, “

Azure Monitoring, Governance, and Compliance

,” describes concepts and services in Azure that enable you to monitor and secure resources in Azure. The chapter also covers governance and compliance services and tools in Azure to help you ensure that your Azure implementation is implemented in a controlled and structured manner and meets your industry and business compliance requirements.

Chapter 7

, “

Azure Pricing, Service Levels, and Lifecycle

,” helps you understand subscriptions, ways to purchase Azure services, and how to estimate and manage costs in Azure. Pricing tools including the TCO Calculator and Pricing Calculator are explored, as are service level agreements (SLAs), ways to improve SLAs (and the potential effect of SLAs on cost), and other ways to manage cost in Azure.

Chapter 8

, “

Creating and Managing Azure Resources

,” begins with an exploration of the tools you can use to create and manage Azure resources, including the Azure portal, PowerShell, the Azure CLI, the Azure Cloud Shell, and the Azure Mobile App. The chapter finishes with sections that step you through the process of creating several types of Azure resources.

Each chapter begins with a list of the objectives that are covered in that chapter. The book doesn’t cover the objectives in order. Thus, you shouldn’t be alarmed at some of the odd ordering of the objectives within the book. At the end of each chapter, you’ll find a couple of elements you can use to prepare for the exam:

Exam Essentials This section summarizes important information that was covered in the chapter. You should be able to perform each of the tasks or convey the information requested.

Review Questions Each chapter concludes with review questions. You should answer these questions and check your answers against the ones provided after the questions. If you can’t answer at least 80 percent of these questions correctly, go back and review the chapter, or at least those sections that seem to be giving you difficulty.

The review questions, assessment test, and other testing elements included in this book are not derived from the exam questions, so don’t memorize the answers to these questions and assume that doing so will enable you to pass the exam. Note that there are sites on the Internet called test-scraping sites, that often do have sample questions that are much like the questions you’ll find in the exam. However, they don’t necessarily point you to the correct answer because they are community reviewed rather than officially supported or vetted. They can be a useful resource, but they should not be your only resource. Instead, you should learn the underlying topic, as described in the text of the book. This will enable you to answer the questions provided with this book and pass the exam. Learning the underlying topic is also the approach that will serve you best in the workplace—the ultimate goal of a certification.

To get the most out of this book, you should read each chapter from start to finish and then check your memory and understanding with the chapter-end elements. Even if you’re already familiar with a topic, you should skim the chapter; Azure is complex enough that there are often multiple ways to accomplish a task, so you may learn something even if you’re already competent in an area.

Recommended Home Lab Setup

Microsoft Azure is a cloud-based offering, so you really don’t need a home lab setup to learn about Azure. Instead, you need only a computer with a connection to the Internet and an Azure subscription for experimentation. As described in Chapter 8, you can create a free subscription in Azure and use a monthly credit included with that free subscription to work in Azure for up to a year without incurring any cost.

Interactive Online Learning Environment and Test Bank

There are tools that have been developed to aid you in studying for the Amazon Certified SysOps Administrator - Associate exam. These tools are all available for no additional charge at:

https://www.wiley.com/go/sybextestprep

Just register your book to gain access to the electronic resources that are listed below.

Practice exams:

There are two 50 question practice exams available to test your knowledge. These questions are completely different from the review questions at the end of each chapter.

Flashcards:

There are 100 flashcards available for you to test your knowledge of AWS terms and concepts. If you don’t get them correct the first time through, try again! These are designed to reinforce the concepts you have learned throughout the book.

Glossary:

Throughout the book, there are italicized words that are considered to be important key terms. A glossary of these key terms with their definitions is provided. The best part about the glossary is that it’s searchable!

How to Contact Sybex

We want to ensure that you have the best resources and most up-to-date information as you take your Azure certification journey. On a periodic basis, visit www.wiley.com/go/Sybextestprep for updates, errata, and additional content as it becomes available.

AZ-900 Exam Objectives

Microsoft Certified Azure Fundamentals Study Guide: Exam AZ-900 has been written to cover every exam objective at a level appropriate to its exam weighting. The following table provides a breakdown of this book’s exam coverage, showing you the weight of each section and the chapter where each objective or subobjective is covered:

Subject Area

Percent of Exam

Describe cloud concepts

25–30%

Describe Azure architecture and services

35–40%

Describe Azure management and governance

30–35%

Total

100%

The AZ-900 exam has changed since its original release, with some of the higher-level topics being removed. Likewise, while those topics were included in the original release of this book, they have been removed to enable you to focus on the topics which are still included, along with topics that have been added.

Domain 1: Describe Cloud Concepts

Subdomain 1a: Identify the Benefits and Considerations of Using Cloud Services

Exam Objective

Chapter

1-1 Define cloud computing

1

1-2 Describe the shared responsibility model

1

1-3 Define cloud models, including public, private, and hybrid

1

1-4 Identify appropriate use cases for each cloud model

1

1-6 Describe the consumption-based model

1

1-7 Compare cloud pricing models

1

1-8 Describe serverless

1

,

2

Subdomain 1b: Describe the Benefits of Using Cloud Services

Exam Objective

Chapter

1-9 Describe the benefits of high availability and scalability in the cloud

1

1-10 Describe the benefits of reliability and predictability in the cloud

1

1-11 Describe the benefits of security and governance in the cloud

1

1-12 Describe the benefits of manageability in the cloud

1

Subdomain 1c: Describe Cloud Service Types

Exam Objective

Chapter

1-13 Describe infrastructure-as-a-service (IaaS)

1

1-14 Describe platform-as-a-service (PaaS)

1

1-15 Describe software-as-a-service (SaaS)

1

1-16 Identify appropriate use cases for each cloud service type (IaaS, PaaS, and SaaS)

1

Domain 2: Describe Azure Architecture and Services

Subdomain 2a: Describe the Core Architectural Components of Azure

Exam Objective

Chapter

2-1 Describe Azure regions, region pairs, and sovereign regions

2

2-2 Describe availability zones

2

2-3 Describe Azure resources and resource groups

2

2-4 Describe subscriptions

2

2-5 Describe management groups

2

2-6 Describe the hierarchy of resource groups, subscriptions, and management groups

2

Subdomain 2b: Describe Azure Compute and Networking Services

Exam Objective

Chapter

2-7 Compare compute types, including containers, virtual machines, and functions

2

2-8 Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop

3

2-9 Describe the resources required for virtual machines

2

2-10 Describe application hosting options, including web apps, containers, and virtual machines

2

2-11 Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute

4

2-12 Define public and private endpoints

2

,

4

Subdomain 2c: Describe Azure Storage Services

Exam Objective

Chapter

2-13 Compare Azure Storage services

3

2-14 Describe storage tiers

3

2-15 Describe redundancy options

3

2-16 Describe storage account options and storage types

3

2-17 Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync

3

2-18 Describe migration options, including Azure Migrate and Azure Data Box

3

Subdomain 2d: Describe Azure Identity, Access, and Security

Exam Objective

Chapter

2-19 Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services

5

2-20 Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication (MFA), and passwordless

5

2-21 Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C)

5

2-22 Describe Microsoft Entra Conditional Access

5

2-23 Describe Azure role-based access control (RBAC)

5

2-24 Describe the concept of zero trust

5

2-25 Describe the purpose of the defense-in-depth model

5

2-26 Describe the purpose of Microsoft Defender for Cloud

5

Domain 3: Describe Azure Management and Governance

Subdomain 3a: Describe Cost Management in Azure

Exam Objective

Chapter

3-1 Describe factors that can affect costs in Azure

7

3-2 Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator

7

3-3 Describe cost management capabilities in Azure

7

3-4 Describe the purpose of tags

7

Subdomain 3b: Describe Features and Tools in Azure for Governance and Compliance

Exam Objective

Chapter

3-5 Describe the purpose of Microsoft Purview in Azure

6

3-6 Describe the purpose of Azure Policy

6

3-7 Describe the purpose of resource locks

6

Subdomain 3c: Describe Features and Tools for Managing and Deploying Azure Resources

Exam Objective

Chapter

3-8 Describe the Azure portal

8

3-9 Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell

8

3-10 Describe the purpose of Azure Arc

8

3-11 Describe infrastructure as code (IaC)

8

3-12 Describe Azure Resource Manager (ARM) and ARM templates

8

Subdomain 3d: Describe Monitoring Tools in Azure

Exam Objective

Chapter

3-13 Describe the purpose of Azure Advisor

6

3-14 Describe Azure Service Health

6

3-15 Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights

6

Exam domains and objectives are subject to change at any time without prior notice and at Microsoft’s sole discretion. Visit their website for the most current information: https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-900.

Assessment Test

Microsoft Azure enables your organization to move IT expenditures to:

Capital expenditures

Operational expenditures

A controlled expense model

None of the above

Which of the following tools can you use to estimate the expense of moving a data center from on-premises to Azure?

Azure Pricing Calculator

Azure Cost + Billing

Azure TCO Calculator

Azure CLI

The term

agility

in Microsoft Azure refers to:

The ease at which you can move workloads from on-premises to Azure and back again

The ability to quickly adjust resources such as memory to adapt to changes in demand

The ability to add more frontend web servers to a web application to adapt to increased demand

The ability to quickly create redundancy in a solution

Which of the following describes the benefit

economy of scale

as it relates to Microsoft Azure?

The capability to distribute resources across multiple regions to reduce cost

The ability to place resources in less expensive Azure regions to reduce costs

The capability to automatically scale down the number of virtual machines in an Azure solution to reduce costs when demand decreases

The decrease in price per subscribers as more subscribers are added

Which of the following is an example of vertical scaling?

Adding VMs to a web app as demand increases

Reducing memory allocated to VMs when demand decreases

Adding CPU cores to a VM when demand increases

Both B and C

A service that provides the capability to deploy a SQL database without the need for you to set up a VM or install SQL Server is an example of:

Infrastructure-as-a-Service (IaaS)

Software-as-a-Service (SaaS)

Platform-as-a-Service (PaaS)

Data-as-a-Service (DaaS)

Accessing an application through a web page rather than installing the application on your local device is an example of:

Infrastructure-as-a-Service (IaaS)

Software-as-a-Service (SaaS)

Platform-as-a-Service (PaaS)

Data-as-a-Service (DaaS)

Deploying virtual machines (VMs) in a shared cloud environment is an example of:

Infrastructure-as-a-Service (IaaS)

Software-as-a-Service (SaaS)

Platform-as-a-Service (PaaS)

Data-as-a-Service (DaaS)

Which of the following accurately describes an Azure

geography

?

It corresponds to a single country or to a market encompassing multiple countries.

It always corresponds to a specific country.

It represents a set of physical data centers.

None of the above.

An Azure region:

Describes a specific Azure data center

Is usually paired with another region to ensure high availability

Can span across multiple countries

Encompasses the data centers in which all of your Azure resources reside

Azure China is a physically isolated instance of Azure available only to Chinese government entities.

Yes

No

You are deploying three VMs in a single region as web frontends to a web application. You need to ensure that power outages or other potential data center outages do not make your web application unavailable. Which of the following achieves this goal?

You place the VMs in an availability set.

You place the VMs in separate resource groups.

You place the VMs in different availability zones.

You deploy additional VMs to another regions.

What is the function of a resource group in Azure?

It provides automatic scaling of CPU cores, memory, and other resources for VMs.

It enables you to establish a higher SLA for VMs.

It protects resources from being deleted.

It serves as a logical container for Azure resources.

Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments?

Azure Resource Manager enables you to deploy multiple resources using JSON-based templates.

is the primary tool you use to manage resources in Azure

is the blade in Azure portal that provides access to resource management and monitoring tools, including management templates

enables you to interactively allocate additional CPU cores and memory to VMs

No change is needed.

Which of the following statements is not true regarding Azure subscriptions?

A subscription is aligned to a specific Azure region.

You can move resources from one subscription to another.

Subscriptions can help simplify Azure billing and cost management.

You can move a subscription from an existing tenant to a new Azure AD tenant.

Azure App Service provides support for multiple development languages, containers, and Windows and Linux.

Yes

No

Which of the following can you use to orchestrate container management in Azure?

Azure Container Instance (ACI)

Azure Resource Manager

Azure Kubernetes

Azure CLI

Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments?

Containers that you deploy in a group Azure

support only the Linux OS

.

support only the Windows OS

share the same OS as other containers in the group

require configuration of the OS for each container

No change is needed.

You need to set up a storage solution in Azure to store the state of an application from one execution of the application to the next. Which of the following storage solutions provides that capability?

Azure Disk

Azure Blob

Azure Files

Azure Archive

Which of the following data solutions would be the most cost-efficient solution for storing and retrieving sales data for your sales team using SQL statements?

Host a database using Azure SQL Database.

Host a database using Azure Managed SQL Instance.

Install SQL Server on a VM in Azure.

Host a database using Cosmos DB.

Which of the following does not provide load balancing between resources in Azure?

Azure Front Door

Azure Traffic Manager

Azure Load Balancer

Azure Network Security Groups (NSGs)

You have deployed a web application in Azure and need HTTPS traffic to be routed to a specific endpoint based on the requested URL. Which of the following load-balancing solutions provides this capability?

Azure Traffic Manager

Azure Load Balancer

Azure Application Gateway

Azure Network Security Groups

You need to ensure that network traffic between your on-premises data center and Azure is securely encrypted as it traverses the Internet, but you do not want your organization to manage the service. Which of the following should you choose?

Azure VPN Gateway

Azure Point-to-Point VPN

Azure ExpressRoute

Azure ExpressRoute Direct

Your organization has compliance restrictions that prevent your data from traversing the Internet between your on-premises data center and your resources in Azure. Which of the following provides a solution for this requirement?

Azure Managed VPN

Azure ExpressRoute Direct

Azure VPN Gateway

Azure ExpressRoute

Which of the following is an appropriate solution for placing video files and large documents close to where your globally dispersed users are located to reduce latency?

A dedicated point-to-point VPN connection between the source files and each location

Azure DirectRoute

Azure Content Delivery Network

None of the above

Which of the following solutions would enable only you and one of your peers to access and manage an Azure VM using RDP on port 3389?

Role-based access control (RBAC) and an Azure Network Security Group (NSG)

An appropriately designed Azure policy applied to the resource group containing the VM

Azure Firewall

Azure Front Door

You are deploying a VM-based solution, and due to security and compliance requirements, all traffic reaching that VM must come from a single endpoint located in a different subnet. Which of the following solutions meets this requirement?

Create a network security group (NSG) with the appropriate routing and apply the NSG to all virtual networks.

Create a user-defined route and apply it to all subnets in the virtual network.

Use Azure Firewall to route traffic to the target VM based on the IP address in the resource request URL.

Create a custom route in Azure Firewall to direct traffic to the endpoint based on source and destination address.

Replace the underlined section of the statement if needed to make the statement true:

Azure DDoS Protection Standard alerts you to DNS attacks as they are happening.

begins protecting resources from DNS attacks as soon as you configure DDoS on the resource

begins protecting resources from DNS attacks as soon as you configure the service on a virtual network

provides protection and alerts against DDoS attacks but does not provide mitigation reporting

No change is needed.

Which of the following is an example of authorization?

Providing a username and password when logging in to your device

Receiving a text message on your mobile device after providing a username and password for a website

Presenting a passport to enter another country

Presenting a visa to enter another country

Which of the following capabilities requires Azure AD Premium?

Enabling users to reset their own Azure AD passwords

Enabling users to reset their own on-premises passwords

Controlling access to resources in Azure through role-based access control (RBAC)

All of the above

Which of the following Azure services offers security recommendations for improving security in your Azure environment?

Azure Advanced Threat Protection (ATP)

Azure Information Protection (AIP)

Azure Security Center

Azure Service Health

You are a developer and need to store security credentials for a web application in a secure store in Azure. Which of the following meets this need?

Azure AD Premium

Security Center

Azure Credential Manager

Azure Key Vault

Your CIO has directed you to implement a solution that enables your organization to protect emails and documents using policies, identities, and encryption. Which of the following satisfies this requirement?

Azure Advanced Threat Protection (ATP)

Azure Policies

Azure Initiatives

Azure Information Protection (AIP)

Because of a recent network intrusion, you need to present a solution to your CIO that will enable your organization to identify pass-the-hash and reconnaissance attacks. Which of the following is an appropriate solution?

Windows Defender

Advanced Threat Protection

Azure Information Protection

Security Center

Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments?

A honeytoken attack tests multiple passwords against a username.

attempts authentication against an alphabetical list of usernames

is an attempt to log in to a fake account that you have created

is an example of a pass-the-token attack

No change is needed.

Which of the following would you use to ensure that the VMs added to a resource group do not exceed certain limits for the number of CPU cores and memory?

Azure Initiatives

Azure Configuration Manager

Azure Policies

Resource Locks

Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments?

Azure Policies enable you to