CloudPass LogoCloud Pass
AWSGoogle CloudMicrosoftCiscoCompTIADatabricks
Certifications
AWSGoogle CloudMicrosoftCiscoCompTIADatabricks
Microsoft AZ-900
Microsoft AZ-900

Practice Test #2

Simulez l'expérience réelle de l'examen avec 50 questions et une limite de temps de 45 minutes. Entraînez-vous avec des réponses vérifiées par IA et des explications détaillées.

50Questions45Minutes700/1000Score de réussite
Parcourir les questions d'entraînement

Propulsé par l'IA

Réponses et explications vérifiées par triple IA

Chaque réponse est vérifiée par 3 modèles d'IA de pointe pour garantir une précision maximale. Obtenez des explications détaillées par option et une analyse approfondie des questions.

GPT Pro
Claude Opus
Gemini Pro
Explications par option
Analyse approfondie des questions
Précision par consensus de 3 modèles

Questions d'entraînement

1
Question 1
(Sélectionnez 2)

You have an Azure web app. You need to manage the settings of the web app from an iPhone. What are two Azure management tools that you can use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Azure CLI is a command-line tool for managing Azure resources, including App Service. However, it typically requires a local installation and a supported OS/shell environment. An iPhone is not a standard platform for installing and running Azure CLI natively, so it’s not considered a complete solution for managing web app settings directly from the phone in an exam context.

The Azure portal is a web-based management interface accessible through a browser, including on an iPhone. It provides full UI-based management of an Azure web app (App Service), such as application settings, configuration, scaling, deployment slots, and monitoring. Because it requires no local installation and works via mobile browser access, it is a complete solution.

Azure Cloud Shell is a browser-accessible shell environment hosted by Azure. From an iPhone, you can open Cloud Shell in the Azure portal and run Azure CLI or Azure PowerShell commands to manage the web app’s settings. It avoids local installation and provides authenticated access plus persistent storage, making it a complete mobile-friendly management tool.

Windows PowerShell is a scripting and automation environment commonly used to manage Azure (often via the Az PowerShell module). However, it assumes a Windows (or at least a compatible PowerShell runtime) environment. An iPhone does not natively provide a standard Windows PowerShell execution environment, so it’s not a complete solution for managing settings from the phone.

Azure Storage Explorer is a client application designed to manage Azure Storage resources (blobs, files, queues, and tables). It is not intended for configuring or managing Azure App Service web app settings. Additionally, it’s a desktop tool rather than a mobile-first management option, making it unsuitable for this requirement.

Analyse de la question

Core concept: This question tests Azure management tools and how you can administer Azure resources (an Azure App Service Web App) from different devices. In AZ-900, you should recognize the primary management planes: the Azure portal (web UI), Azure Cloud Shell (browser-based shell), and command-line tools (Azure CLI/PowerShell) that typically require a suitable execution environment. Why the answer is correct: From an iPhone, the most practical and fully supported ways to manage a web app’s settings are: 1) The Azure portal (B): It’s a web-based interface accessible from a mobile browser. You can view and modify App Service configuration such as application settings, connection strings, deployment slots, scaling, and monitoring. 2) Azure Cloud Shell (C): Cloud Shell runs in the browser and provides an authenticated shell environment hosted by Azure. Because it’s browser-based, you can use it from an iPhone without installing local tooling. From Cloud Shell you can run Azure CLI or Azure PowerShell commands to manage the web app. Key features and best practices: - Azure portal provides guided experiences, validation, and resource blades for App Service configuration. It aligns with Azure Well-Architected operational excellence by simplifying day-2 operations (configuration, diagnostics, access control via RBAC). - Azure Cloud Shell provides a managed environment (with Azure CLI and PowerShell available) and persistent storage via an Azure Files share, enabling repeatable operational tasks and scripts without local setup. Common misconceptions: - Azure CLI (A) and Windows PowerShell (D) are management tools, but they generally require installation and a compatible local runtime. An iPhone is not a typical environment for installing and running these tools natively, so they are not considered complete solutions in this context. - Azure Storage Explorer (E) manages storage accounts (blobs, files, queues, tables) and is not used to manage App Service web app settings. Exam tips: For “manage from a phone/mobile device” questions, prioritize browser-based tools: Azure portal and Cloud Shell. If the question implies “no local installation,” Cloud Shell is often the best fit. Also, map tools to resource types: Storage Explorer is for storage, not App Service configuration.

2
Question 2

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

Partie 1 :

Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (Azure AD) environment.

Azure Advisor does not primarily provide recommendations to improve the security of an Azure Active Directory (Azure AD) / Microsoft Entra ID environment. Advisor’s “Security” recommendations focus on Azure resources and configurations (for example, enabling secure configurations, reducing exposure, and improving security posture for workloads). Identity-specific security recommendations—such as improving sign-in risk policies, MFA coverage, conditional access posture, and other directory hardening actions—are typically provided through Microsoft Entra ID capabilities like Identity Secure Score and related identity protection/governance features. In exam terms, if the statement is explicitly about “Azure AD environment,” the best match is not Azure Advisor. Advisor may integrate with broader security guidance, but it is not the primary tool for Entra ID security posture recommendations. Therefore, the statement is false.

Partie 2 :

Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines.

Azure Advisor does provide recommendations to reduce the cost of running Azure virtual machines. This is one of Advisor’s core categories: Cost. Advisor analyzes VM utilization and configuration/usage patterns and can recommend actions such as resizing (right-sizing) underutilized VMs, shutting down or deleting idle VMs, purchasing reserved instances/savings plans where appropriate, and optimizing resource selection to reduce spend. For AZ-900, remember that cost optimization guidance is a hallmark of Azure Advisor, alongside reliability, performance, security, and operational excellence. While Azure Cost Management + Billing is the primary service for cost analysis, budgeting, and chargeback/showback, Advisor is the service that turns telemetry into prescriptive cost-saving recommendations. Therefore, the statement is true.

Partie 3 :

Azure Advisor provides recommendations on how to configure the network settings on Azure virtual machines.

Azure Advisor is not intended to provide general recommendations on how to configure the network settings on Azure virtual machines (for example, detailed NIC/IP configuration, subnetting strategy, NSG rule design, routing, or DNS settings). Those are typically designed using Azure networking best practices and validated with tools like Azure Network Watcher, NSG flow logs, Connection troubleshoot, and architectural guidance. Advisor can sometimes recommend certain VM-related features that touch networking (for example, enabling accelerated networking on supported VM sizes to improve throughput/latency, or other performance/reliability suggestions). However, that is not the same as providing recommendations on how to configure VM network settings broadly. In AZ-900 wording, “configure the network settings on Azure virtual machines” implies detailed network configuration guidance, which is not Advisor’s role. Therefore, the statement is false.

3
Question 3
(Sélectionnez 2)

Your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. Which two Azure resources should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Azure Data Lake is an appropriate resource for storing the very large volumes of telemetry generated by several million sensors. It is built for massively scalable storage and analytics workloads, allowing organizations to retain raw and processed IoT data for downstream analysis. In an IoT architecture, devices do not connect directly to Data Lake, but it is a key supporting resource for the uploaded sensor data. This makes it a valid part of the overall solution when the question asks which resources must be created to support the deployment.

Azure Queue storage is a general-purpose message queue used to decouple application components and support asynchronous processing. While it can be useful in some architectures, it is not the primary Azure resource required for connecting millions of sensors or for storing their uploaded telemetry data. The question asks which resources must be created to support the planned IoT solution, and Queue storage is optional rather than foundational. In AZ-900, generic queues are usually not the best answer when a dedicated IoT ingestion service and scalable data store are available.

Azure File Storage provides managed file shares over SMB or NFS for applications and users that need shared file access. It is intended for traditional file-based workloads, lift-and-shift scenarios, and shared storage, not for ingesting or storing high-volume IoT telemetry in an analytics-friendly way. It does not provide device connectivity, message ingestion, or specialized support for sensor data pipelines. Therefore, it is not an appropriate choice for this scenario.

Azure IoT Hub is the dedicated Azure service for securely connecting, authenticating, and managing IoT devices at scale. It supports device-to-cloud telemetry ingestion, cloud-to-device messaging, per-device identities, and integration with downstream services for processing and storage. For a scenario involving several million sensors uploading data, IoT Hub is the canonical Azure service because it is specifically designed for high-scale IoT communication. It is therefore an essential resource in the planned solution.

Azure Notification Hubs is designed to send push notifications to mobile app users across platforms such as iOS and Android. Its purpose is user engagement and broadcast messaging, not ingestion of telemetry from sensors or management of IoT devices. It does not provide device-to-cloud telemetry pipelines, per-device IoT identities, or large-scale sensor data storage. As a result, it is unrelated to the core requirements of this solution.

Analyse de la question

Core concept: This question tests recognition of the Azure services used in a large-scale IoT solution: one service to securely connect and ingest telemetry from devices, and one service to store massive volumes of uploaded data for later processing and analytics. For millions of sensors, Azure IoT Hub is the purpose-built ingestion and device management service, while Azure Data Lake is the scalable storage layer for the collected data. Why correct: Azure IoT Hub is designed specifically for IoT scenarios and supports secure device-to-cloud communication, per-device identity, and large-scale telemetry ingestion. Azure Data Lake provides massively scalable storage for the sensor data once it is uploaded, making it appropriate for retaining and analyzing high-volume telemetry streams. Together, these services cover both the ingestion and storage needs of the planned solution. Key features: IoT Hub supports bi-directional communication, device provisioning, authentication, and message routing for millions of devices. Azure Data Lake supports hierarchical namespace, big data analytics integration, and storage of structured and unstructured telemetry at very large scale. This combination is common in Azure IoT architectures where data is ingested first and then persisted for analytics. Common misconceptions: Azure Queue storage is a generic messaging service, but it is not the primary service you must create to support device connectivity at IoT scale, nor is it the canonical storage target for telemetry data. Azure File Storage is for file shares, and Notification Hubs is for mobile push notifications. The exam usually expects the dedicated IoT service plus a scalable data storage service, not an optional buffering component. Exam tips: In AZ-900, when you see sensors or devices sending telemetry at scale, think Azure IoT Hub first. If the question asks for two resources to support the solution, the second is often a storage or analytics service such as Azure Data Lake rather than a generic queue. Focus on the core business need: connect devices and store their uploaded data.

4
Question 4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has an Azure subscription that contains the following unused resources: ✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfaces You need to reduce the Azure costs for the company. Solution: You remove the unused network interfaces. Does this meet the goal?

Answering "Yes" assumes that unused network interfaces generate ongoing charges, which is typically incorrect in Azure. A NIC by itself does not usually incur a recurring cost; charges come from associated services like compute, public IPs, NAT gateways, or data transfer. Deleting an unattached NIC therefore does not remove a meaningful billed item from the subscription. As a result, this action would not reliably reduce costs.

Network interfaces in Azure are generally not billed as a standalone resource; they are control-plane objects used to connect compute resources to a virtual network. If the NICs are unused/unattached, there is typically no recurring charge to eliminate by deleting them. Azure costs are more commonly reduced by removing billable resources such as running VMs, managed disks, gateways, or allocated public IPs (notably Standard SKU). Therefore, removing unused NICs does not meet the goal of reducing Azure costs.

Analyse de la question

Core concept: This question tests which Azure resources generate ongoing charges and which are free (or only incur charges when used), so you can identify actions that actually reduce Azure costs. Why the answer is correct: Removing unused network interfaces (NICs) does not typically reduce Azure costs because NICs themselves do not have a standalone hourly charge. A NIC is a logical networking resource that is billed indirectly through attached, billable services (for example, a VM compute charge, a public IP charge, a NAT gateway charge, or data processing/egress). If the NICs are unused (not attached to running VMs or other billable constructs), deleting them does not eliminate a recurring cost line item. Therefore, this action does not meet the goal of reducing Azure costs. Key features / configurations: - Azure Network Interface (NIC): generally no direct cost by itself. - Costs are typically driven by: - Public IP addresses (especially Standard SKU) when allocated. - Running compute (VMs), load balancers, NAT Gateway, VPN/ExpressRoute, and data egress. - Managed disks and other storage resources. - Azure AD users/groups: generally not billed per object in a way that reduces cost by deleting unused accounts/groups (licensing is the cost driver). Common misconceptions: - Assuming every resource in a resource group incurs charges just because it exists. - Confusing “unused” with “unattached”: a NIC can exist unattached and still not cost anything. - Believing deleting Azure AD objects reduces cost; in most cases, licensing (e.g., Entra ID P1/P2) is what drives cost, not the count of users/groups. Exam tips: - Focus on resources with known recurring charges: compute, storage, public IPs (Standard), gateways, and data transfer. - Remember: many control-plane objects (NICs, VNets, NSGs, route tables) typically have no direct cost. - For identity, cost reduction usually comes from removing/downsizing licenses, not deleting users/groups.

5
Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You plan to deploy several Azure virtual machines. You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more resource groups. Does this meet the goal?

Yes is incorrect because resource groups do not map to separate datacenters, zones, or fault domains; they are purely a management construct. VMs in different resource groups can still be deployed into the same availability zone or even the same underlying datacenter, so a datacenter outage could take down all instances. High availability for datacenter failure requires zonal redundancy (Availability Zones) and typically a load-balancing or failover mechanism, not just organizational separation.

No is correct because deploying VMs to multiple resource groups does not provide any fault isolation at the infrastructure or datacenter level. Resource groups are logical containers used for organizing resources, applying RBAC, policies, and managing lifecycle operations, but they do not control physical placement. To meet the requirement of surviving a single datacenter failure, the solution must use Availability Zones (or a multi-region design) so instances run in separate fault-isolated locations.

Analyse de la question

Core concept: This question tests Azure resiliency constructs for virtual machines—specifically what provides protection against a single datacenter (availability zone) failure versus what is merely an organizational boundary (resource groups). Why the answer is correct: Deploying VMs into two or more resource groups does not change where the VMs physically run. A resource group is a logical container for management, RBAC, and lifecycle operations; it does not provide fault isolation across datacenters. To remain available if a single datacenter fails, the VMs (or the workload) must be deployed across fault-isolated locations such as Availability Zones (zonal deployment) or across regions (paired regions) using appropriate architectures (e.g., zone-redundant load balancing, multi-region failover). Key features / configurations: - Availability Zones: Place VMs in different zones within the same region to survive a datacenter/zone outage. - Availability Sets: Protect against rack/power/network failures within a datacenter (fault/update domains), but not a full datacenter outage. - Load Balancer (Standard) / Application Gateway: Distribute traffic across zonal VM instances; can be zone-redundant. - Multi-region patterns: Azure Traffic Manager / Front Door + regional deployments for regional disaster recovery. Common misconceptions: - Assuming resource groups provide high availability or physical separation; they do not influence placement. - Confusing Availability Sets with Availability Zones; availability sets do not cover a full datacenter failure. - Believing “separate resource groups” implies “separate datacenters”; physical resiliency requires zonal or regional design. Exam tips: - Resource groups = management boundary, not resiliency. - For “single datacenter fails” in Azure, think Availability Zones. - Availability Sets help with host/rack maintenance and localized failures, not zone-wide outages. - Pair zonal deployments with a load balancer to keep services reachable during a zone failure.

Envie de vous entraîner partout ?

Téléchargez Cloud Pass — inclut des tests d'entraînement, le suivi de progression et plus encore.

6
Question 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure Traffic Manager profile. Does this meet the goal?

Answering "Yes" implies that Traffic Manager can make VM1 reachable over HTTP, but Traffic Manager does not handle inbound connections or port exposure. It does not replace a public IP, Azure Load Balancer, or Application Gateway, and it does not change NSG rules that control inbound TCP/80. At most, it can direct users to an already-public endpoint by DNS, which is insufficient to guarantee VM1 becomes accessible. Thus, this solution does not meet the stated goal.

Traffic Manager only returns DNS responses that point clients to an endpoint; it does not create or modify the network path to a VM. It cannot open TCP/80, assign a public IP, or configure inbound NAT/load-balancing rules required for Internet access. Even if VM1 were registered as an endpoint, VM1 must already be reachable publicly for HTTP for Traffic Manager to be useful. Therefore, modifying a Traffic Manager profile alone does not ensure VM1 is accessible over HTTP from the Internet.

Analyse de la question

Core concept: This question tests how to expose an Azure virtual machine to the public Internet over HTTP and which Azure networking services actually control inbound connectivity to a specific VM. Why the answer is correct: Azure Traffic Manager is a DNS-based global traffic distribution service. It can direct clients to different public endpoints (for example, different regions) by returning different DNS responses, but it does not open ports, perform inbound NAT, or change a VM’s reachability from the Internet. To make VM1 accessible over HTTP, you must ensure VM1 has a public entry point (public IP or a public load balancer) and that inbound TCP/80 is allowed via NSG rules (and any OS firewall). Therefore, modifying a Traffic Manager profile alone does not meet the goal. Key features / configurations: - Azure Traffic Manager: DNS-based routing (Priority/Weighted/Performance/Geographic/Multivalue/Subnet), endpoint monitoring, returns DNS answers only. - Required to expose a VM over HTTP: Public IP (or Public Load Balancer/Application Gateway), inbound rule for TCP/80, NSG inbound allow, and OS firewall/web server listening on port 80. - Common patterns: Public Load Balancer with inbound NAT/load-balancing rules; Application Gateway (L7) for HTTP/HTTPS; Azure Front Door for global HTTP(S) entry. Common misconceptions: - Assuming Traffic Manager “publishes” a service to the Internet; it only influences DNS resolution. - Confusing Traffic Manager with Layer 4/7 load balancers (Azure Load Balancer/Application Gateway/Front Door) that actually accept inbound connections. - Forgetting that NSGs and public IP/LB configuration determine whether TCP/80 can reach the VM. Exam tips: - Traffic Manager = DNS-based routing, not a data-plane proxy and not a firewall/NAT. - To make a VM reachable from the Internet: public endpoint + NSG allow + service listening. - For HTTP-specific scenarios, consider Application Gateway or Front Door; for TCP/UDP, consider Azure Load Balancer.

7
Question 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed. Does this meet the goal?

Yes. PowerShell Core 6.0 is supported on macOS, and Azure PowerShell can be used from that environment to create and manage Azure resources. By installing the Az module, the administrator can authenticate to Azure and run the required script just as they could from Windows or Linux. The operating system does not prevent Azure resource deployment when using supported cross-platform tooling.

No would be incorrect because the proposed configuration is valid for Azure PowerShell. Azure PowerShell is not restricted to Windows, and PowerShell Core was specifically created to support cross-platform administration. A macOS device with PowerShell Core 6.0 installed can run Azure scripts successfully, provided the necessary Azure modules, network access, and permissions are available.

Analyse de la question

Core Concept: This question tests knowledge of Azure support plans and what communication channels (phone/email) are available. In AZ-900, you’re expected to distinguish between Basic, Developer, Standard, Professional Direct, and Premier/Unified (enterprise) support, and map them to business requirements. Why the Answer is Correct: A Standard support plan meets the requirement because it includes access to Microsoft support engineers via phone and email for technical support requests. The company policy explicitly requires an option to access support engineers by phone or email; Standard provides that capability (along with defined response times based on severity). Therefore, recommending Standard satisfies the stated goal. Key Features / What to Know: - Basic support (included with every Azure subscription) provides billing and subscription support but does not provide technical support engineer access. - Developer support provides technical support during business hours via email (and is intended for non-production/dev workloads). - Standard support provides technical support for production workloads and includes phone and email access, with faster response times than Developer. - Professional Direct adds proactive guidance (e.g., advisory services) and typically faster/more comprehensive support experience. - Premier/Unified are enterprise agreements with the most comprehensive coverage. From an Azure Well-Architected Framework perspective (Operational Excellence and Reliability), having a support plan with engineer access is part of incident response readiness and operational supportability. Standard is commonly the minimum plan organizations choose for production environments. Common Misconceptions: A frequent confusion is thinking Basic includes technical support because it is “included.” Basic generally covers billing/subscription issues and self-help resources, not direct access to support engineers for technical issues. Another misconception is that Developer is always sufficient; while it may include email-based technical support, it is positioned for dev/test and has limited hours and slower response. Exam Tips: - If the requirement mentions “phone support,” Developer may not be sufficient; Standard (or higher) is the safe choice. - If the requirement is only “email access to support engineers,” Developer could qualify, but read carefully for production vs dev/test wording. - For AZ-900, focus on the high-level differences: Basic (no technical), Developer (email/business hours), Standard (phone+email, production), Pro Direct (proactive).

8
Question 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify a network security group (NSG). Does this meet the goal?

Yes. An NSG is the Azure resource used to allow or deny network traffic to a virtual machine or subnet, including inbound HTTP traffic on TCP port 80. If VM1 already has a path from the Internet, such as a public IP address or a public load balancer, adding or modifying an NSG rule to allow port 80 will make HTTP access possible. In AZ-900 exam context, this is considered a valid solution because NSGs are the standard control for permitting web traffic to Azure VMs.

No is incorrect because NSGs are directly relevant to controlling whether HTTP traffic can reach a VM. While an NSG does not itself assign a public IP address or create Internet exposure, modifying it to allow inbound port 80 is still a correct action to meet the stated goal in this type of exam scenario. The question asks whether modifying an NSG meets the goal, and allowing HTTP through the NSG is exactly how Azure permits that traffic.

Analyse de la question

Core concept: Network Security Groups (NSGs) control inbound and outbound traffic to Azure virtual machines and subnets using allow and deny rules. Why correct: To make VM1 accessible from the Internet over HTTP, an inbound rule allowing TCP port 80 is required, and modifying the NSG is a valid way to achieve that when the VM already has Internet reachability through a public IP or load balancer. Key features: NSGs can be associated with NICs or subnets, evaluate rules by priority, and are commonly used to permit web traffic such as HTTP (80) and HTTPS (443). Common misconceptions: An NSG alone does not provide a public endpoint; the VM must also have a public IP address or be behind a public load balancer. However, in these AZ-900 scenario questions, changing the NSG is considered sufficient when the goal is to allow the traffic type. Exam tips: Distinguish between connectivity enablers like public IPs and traffic filters like NSGs; if the question asks whether modifying an NSG can ensure HTTP access, the answer is typically yes because NSGs are the mechanism used to allow that inbound traffic.

9
Question 9

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:

Partie 1 :

To implement a hybrid cloud model, a company must have an internal network.

Yes. A hybrid cloud model requires that the organization has some form of internal environment to integrate with the public cloud—typically an on-premises network and/or private cloud resources. The defining characteristic of hybrid is the combination of two environments (private/on-premises + public cloud) with connectivity and coordination between them. In practice, this usually means an internal network connected to Azure using VPN or ExpressRoute, and often shared identity (Microsoft Entra ID), monitoring, and governance. Why “No” is wrong: If a company has no internal network or private environment at all, then it is not hybrid; it is purely public cloud. Hybrid is not just “using cloud services,” it is specifically “using cloud services together with on-premises/private resources.”

Partie 2 :

A company can extend the computing resources of its internal network by using a hybrid cloud.

Yes. One of the most common benefits/use cases of hybrid cloud is extending on-premises computing capacity by leveraging public cloud resources. This is often described as scaling out, cloud bursting, or adding temporary/elastic capacity for peak demand, dev/test, batch jobs, or disaster recovery. For example, an organization might keep core systems on-premises but run additional web front ends or analytics workloads in Azure when demand increases. Why “No” is wrong: Hybrid cloud is specifically valued for flexibility and elasticity—keeping certain workloads local for latency, compliance, or legacy reasons while using Azure to add compute/storage on demand. This supports Well-Architected principles like Performance Efficiency (elastic scaling) and Cost Optimization (avoid overprovisioning on-prem hardware).

Partie 3 :

In a public cloud model, only guest users at your company can access the resources in the cloud.

No. In a public cloud model, access to cloud resources is not limited to “guest users” at your company. Access is determined by authentication and authorization controls (for Azure, typically Microsoft Entra ID identities, service principals/managed identities, and Azure RBAC), plus network controls (firewalls, private endpoints, VNets) and other governance policies. Why “Yes” is wrong: “Guest user” is a specific identity concept (B2B collaboration) and is not a defining rule of public cloud access. Public cloud resources can be accessed by internal employees, external partners, customers, applications, and automation accounts—any identity that is granted permissions. The public cloud refers to the provider-owned infrastructure and shared responsibility model, not to a restriction that only guest users can access resources.

10
Question 10

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that meets the company migration plan. Solution: You create Azure virtual machines, Azure SQL databases, and Azure Storage accounts. Does this meet the goal?

Yes is incorrect because it ignores that Azure virtual machines are not PaaS. A PaaS-only requirement means compute should be delivered via managed platform services (for example, App Service or Functions) rather than VM instances. Even though Azure SQL Database and Azure Storage are PaaS, the inclusion of VMs makes the solution a mixed IaaS/PaaS deployment and therefore non-compliant.

No is correct because the solution includes Azure virtual machines, which are an Infrastructure as a Service (IaaS) offering. With Azure VMs, the customer is responsible for operating system management, patching, and VM-level configuration, which contradicts a strict “PaaS-only” migration plan. While Azure SQL Database and Azure Storage accounts are PaaS services, the presence of any IaaS component means the overall environment does not meet the stated requirement.

Analyse de la question

Core concept: This question tests your ability to distinguish Azure Platform as a Service (PaaS) offerings from Infrastructure as a Service (IaaS) and determine whether a proposed deployment complies with a “PaaS-only” migration requirement. Why the answer is correct: The proposed solution includes Azure virtual machines, which are an IaaS compute service. A “PaaS-only” requirement means you must avoid managing virtual machine instances (OS patching, VM sizing, VM availability constructs) and instead use managed platform services (for example, Azure App Service, Azure SQL Database, Azure Functions, Azure Container Apps). Although Azure SQL Database and Azure Storage accounts are PaaS services, the inclusion of Azure VMs violates the stated constraint, so the solution does not meet the goal. Key features / configurations: - Azure Virtual Machines: IaaS; customer manages OS, runtime, and VM lifecycle. - Azure SQL Database: PaaS database; Microsoft manages OS and database engine infrastructure. - Azure Storage accounts: Managed storage service (PaaS); no server management. - PaaS-only alternatives to VMs: Azure App Service, Azure Functions, Azure Container Apps, Azure Kubernetes Service (often considered more managed but still involves cluster management), Azure Virtual Desktop is not PaaS-only. Common misconceptions: - Assuming that using “some PaaS services” is sufficient even if the architecture also includes IaaS components. - Thinking Azure VMs are PaaS because they are “in Azure”; they remain IaaS because you manage the OS and VM configuration. - Confusing “managed service” broadly with “PaaS-only”; many managed offerings still require infrastructure management responsibilities. Exam tips: - If a requirement says “PaaS only,” any inclusion of Azure Virtual Machines typically makes the answer “No.” - Identify the service model quickly: VMs = IaaS; App Service/Functions/SQL Database = PaaS. - Mixed architectures (PaaS + IaaS) fail strict “PaaS-only” constraints even if most components are PaaS.

Autres tests d'entraînement

Practice Test #1

50 Questions·45 min·Réussite 700/1000

Practice Test #3

50 Questions·45 min·Réussite 700/1000

Practice Test #4

50 Questions·45 min·Réussite 700/1000

Practice Test #5

50 Questions·45 min·Réussite 700/1000

Practice Test #6

50 Questions·45 min·Réussite 700/1000

Practice Test #7

50 Questions·45 min·Réussite 700/1000

Practice Test #8

50 Questions·45 min·Réussite 700/1000

Practice Test #9

50 Questions·45 min·Réussite 700/1000
← Voir toutes les questions Microsoft AZ-900

Commencer à s'entraîner

Téléchargez Cloud Pass et commencez à vous entraîner sur toutes les questions Microsoft AZ-900.

Get it on Google PlayDownload on the App Store
Cloud PassCloud Pass

Application d'entraînement aux certifications IT

Get it on Google PlayDownload on the App Store

Certifications

AWSGCPMicrosoftCiscoCompTIADatabricks

Mentions légales

FAQPolitique de confidentialitéConditions d'utilisation

Entreprise

ContactSupprimer le compte

© Copyright 2026 Cloud Pass, Tous droits réservés.

Envie de vous entraîner partout ?

Obtenir l'application

Téléchargez Cloud Pass — inclut des tests d'entraînement, le suivi de progression et plus encore.