100% found this document useful (1 vote)

2K views307 pages

AZ-900 Exam Cram FULL-2024 - HANDOUT

The document is an exam cram guide for the AZ-900 Microsoft Azure Fundamentals certification exam. It provides an overview of the exam content, including the three exam domains which focus on cloud concepts, Azure architecture and services, and Azure management and governance. It recommends strategies for exam preparation, such as using a variety of study sources like targeted reading, practice exams, videos, and flashcards. It also provides descriptions of key cloud computing concepts covered in the exam like cloud models, economies of scale, and capital versus operational expenditures.

Uploaded by

itmanager.hts

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

2K views307 pages

AZ-900 Exam Cram FULL-2024 - HANDOUT

Uploaded by

itmanager.hts

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 307

Az-900 EXAM CRAM

THE COMPLETE COURSE

Covers EVERY exam topic

 Exam Prep Strategy
 Downable PDF for review
 100+ question practice quiz

with Pete Zerger vCISO, CISSP, MVP

Az-900 EXAM CRAM
THE COMPLETE COURSE

Covers EVERY exam topic

 Exam Prep Strategy
 Downable PDF for review
 100+ question practice quiz

with Pete Zerger vCISO, CISSP, MVP

How current is this exam cram?
Should be current through 2023 and 2024

…but check the video description for any

addendums / add-ons to cover minor changes

This course was recorded in November 2023

Exam DOMAINS for az-900
01 Describe Cloud Concepts

02 Describe Azure Architecture and Services

03 Describe Azure Management and Governance

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
BONUS
to assess your readiness
FREE PRACTICE
questions
for the AZ-900 exam
2 years
experience

You are here!

2-5 years
+ Associate

just getting
started
Experience?
~60 minutes in length

Roughly 40-60 questions

multiple choice

Lightly technical, focusing on

feature and concept description
FOCUS ON THE

VERBS
Exam DOMAINS for az-900
01 Describe Cloud Concepts

02 Describe Azure Architecture and Services

03 Describe Azure Management and Governance

Focuses on basic knowledge of concepts

and Azure services – NOT hands on!

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
There is no

AWARD
for the longest
STUDY TIME!
Az-900 EXAM CRAM
THE COMPLETE COURSE

Recommended Exam
Preparation Strategy
Exam prep strategy
Research shows everyone benefits from a variety of sources!

Link in video
description

TARGETED LIVE QUIZ VIDEO

READING (or flashcards) CONTENT
Use my PDF
PRACTICE POWERPOINT
EXAMS REVIEW (PDF)

Mix, match, and repeat based on your preferences

Exam prep strategy
Research shows everyone benefits from a variety of sources!

TARGETED LIVE QUIZ VIDEO

READING? (or flashcards) CONTENT

PRACTICE POWERPOINT
EXAMS REVIEW (PDF)

Use MS Learn for topics you are struggling with…

Exam prep strategy
Research shows everyone benefits from a variety of sources!

TARGETED LIVE QUIZ VIDEO

READING? (or flashcards) CONTENT

PRACTICE POWERPOINT
EXAMS REVIEW (PDF)

…but not to read line-by-line!

MEMORIZING VS UNDERSTANDING

UNDERSTANDING
CONCEPTS
Studies show understanding BEFORE you
memorize greatly improves retention
Exam DOMAINS for az-900
01 Describe Cloud Concepts

02 Describe Azure Architecture and Services

03 Describe Azure Management and Governance

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
01 Describe Cloud Concepts

1.1 Describe cloud computing

1.2 Describe the benefits of using cloud services
1.3 Describe cloud service types

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: Describe cloud computing
❖ Describe cloud computing
❖ …the shared responsibility model
❖ …cloud models, including public, private, and hybrid
❖ Identify appropriate use cases for each cloud model
❖ Describe the consumption-based model (Budget and pricing)
❖ Compare cloud pricing models
❖ Describe serverless Easiest to compare/contrast with PaaS

1.1 Describe cloud computing

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
D O M A I N 1 : DEFINE CLOUD COMPUTING

NIST SP 800-145
Cloud computing is a model for enabling universal,
convenient, on-demand network access …
to a shared pool of configurable computing resources…
(e.g., networks, servers, storage, appS, and services)
…that can be rapidly provisioned and released with
minimal management effort or service provider
interaction.

The NIST definition of cloud computing

D O M A I N 1 : DEFINE CLOUD COMPUTING

Cloud computing is the delivery of

computing services over the internet
Expands the traditional IT offerings to include services like
Internet of Things (IoT)
Machine Learning (ML)
Artificial Intelligence (AI)

Enables organizations to quickly expand their compute

footprint without the need to build a datacenter

The Microsoft definition of cloud computing

Shared responsibility model

On-premises
SaaS

PaaS

IaaS
RESPONSIBILITY ALWAYS RETAINED BY CUSTOMER

RESPONSIBILITY VARIES BY SERVICE TYPE

RESPONSIBILITY TRANSFERS TO CLOUD PROVIDER

CSP CUSTOMER Image courtesy of Microsoft

Better security in the cloud?
ON-PREMISES CLOUD-ENABLED

Unique business value

DOMAIN 1: describe CLOUD CONCEPTS
Describe cloud models, including public, private,
and hybrid and appropriate use cases

Benefits of Cloud is cost-effective,

Cloud global, secure, scalable,
Computing elastic, and always current
Allows orgs to transfer risk, operational
responsibility, and to focus on innovation

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
Describe cloud models, including public, private,
and hybrid and appropriate use cases

Describe Everything runs on your

Public Cloud cloud provider's hardware.

Describe Advantages include

Public Cloud scalability, agility, PAYG, no
maintenance, and low skills
Use to skip building your own datacenter

Describe A cloud environment in your

Private Cloud own datacenter

Describe Advantages include legacy

Private Cloud support, control, and compliance
Use when you need more control

Combines public and private

Describe
clouds, allowing you to run your
Hybrid Cloud apps in the right location

Advantages include flexibility in

Describe
legacy, compliance, and
Hybrid Cloud scalability scenarios

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
1.1 Describe cloud computing

The ability to do things more efficiently

Economies
or at a lower-cost per unit when
of Scale operating at a larger scale.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
1.1 Describe cloud computing

Capital Capital Expenditure (CapEx) is the spending

Expenditure of money on physical infrastructure up front

Associated with legacy on-premises datacenter scenarios

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
1.1 Describe cloud computing

Operational Expenditure (OpEx) is

Operational
spending money on services or products
Expenditure now and being billed as you go

Associated with public cloud consumption (pay-as-you-go)

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
1.1 Describe cloud computing

Operational The cloud increases OpEx spending

Expenditure and reduces CapEx spending

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
1.1 Describe cloud computing

Pay for what you use, typically per unit

Consumption-
of time or capacity (per-minute, per-GB,
based model
per-execution)

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS
1.1 Describe cloud computing

You provision resources and pay for

Fixed price
those instances whether you use
model
them or not

Ensures predictable costs for your cloud services

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 1: describe CLOUD CONCEPTS

a cloud computing execution model where

the cloud provider dynamically manages
Serverless the allocation and provisioning of servers.
hosted as a pay-as-you-go model based
Architecture on use.
Resources are stateless, servers ephemeral
and often capable of being triggered.

Example: Function-as-service
HOW
is SERVERLESS
Different
from PAAS in terms of
responsibility?
PaaS Serverless

More control over Less control over

deployment environment deployment environment
Devs have to
write code
Application has to be Application scales
configured to auto-scale automatically
No server
management
Application takes Application code only
a while to spin up executes when invoked
WORD ASSOCIATION:
serverless

Logic App Functions Event Grid

serverless computing solutions

A cloud service that helps you schedule,

automate, and orchestrate tasks, business
processes, and workflows
Logic App
serverless computing solutions

A cloud service that helps you schedule,

automate, and orchestrate tasks, business
processes, and workflows

Logic App You can choose from a gallery of hundreds of pre-

built connectors for MSFT & 3rd party services

Logic App is the foundation for Power Automate (MS Flow)

Az-900 EXAM CRAM
THE COMPLETE COURSE

Azure Logic App Data

Connectors
serverless computing solutions

An event driven, compute-on-demand

experience that extends the
Functions existing Azure application platform…
serverless computing solutions

…with capabilities to implement code

triggered by events occurring in Azure as
Functions well as on-premises systems.

This enables billing per execution rather than by time

serverless computing solutions

Enables you to easily manage events across

many different Azure services and applications
Event Grid
serverless computing solutions

Enables you to easily manage events across

many different Azure services and applications
Once a subscription is created, Event Grid will
Event Grid push events to the configured destination
Pub/Sub
model

image credit: Microsoft

app or service “reacting” to an event

serverless computing solutions

Makes it easy for any developer to utilize the

“push” model instead of the inefficient “pull”
across their Serverless architecture.
Event Grid

Like Azure Functions, it is ‘pay per use’

DOMAIN 1: Describe cloud computing
❖ Describe the benefits of high availability and
scalability in the cloud
❖ Describe the benefits of reliability and predictability
in the cloud
❖ Describe the benefits of security and governance in
the cloud
❖ Describe the benefits of manageability in the cloud

1.2 Describe the benefits of using cloud services

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
KNOW THESE CLOUD

CONCEPts
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Encompasses availability of the

Availability infrastructure, applications, and services
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Encompasses availability of the

infrastructure, applications, and services
Availability
Generally expressed as a number of 9’s,
such as five nines or 99.999% availability

Availability and uptime are often used interchangeably.

Uptime simply measures the amount of time a system is running
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

The ability of a system to

Scalability handle growth of users or work

Refers to the ability of a system or

service to handle more traffic (to scale)

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

The ability of a system to automatically

Elasticity grow and shrink based on app demand

Focuses on the ability of a system or

service to scale quickly to spikes in demand

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Key cloud computing characteristics
Characteristics common in cloud platforms and services

Rapid elasticity and scalability

Allows the customer to grow or shrink the IT footprint as necessary to
meet needs without excess capacity.
These two are related, but unique. What’s the difference?

Elasticity. The ability of a system to automatically grow and shrink

based on app demand.
Capabilities can be rapidly provisioned and de-provisioned
(scale-out, scale-in)
Additional instances quickly auto-deployed
Scalability. The ability of a system to handle growth of users or work.
Ability to grow as demand increases. Controlled by SKU or tier selection
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Focuses on the speed and ease of

Agility allocating and deallocating resources.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Focuses on the speed and ease of

allocating and deallocating resources.
Agility
This allows for vast amounts of computing
resources to be provisioned in minutes.
Example: Provisioning a scale set of 10 VMs

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
HIGH AVAILABILITY &
DISASTER RECOVERY
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Fault The ability of a system to handle

faults in a service like power,
Tolerance
network, or hardware failures

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Fault Generally, refers to component-

Tolerance level failures

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

High The ability to keep services up and

Availability running for long periods of time.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

High Generally, refers to service-level

Availability failures

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Disaster The ability to recover from an event

Recovery which has taken down a cloud service.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Disaster Generally, focuses on recovery in the

Recovery event of a service or site failure.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

The ability of a system to recover from

Reliability
failures and continue to function.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Reliability consists of two principles:

Reliability resiliency and availability.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Reliability consists of two principles:

resiliency and availability.
Reliability
Resiliency aims to return an application to a
fully functioning state after a failure occurs.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Reliability consists of two principles:

resiliency and availability.
Resiliency aims to return an application to a
Reliability fully functioning state after a failure occurs.
The goal of availability is to provide
consistent access to your application.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Azure enables solutions with predictable

Predictability cost and performance.

The level of service and performance and

the associated cost are known in advance!

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Protection of customer data

(access control, encryption)
Security Protection of cloud applications
Protection of cloud infrastructure

All models have built-in DDoS protection from Azure DDoS

IaaS gives the customer more control versus PaaS and SaaS,
but also places more security responsibility on the customer.
Describe azure network security

Standard tier provides enhanced DDoS mitigation

features to defend against DDoS attacks.
Azure DDoS
Describe azure network security

Standard tier provides enhanced DDoS mitigation

features to defend against DDoS attacks.

Azure DDoS Also includes logging, alerting, and telemetry not

included in the free Basic tier present by default.
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

The ability
A set of aand
of rules system to that guide an
policies
Governance organization’s
handle growth of cloud operations
users or work
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

A set of rules and policies that guide an

organization’s cloud operations
The ability of a system to
Governance handle growth of users or work
To ensure data security, manage risk,
control costs, and improve efficiency

The guidance and guardrails that ensure we’re as

secure, consistent, and efficient as possible
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

The ability
Cloud of a system
features to
are designed to
Governance handle growth
support of users and
governance or work
compliance
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Cloud features are designed to

support governance and compliance
The ability of a system to
Governance Deployment
handle growth of templates
users or help
workensure
deployed resources meet corporate
standards and regulatory requirements.

Depending on the model, software updates may be applied by

the cloud provider, which helps with governance and security.
Cloud Adoption
Framework
Guidance designed to help you create and
implement the business and technology
strategies to succeed in Azure
Includes governance framework based on “Five disciplines of cloud governance”
describe CLOUD CONCEPTS
1.2 Describe the benefits of using cloud services

Protection of customer data

Security (access control, encryption)

Protection of cloud applications
Protection of cloud infrastructure
The “WHAT” and “WHO” of security

The Shared Responsibility Model explains who is

responsible for security in each model and scenario.
describe CLOUD CONCEPTS

There are two aspects of

Manageability
OF THE CLOUD
manageability for the cloud:

WHAT and HOW

describe CLOUD CONCEPTS

Automatically scale resource

deployment based on need.
Deploy resources based on a
preconfigured template.
Manageability
IN THE CLOUD
Monitor the health of resources and
OF THE CLOUD automatically replace failing resources.
Receive automatic alerts based on
Answers WHAT configured metrics.
describe CLOUD CONCEPTS

Speaks to how you’re able to manage

your cloud environment and resources:
Through a web portal
Manageability Using a command line interface
IN THE CLOUD Using APIs
Using PowerShell
Speaks to HOW
DOMAIN 1: Describe cloud computing
❖ Describe infrastructure as a service (IaaS)
❖ Describe platform as a service (PaaS)
❖ Describe software as a service (SaaS)
❖ Identify appropriate use cases for each
cloud service (IaaS, PaaS, and SaaS)

A walkthrough of the “Shared responsibility Model”

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
CLOUD MODELS & SERVICES - IAAS

Applications Applications
Data Data
Runtime Runtime CSP provides building blocks, like
Middleware Middleware networking, storage and compute
OS OS
Virtualization Virtualization CSP manages staff, HW, and
Servers Servers
datacenter
Storage Storage
Networking Networking

On-premises IaaS

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
CLOUD MODELS & SERVICES - IAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure Virtual Amazon EC2 GCP Compute
Storage Storage Machines Engine
Networking Networking

On-premises IaaS

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
iaaS Use cases When to use virtual machines?

During testing and development. VMs provide a quick and easy way to create
different OS and application configurations.
Test and dev teams can easily deploy and then delete the VMs when they no
longer need them.
When running applications in the cloud. Can provide technical and financial
benefits, as when an application might need to handle fluctuations in demand.
Shutting down VMs when you don't need them or quickly starting them up to
meet a sudden increase in demand means you pay only for resources you use.
When extending your datacenter to the cloud. Can extend the capabilities of
its own on-premises network by creating a virtual network in Azure and adding
VMs to that virtual network.
Makes it easier/less expensive to deploy than on-premises.

During disaster recovery. Enables significant cost savings by using an IaaS-

based approach to disaster recovery.
Enables push button, automated VM spin up and shutdown in a disaster.
CLOUD MODELS & SERVICES - PAAS

Applications Applications
Data Data
Runtime Runtime Customer is responsible for
Middleware Middleware deployment and management of apps
OS OS
Virtualization Virtualization CSP manages provisioning,
Servers Servers
configuration, hardware, and OS
Storage Storage
Networking Networking

On-premises PaaS

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
CLOUD MODELS & SERVICES - PAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure SQL API Azure App
Storage Storage Database Management Service
Networking Networking

On-premises PaaS

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
paaS Use cases When to use PaaS services?

Development framework
PaaS provides a framework that developers can build upon to develop or
customize cloud-based applications.
PaaS lets developers create applications using built-in software components.
Cloud features such as scalability, high-availability, and multi-tenant capability
are included, reducing the amount of coding that developers must do.
BOTTOM LINE: Reduces developer effort and increases solution quality
Analytics or business intelligence
Tools provided as a service with PaaS allow organizations to analyze and mine
their data, finding insights and patterns and predicting outcomes
Improves forecasting, product design decisions, investment returns, and other
business decisions.

BOTTOM LINE: Simplifies data analysis and improves business outcomes

CLOUD MODELS & SERVICES - SAAS

Applications Applications Customer has some responsibility in

Data Data access management and data recovery
Runtime Runtime
Middleware Middleware Customer just configures features.
OS OS
Virtualization Virtualization CSP is responsible for management,
Servers Servers
operation, and service availability.
Storage Storage
Networking Networking

On-premises SaaS

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
CLOUD MODELS & SERVICES - SAAS

Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers
Storage Storage
Networking Networking

On-premises SaaS

For free cybersecurity exam prep content, follow Inside Cloud and Security on Youtube!
saaS Use cases When to use SaaS services?

Common SaaS use cases include:

Email and messaging
Business productivity applications
Finance and expense tracking

BOTTOM LINE: These are important utility

functions not core to the company’s purpose.

SaaS enables companies to securely and reliably outsource a

variety of functions so they can focus on revenue generation.
Exam DOMAINS for az-900
01 Describe Cloud Concepts

02 Describe Azure Architecture and Services

03 Describe Azure Management and Governance

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
02 Describe Azure Architecture and Services

2.1 Describe the core architectural components of Azure

2.2 Describe Azure compute and networking services
2.3 Describe Azure storage services
2.4 Describe Azure identity, access, and security

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 2: Azure architecture & services
Describe Azure regions, region pairs, and sovereign regions
❖ …Availability Zones
❖ …Datacenters
❖ …Resources and Resource Groups
❖ …Subscriptions
❖ …Management Groups
❖ …Resource hierarchy

2.1 Describe the core architectural components

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe core architecture components

A discrete market, typically containing

two or more regions, that preserves data
Azure residency and compliance boundaries
Geography
Describe core architecture components
Geographies
Describe core architecture components

A set of datacenters deployed within a

latency-defined perimeter and connected
through a dedicated regional low-latency
Azure
network.
Regions
Describe core architecture components
REGIONS
Describe core architecture components

operated by special trustees

Azure Special regions that you might need to

Sovereign for compliance or legal purposes:
Regions Government (Fed govt, DoD), China

physical and logical isolation

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Az-900 EXAM CRAM
THE COMPLETE COURSE

A look at available
Azure geographies
Describe core architecture components

A relationship between 2 Azure Regions

within the same geographic region for
Region Pairs disaster recovery purposes.
Describe core architecture components
Region Pairs
chosen by Microsoft

300+ miles
Describe core architecture components

Management Subscriptions
Groups

Resources
Resource
Groups
Describe core architecture components
Management
Groups

Subscriptions

Resource
Groups

Groups a common resource lifecycle.
Describe core architecture components

An entity managed by Azure, like

a virtual machine, virtual network, or
Resources storage account.
Az-900 EXAM CRAM
THE COMPLETE COURSE

A look at a resource
group (for an Azure VM)
Describe core architecture components
Management Group

Can be used to aggregate policy and

initiative assignments via Azure Policy

Can contain multiple subscriptions

All new subscriptions will be placed under

the root management group by default
Describe core architecture components
Management Group

Subscriptions

Are a unit of management, billing, and scale

within Azure.

Serve as a management boundary for assigning

Azure policies, governance, and isolation.
Describe core architecture components
Management Group

Subscriptions

Resource Groups

A container that holds for

resources with a common lifecycle
Describe core architecture components
Management Group

Subscriptions

Resource Groups

Resources
Describe core architecture components
Zone redundant

Availability Zones
Unique physical locations within
a region with independent
power, network, and cooling

Comprised of one or more

datacenters

Tolerant to datacenter failures

via redundancy and isolation
Describe core architecture components
Physical buildings that contain thousands of servers
and other hardware to provide cloud computing
services.

Azure datacenters are located all over the world

and are organized into regions.
Azure
Datacenters Designed to be secure, reliable, and efficient,
leveraging economies of scale, multi-tenant.

Consists of multiple physical buildings, redundant power, ISPs, etc.

DOMAIN 2: Azure architecture & services
❖ Compare compute types, including containers, virtual
machines, and functions
❖ Describe virtual machine options, including Azure virtual
machines, Azure Virtual Machine Scale Sets, availability sets,
and Azure Virtual Desktop
❖ Describe the resources required for virtual machines
❖ Describe application hosting options, including web apps,
containers, and virtual machines

2.2 Describe Azure compute and networking services

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 2: Azure architecture & services
❖ Describe virtual networking, including the purpose of
Azure virtual networks, Azure virtual subnets, peering,
Azure DNS, Azure VPN Gateway, and ExpressRoute
❖ Define public and private endpoints

Hybrid cloud connectivity

2.2 Describe Azure compute and networking services

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Compare Compute types – VM options

Azure VMs Azure Kubernetes Azure Container

Services (AKS) Instance (ACI)

Azure Container Azure Virtual

Apps Desktop
Compare Compute types – VM options

Server virtualization (compute)

on-demand without need for
Azure VMs hardware purchase
Compare Compute types – VM options
Allow you to create and manage a group of
identical, load-balanced VMs.
Virtual machine
The number of VM instances can automatically
scale sets increase or decrease in response to demand or
based on a schedule.

Focus = scale (scalability, capacity)

Help build a more resilient, highly available

Virtual machine
environment by staggering VM updates and
availability sets ensuring varied power and network connectivity.

Focus = resiliency (availability)

Compare Compute types – VM options
Allows you to create and manage a group of
identical, load-balanced VMs.
Virtual machine
The number of VM instances can automatically
scale sets increase or decrease in response to demand or
based on a schedule.

Focus = scale (capacity)

Virtual machine They do this through two mechanisms:

availability sets FAULT DOMAINS and UPDATE DOMAINS.

Focus = resiliency (availability)

VIRTUAL MACHINES AVAILABILITY SETS

Update Allows you to apply updates while knowing

that only one update domain grouping will
Domains be offline at a time.

Groups your VMs by common power source

Fault and network switch.
By default, an availability set will split your VMs
Domains across up to three fault domains.
Compare Compute types – VM options

A desktop and app virtualization

Azure Virtual
service that runs in Microsoft Azure
Desktop
Compare Compute types – VM options

A desktop and app virtualization

service that runs in Microsoft Azure

Azure Virtual Enable IT Pros and MSPs to create Windows

Desktop 10 & 11 virtual desktops in Azure

If a question mentions “Virtual Desktop Infrastructure (VDI),

Azure Virtual desktop is quite likely the answer!
Compare Compute types – VM options

Runs Docker containers on-demand in a

managed, serverless Azure environment.
Azure Container
Instance (ACI)
Compare Compute types – VM options

Runs Docker containers on-demand in a

managed, serverless Azure environment.

Azure Container A solution for any scenario that can operate

Instance (ACI) in isolated containers, without orchestration.
Compare Compute types – VM options

A hosted Kubernetes service, where

Azure handles critical tasks like health
Azure Kubernetes
monitoring and maintenance for you.
Services (AKS)
Compare Compute types – VM options

A hosted Kubernetes service, where

Azure handles critical tasks like health
monitoring and maintenance for you.
Azure Kubernetes You pay only for the agent nodes within
Services (AKS) your clusters, not for the masters (free tier)
For a financially backed SLA, you pay a few
Production
cents per hour for cluster management.
Vm resource requirements

Virtual Disk
Virtual Network (VNET)
Network Interface (Virtual NIC)
VM Resource
Network Security Group
Requirements
Public IP Address
Az-900 EXAM CRAM
THE COMPLETE COURSE

Create a VM in the
Azure Portal
App hosting options

An HTTP-based service for hosting

web applications, REST APIs, and
App Service mobile back ends.
App hosting options

Types of app service styles include

Web apps
API apps
App Service Web jobs
Mobile apps
App hosting options

Types of app service styles include

Web apps
Using ASP.NET, ASP.NET
API apps Core, Java, Ruby, Node.js,
PHP, or Python.
App Service Web jobs Run on Windows or Linux as
host OS.
Mobile apps
App hosting options

Types of app service styles include

Web apps
Build REST-based web APIs
API apps by using your choice of
language and framework.
App Service Web jobs Full Swagger support and
publish to Azure Marketplace.
Mobile apps
App hosting options

Types of app service styles include

Web apps
Run a program (.exe, Java, PHP,
API apps Python, or Node.js) or script
(.cmd, .bat, PowerShell, or Bash)
App Service Web jobs in the same context as a web
app, API app, or mobile app.
Mobile apps
App hosting options

Types of app service styles include

Web apps
Can be scheduled or run by a
API apps trigger.
Often used to run background
App Service Web jobs tasks as part of your application
logic.
Mobile apps
App hosting options

Types of app service styles include

Web apps
Used to quickly build a back end
API apps for iOS and Android apps.
Enables auth with social identity
App Service Web jobs providers, send push notifications,
and execute backend logic.
Mobile apps
describe core services in azure - NETWORK

Virtual Network Virtual Subnet VPN Gateway

VNET Peering ExpressRoute

describe core services in azure

A logical representation of
your network in Azure.
Virtual Network
VNET
A VNET contains one or more SUBNETS
describe core services in azure

A logical representation of
your network in Azure.

VNET to create sub-networks
✓ Allows Azure resource deployment
Virtual Subnet into a specific subnet
✓ Can affect outbound access and
routing traffic between resources
describe core services in azure

site-to-site VPN traffic traverses the Internet

A virtual network gateway that sends

encrypted traffic between an Azure VNET and
an on-premises location over the Internet
VPN Gateway

Core component of “hybrid cloud”

describe core services in azure

Enables seamless connection of two

or more Virtual Networks in Azure
VNET Peering
describe core services in azure

Enables seamless connection of two

or more Virtual Networks in Azure
The two networks function as one
VNET Peering
in terms of connectivity
REMEMBER:
Resources different VNETS cannot communicate by default!
describe core services in azure

Extends your on-premises networks into

Azure over a private connection with
ExpressRoute the help of a connectivity provider

traffic does NOT traverse the Internet

describe core services in azure

a hosting service for DNS domains that

provides name resolution by using
Azure DNS Microsoft Azure infrastructure.

Can provide internal and external DNS

Define private and public endpoints

Service Endpoint Private Endpoint

Provides a way to lock down Grants access to a specific instance
access to all instances of a PaaS (resource) of a PaaS service in your VNET
service to a VNET on a private IP address

Accessible from Enables access from on

public Internet premises without public endpoint
Connectivity example
Azure VNET

VNET
Peering

Azure
Private Endpoint Storage
10.10.6.5

Subnet A Subnet B
site-to-site 10.10.5.0/24 10.10.6.0/24
VPN

Virtual Network 10.10.0.0/16

On-premises
network
Describe azure network security

Defense Azure
in-Depth Firewall

Network Azure
Security Group DDoS
Describe azure network security

A layered (defense in depth) approach that

does not rely on one method to completely
Defense protect your environment.
in-Depth
Describe azure network security

Contains security rules that allow or deny

inbound network traffic to, or outbound network
Network traffic from, several types of Azure resources.
Security Group
Describe azure network security

Contains security rules that allow or deny

inbound network traffic to, or outbound network
traffic from, several types of Azure resources.
Network For each rule, you can specify source and
Security Group destination port and protocol.
Describe azure network security

Contains security rules that allow or deny

inbound network traffic to, or outbound network
traffic from, several types of Azure resources.

For each rule, you can specify source and

Network
destination port and protocol.
Security Group
Can be applied to a subnet or network adapter
Az-900 EXAM CRAM
THE COMPLETE COURSE

Tour of Network Security

Groups (NSGs) in Azure
Describe azure network security

A managed, cloud-based network security

service that protects your Azure Virtual
Azure Network resources.
Firewall
Describe azure network security

A managed, cloud-based network security

service that protects your Azure Virtual
Network resources.

Azure It's a fully stateful firewall as a service with

Firewall built-in high availability and unrestricted
cloud scalability.
Describe azure network security

Standard tier provides enhanced DDoS mitigation

features to defend against DDoS attacks.
Azure DDoS
Describe azure network security

Standard tier provides enhanced DDoS mitigation

features to defend against DDoS attacks.

Azure DDoS Also includes logging, alerting, and telemetry not

included in the free Basic tier present by default.
DOMAIN 2: Describe core azure services
❖ Compare Azure Storage services
❖ Describe storage tiers
❖ Describe redundancy options
❖ Describe storage account options and storage types
❖ Identify options for moving files, including AzCopy, Azure
Storage Explorer, and Azure File Sync
❖ Describe migration options, including Azure Migrate and
Azure Data Box

2.3 Describe Azure storage services

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Compare Azure Storage services

Blob Storage Disk Storage

File Storage Storage Tiers

Compare Azure Storage services

Storage optimized for storing massive

amounts of unstructured data
Blob Storage
Data types

Unstructured Images, video files, social media posts

Data that cannot be contained in a row-column database and does
not have an associated data model.

Structured Excel, MSSQL, MySQL, PostgreSQL

Data contained in rows and columns, such as an Excel spreadsheet
or relational database.

These terms are not explicitly tested on the exam, but

that you should know for storage-related questions!
Compare Azure Storage services

Storage optimized for storing massive

amounts of unstructured data
Blob Storage
Compare Azure Storage services

Fully managed file shares in

Azure accessible via SMB or NFS
File Storage
Compare Azure Storage services

Azure managed disks are block-level

storage volumes that are managed
Disk Storage by Azure and used with Azure VMs
Compare Azure Storage services

Table Storage Queue Storage

Compare Azure Storage services

A service that stores structured

NoSQL data in Azure, including a
Table Storage schemaless key/attribute store
Compare Azure Storage services

A service for storing large numbers of

messages, accessible from anywhere
Queue Storage via authenticated HTTP or HTTPS calls
Describe storage tiers

Azure storage hot, cool, cold and

archive access tiers to store blob
Storage Tiers object data in a cost-effective manner

Use lifecycle management policies to automate tiers

Describe storage tiers
HIGHER

Hot

STORAGE COST
Cool

Cold

Archive
LOWER
Describe storage tiers
HIGH

Hot Highest storage costs, but the lowest access costs.

An online tier optimized for storing data that is accessed or modified frequently.
Describe storage tiers
Archive Should be stored a minimum of 180 days
An offline tier optimized for storing data that is rarely accessed, and that has
flexible latency requirements, on the order of hours.

Cold Should be stored a minimum of 90 days

An online tier optimized for storing data that is rarely accessed or modified, but still
requires fast retrieval.

Cool Should be stored a minimum of 30 days

An online tier optimized for storing data that is infrequently accessed or modified.

Hot
An online tier optimized for storing data that is accessed or modified frequently.
Describe storage redundancy options
Four options you should know for the exam

LRS Copies your data synchronously three times within

LOCALLY REDUNDANT a single physical location in the primary region.
STORAGE

ZRS Copies your data synchronously across three

ZONE REDUNDANT Azure availability zones in the primary region.
STORAGE

With LRS and ZRS, redundancy is limited to the primary region only!
Describe storage redundancy options
Four options you should know for the exam

Copies your data synchronously three times within a

GRS single physical location in the primary region using LRS.
GEO-REDUNDANT It then copies it asynchronously to a single physical
STORAGE
location in the secondary region. 3 copies using LRS

Copies your data synchronously three times within the

GZRS primary region using ZRS.
GEO-ZONE It then copies it asynchronously to a single physical
REDUNDANT STORAGE location in the secondary region.
Recommended by MSFT for apps requiring high availability

With GRS and GZRS, redundancy is extended to the secondary region!

Az-900 EXAM CRAM
THE COMPLETE COURSE

Azure Storage Security &

Redundancy Features
Azure file movement options
AzCopy
A command-line utility that you can use to copy blobs or files to or
from your storage account.

Azure Storage Explorer

A standalone app that provides a graphical interface to manage files
and blobs in your Azure Storage Account.
Supports file and blob upload, download, or move between accounts
Azure File Sync
A tool that lets you centralize your file shares in Azure Files and keep
the flexibility, performance, and compatibility of a Windows file server.
Once installed on a local Windows servers, it will automatically stay
bi-directionally synced with your files in Azure.
Azure migration options

A service that provides a simplified migration,

modernization, and optimization for Azure.
Azure
Migrate
Azure migration options

A service that provides a simplified migration,

modernization, and optimization for Azure.
Includes all pre-migration steps such as
Azure discovery, assessments, and right-sizing.
Migrate
It is a hub of services and tools designed to detect, analyze
and facilitate the migration of any type of workload to Azure.
Azure migration options

A cloud solution that lets you send

terabytes of data into and out of Azure in a
Azure Data quick, inexpensive, and reliable fashion.
Box
Azure migration options

A cloud solution that lets you send

terabytes of data into and out of Azure in a
quick, inexpensive, and reliable fashion.
Azure Data Customers are shipped a proprietary Data
Box Box storage device.

Ideally suited to transfer data sizes larger than 40 TBs

In scenarios with limited or no network connectivity
DOMAIN 2: Describe core azure services
❖ Describe directory services in Azure, including Microsoft
Entra ID and Microsoft Entra Domain Services
❖ Describe authentication methods in Azure, including single
sign-on (SSO), multi-factor authentication (MFA), and
passwordless
❖ Describe external identities in Azure, including business-to-
business (B2B) and business-to-customer (B2C)

2.4 Describe Azure identity, access, and security

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 2: Describe core azure services
❖ Describe Conditional Access in Entra ID
❖ Describe Azure role-based access control (RBAC)
❖ Describe the concept of Zero Trust
❖ Describe the purpose of the defense-in-depth model
❖ Describe the purpose of Microsoft Defender for Cloud

Azure AD has been renamed to Entra ID

2.4 Describe Azure identity, access, and security

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
identify core azure identity services

Authentication (AuthN) is the process of

AuthN and proving that you are who you say you are.
AuthZ
identify core azure identity services

Identity

Authentication (AuthN) is the process of

proving that you are who you say you are.
Authorization (AuthZ) is the act of granting an
AuthN and
authenticated party permission to do something.
AuthZ
Access
identify core azure identity services

Entra is Microsoft’s cloud-based identity

and access management service….
Entra ID
identify core azure identity services

…which helps your employees sign in and

Entra ID access resources, including:
identify core azure identity services

…which helps your employees sign in and

access resources, including:

Entra ID Internal resources, such as apps on your

corporate network or custom cloud apps
identify core azure identity services

…which helps your employees sign in and

access resources, including:
Internal resources, such as apps on your
corporate network or custom cloud apps
Entra ID
External resources, such as Microsoft 365,
the Azure portal, and many SaaS apps
Az-900 EXAM CRAM
THE COMPLETE COURSE

Entra ID (Azure AD)

User and Groups
Authentication methods in azure

Single Sign- Conditional

on (SSO) MFA Access
Authentication methods in azure

Single sign-on means a user doesn't have

to sign into every application they use.
Single Sign-
on (SSO)
Authentication methods in azure

Single sign-on means a user doesn't have

to sign into every application they use.

Single Sign- The user logs in once and that credential is

used for multiple apps.
on (SSO)
Authentication methods in azure

Single sign-on means a user doesn't have

to sign into every application they use.
The user logs in once and that credential is
used for multiple apps.
Single Sign-
on (SSO) Single sign-on based authentication systems
are often called "modern authentication".
Authentication methods in azure

MFA in Entra ID works by requiring

two or more of the following
authentication methods:
MFA
Authentication methods in azure

Something you know (pin or password)

Something you have (trusted device)
Something you are (biometric)
MFA
Authentication methods

Password Password and… Password and… Password and…

Microsoft
Password1 SMS Windows Hello
Authenticator App
123456
Software OATH Microsoft
Voice
Tokens OTP Authenticator
qwerty
Hardware OATH
FIDO2 Security Key
Tokens OTP
MICROSOFT AUTHENTICATOR APP
Microsoft Authenticator app
Authenticator App: Use cases and availability
The Microsoft Authenticator app can be used as a primary form
of authentication to sign into any Entra ID account.
Can also be used as an additional verification option during
self-service password reset (SSPR) or Entra ID MFA events.
To use Microsoft Authenticator, a user must download the
phone app and register their account.

The app is available for Android and iOS.

Additional verification = 2nd factor of authentication

OATH TOKENS
What is an OATH token and how does it work?
OATH (Open Authentication) is an open standard that specifies how
time-based, one-time password (TOTP) codes are generated.
Software OATH tokens EXAMPLE: Microsoft Authenticator App
Are typically applications. Entra ID generates the secret key, or seed,
that's input into the app and used to generate each OTP.
Hardware OATH tokens
Small hardware devices that look like a key fob that displays a code
that refreshes every 30 or 60 seconds, with secret key/seed pre-
programmed.
AUTHENTICATION METHODS

Password Password and… Password and… Passwordless

Microsoft
Password1 SMS Windows Hello
Authenticator App
123456
Software OATH Microsoft
Voice
Tokens OTP Authenticator App
qwerty
Hardware OATH
FIDO2 Security Key
Tokens OTP
Fido2/PASSWORDLESS

What is FIDO2 and how does it work?

Uses public-key (asymmetric) cryptography for user
authentication
User has a physical device (USB or NFC)
Authentication sequence

Use FIDO2 key to Service verifies

Provide Cryptographic
sign challenge response and
username challenge
grants access
Windows Hello for Business
An authentication feature built into Windows 10, replaces passwords
with strong two-factor authentication on PCs and mobile devices.

Allows users authenticate to: Passwordless

– A Microsoft account
– An Active Directory account
– An Entra ID account

Hello for – Identity Provider Services OR

Business – Relying party services that support Fast ID

Online (FIDO) v2.0 authentication

Windows Hello is for personal devices and Windows Hello for Business leverages key-
uses a pin or biometric gesture based or certificate-based authentication
Windows hello for business

Solves the following problems

• Strong passwords can be difficult to remember, and
users often reuse passwords on multiple sites.
• Server breaches can expose symmetric network
credentials (passwords).
• Passwords are subject to replay attacks.
• Users can inadvertently expose their passwords due
to phishing attacks.
Authentication Methods
BAD GOOD BETTER BEST

Password Password and… Password and… Passwordless

Microsoft
Password1 SMS Windows Hello
Authenticator App
123456
Software OATH Microsoft
Voice
Tokens OTP Authenticator App
qwerty
Hardware OATH
FIDO2 Security Key
Tokens OTP
Authentication method strength and security
Authentication
Security Usability Availability
Method
Windows Hello
for Business
High High High

Microsoft
Authenticator app
High High High

FIDO2 security
key (preview)
High High High
Authentication method strength and security
Authentication
Security Usability Availability
Method
hardware OATH
tokens (preview)
Medium Medium High

software OATH
tokens
Medium High Medium

SMS Medium High Medium

Voice Medium Medium Medium

Authentication method strength and security
Authentication
Security Usability Availability
Method

Password Low High High

External identities
B2B collaboration Supports Entra ID and social identities
Enable external users to use their preferred identity to sign into your Microsoft
or other enterprise applications (SaaS apps, custom-developed apps, etc.).

B2B direct connect Supports multiple two-way trusts

Establish a mutual, two-way trust with another Entra ID organization for
seamless collaboration.
Useful for heavy, daily collaboration with close business partners.

Business-to-Consumer (B2C) Supports Entra & social identities

Publish modern SaaS apps or custom-developed apps to consumers and
customers, while using Entra ID B2C for identity and access management.

Entra ID multi-tenant organization

Collaborate with multiple tenants in a single Entra ID organization via cross-
tenant synchronization.
Good for conglomerates, mergers, multi-cloud, dept/test/staging tenants
Entra id conditional access

Used by Entra ID to bring signals

together, to make decisions, and enforce
Conditional organizational policies
Access
Entra id conditional access

image credit: Microsoft

core azure identity services

Azure RBAC helps you manage:

who has access to Azure resources,
what they can do with those resources
Azure RBAC
which resources/areas they have access to

RBAC = Role Based Access Control

core azure identity services

Built on Azure Resource Manager and

provides fine-grained access
management of Azure resources.
Azure RBAC

one element of implementing “least privilege”

Describe core architecture components
Management Group

Subscriptions

Resource Groups

Resources
Zero trust
The three principles of Zero Trust
Verify explicitly
Always authenticate and authorize based on all available
data points.

Use least privilege access

Limit user access with Just-In-Time and Just-Enough-Access
(JIT/JEA), risk-based adaptive policies, and data protection.

Assume breach
Segment access to minimize blast radius
Verify end-to-end encryption and use analytics to get
visibility, drive threat detection, and improve defenses.
Traditional Architecture Zero Trust Architecture
Cloud mobile workforce
Services (WFH, BYOD)

Untrusted
Trusted Trusted

Trusted by
default

Network security perimeter Security based on identity,

Identities Apps Infrastructure

Devices Data Networks

Zero Trust Security
Infrastructure version, configuration, JIT access,
should be managed.
Telemetry should be used to detect anomalous
activity that may indicate attack.

Identities Apps Infrastructure

Devices Data Networks

Zero Trust Security
Networks should be segmented to limit data access
and reduce threat exposure.
Real-time threat protection, end-to-end encryption,
monitoring, and analytics should be employed.

Identities Apps Infrastructure

Devices Data Networks

Zero Trust Security
Notice the layered approach (“defense in
depth”) present in Zero Trust security?

Identities Apps Infrastructure

Devices Data Networks

Describe azure network security

A layered (defense in depth) approach that

does not rely on one method to completely
Defense protect your environment.
in-Depth
Defense in Depth

Physical Security
Identity and Access Management
Perimeter
Network
Devices/Compute
Applications

Data
Az-900 EXAM CRAM
THE COMPLETE COURSE

Entra ID (Azure AD)

Conditional Access
describe azure governance features

A unified infrastructure security management

system that strengthens the security posture of
your cloud and on-premises data centers.
Defender for
Cloud
describe azure governance features

A unified infrastructure security management

system that strengthens the security posture of
your cloud and on-premises data centers.

Defender for Provides security guidance for compute, data,

Cloud network, storage, app, and other services.
describe azure governance features

A unified infrastructure security management

system that strengthens the security posture of
your cloud and on-premises data centers.

Provides security guidance for compute, data,

network, storage, app, and other services.
Defender for
Includes support for both Azure and on-
Cloud premises workloads, as well as other public
clouds (AWS, GCP). Multi-cloud support
Az-900 EXAM CRAM
THE COMPLETE COURSE

Tour of Microsoft
Defender for Cloud
Exam DOMAINS for az-900
01 Describe Cloud Concepts

02 Describe Azure Architecture and Services

03 Describe Azure Management and Governance

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Exam DOMAINS for az-900
03 Describe Azure Management and Governance

3.1 Describe cost management in Azure

3.2 Describe features and tools in Azure for
governance and compliance
3.3 Describe features and tools for managing and
deploying Azure resources
3.4 Describe monitoring tools in Azure

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
DOMAIN 3: Describe COST Management in AZUre
❖ Describe factors that can affect costs in Azure
❖ Compare the pricing calculator and the Total
Cost of Ownership (TCO) Calculator
❖ Describe cost management capabilities in Azure
❖ Describe the purpose of tags

3.1 Describe cost management in Azure

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe FACTORS THAT CAN AFFECT COSTS

Factors that can affect Azure resource

costs include resource types, services,
Cost locations, ingress and egress traffic
Impacts
Describe FACTORS THAT CAN AFFECT COSTS

Factors that can reduce costs include

reserved instances, reserved capacity,
Reducing hybrid use benefit, spot pricing
Costs
Describe methods for planning and managing costs

Reserve virtual machines in advance and

Reserved
save up to 72 percent compared to PAYG
Instances pricing with 1-yr or 3-yr commitment

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe methods for planning and managing costs

discount is product-specific!

Reserved Achieve significant savings on Azure SQL

Database, Azure Cosmos DB and Azure
Capacity Synapse Analytics and Azure Cache for Redis

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe methods for planning and managing costs

Reserved Enables you to more easily manage costs across

predictable and variable workloads and help
Capacity optimize budgeting and forecasting.

also includes 1-year and 3-year options

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe methods for planning and managing costs

A licensing benefit that helps you to

Hybrid Use
significantly reduce the costs of running
Benefit your workloads in the cloud.

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe methods for planning and managing costs

Windows Server, SQL Server, Redhat and Suse Linux

Let’s you use your on-premises

Hybrid Use
Software Assurance-enabled Windows
Benefit Server and SQL Server licenses on Azure

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe methods for planning and managing costs
applies to Azure VMs only!

Access unused Azure compute capacity

Spot
at deep discounts—up to 90 percent
Pricing compared to pay-as-you-go prices

Use for workloads that can be interrupted without harm

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe methods for planning and managing costs

Interactive calculator that allows you to

estimate the expected monthly Azure costs.
Pricing
Calculator
Describe methods for planning and managing costs

BEFORE you deploy

Interactive calculator that allows you to

estimate the expected monthly Azure costs.
Pricing Choose regions, services, options, and SKUs.
Calculator
Describe methods for planning and managing costs

A tool that helps estimate cost savings you can

achieve by migrating application workloads to Azure.
TCO
Calculator
Describe methods for planning and managing costs

BEFORE you deploy

A tool that helps estimate cost savings you can

achieve by migrating application workloads to Azure.

Allows you to compare the TCO of different Azure

TCO services and regions and provides a detailed breakdown
Calculator of cost of components and potential savings.
Describe methods for planning and managing costs

AFTER you deploy

A suite of tools provided by Microsoft

that help you analyze, manage, and
Azure Cost optimize costs of your workloads.
Management
Describe methods for planning and managing costs

A name and a value pair used to logically

organize Azure resources, resource groups,
and subscriptions into a logical taxonomy.
Tags
Describe methods for planning and managing costs

Tags can be the basis for applying

business policies or tracking costs
Tags
Describe methods for planning and managing costs

Tags can be the basis for applying

business policies or tracking costs
You can also enforce tagging rules
Tags with Azure policies
Examples of common tags include owner,
cost center, app/service, and environment
DOMAIN 3: Describe core solutions & TooLS
❖ Describe the purpose of Microsoft Purview in
Azure
❖ Describe the purpose of Azure Policy
❖ Describe the purpose of resource locks

3.2 Describe features and tools in Azure for

governance and compliance

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe azure governance features

A unified data governance service that

helps organizations manage and govern their
Microsoft on-premises, multi-cloud, and SaaS data.
Purview
describe azure governance features

A unified data governance service that

helps organizations manage and govern their
on-premises, multi-cloud, and SaaS data.

Microsoft Automates data discovery by providing data

Purview scanning and classification for assets across
the organization's data estate.
BASICS OF AZURE
GOVERNANCE
cloud governance

Policy Initiative Blueprint

Policy Initiative Blueprint

Often used in the same sentence as the
phrase “new environments”

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
describe azure governance features

Prevent other users in your organization

from accidentally deleting or modifying
Resource critical resources.
Locks
describe azure governance features

Prevent other users in your organization

from accidentally deleting or modifying
critical resources.
Resource
The lock overrides any permissions the
Locks
user might have.
DOMAIN 3: Describe core solutions & TooLS
❖ Describe the Azure portal
❖ Describe Azure Cloud Shell, including Azure
Command-Line Interface (CLI) and Azure PowerShell
❖ Describe the purpose of Azure Arc
❖ Describe infrastructure as code (IaC)
❖ Describe Azure Resource Manager (ARM) and ARM
templates

3.3 Describe features and tools for managing

and deploying Azure resources

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe azure management tools

Azure Azure Azure CLI

Portal PowerShell

Azure Cloud Azure Mobile

Shell App
describe core SOLUTIONS in azure

A web-based, unified console where you

can manage your Azure subscription using a
Azure graphical user interface.
Portal
describe core SOLUTIONS in azure

An interactive, authenticated, browser-

accessible shell for managing Azure resources.
Azure Cloud
Shell
describe core SOLUTIONS in azure

An interactive, authenticated, browser-

accessible shell for managing Azure resources.

It includes both Bash and PowerShell options

Azure Cloud
Shell
describe core SOLUTIONS in azure

A set of cmdlets for managing Azure

resources directly from the PowerShell
Azure command line.
PowerShell

MSFT provides Azure-specific modules and cmdlets

describe core SOLUTIONS in azure

App for iOS and Android that enables

managing, tracking health and status, and
Azure Mobile troubleshooting your Azure resources
App
describe core SOLUTIONS in azure

The Azure command-line interface (Azure

CLI) is a set of commands used to create and
manage Azure resources.
Azure CLI
describe core SOLUTIONS in azure

The Azure command-line interface (Azure

CLI) is a set of commands used to create and
manage Azure resources.

Azure CLI Available on Windows, macOS, and Linux,

Docker, and Azure Cloud Shell.
Az-900 EXAM CRAM
THE COMPLETE COURSE

Introduction to the
Azure Cloud Shell
describe AZURE MANAGEMENT features and tools

A JavaScript Object Notation (JSON) file that

defines the infrastructure and configuration for
ARM your project.
Templates
describe AZURE MANAGEMENT features and tools

A JavaScript Object Notation (JSON) file that

defines the infrastructure and configuration for
your project.
Templates use declarative syntax and are
ARM idempotent, which means you can deploy
Templates many times and get same resources and state.

Used in deployment automation in infrastructure as code

Describe the purpose of Azure Arc
A platform that extends Azure services to run applications
across datacenters, edge, and multi-cloud environments.

Provides a consistent development, operations,

and security model to run applications on new
and existing hardware.
Azure Arc
Describe the purpose of Azure Arc
A platform that extends Azure services to run applications
across datacenters, edge, and multi-cloud environments.

Provides a consistent development, operations,

and security model to run applications on new
and existing hardware.

Simplifies governance and management by

Azure Arc delivering a consistent multi-cloud and
on-premises management platform.

Extends ARM capabilities to Linux and Windows servers, as well as Kubernetes

clusters on any infrastructure across on-premises, multi-cloud, and the edge.
describe AZURE MANAGEMENT features and tools
What is Azure Resource Manager?

Azure Resource Manager (ARM) is the

deployment and management service for Azure.

It provides a management layer that enables

Azure Resource you to create, update, and delete resources in
Manager your Azure account.
Infrastructure as code
is the management of infrastructure (networks,
VMs, load balancers, and connection topology)
described in code

IaC just as the same source code generates the same

Infrastructure binary, code in the IaC model results in the same
environment every time it is applied.
as Code
IaC is a key DevOps practice and is used in
conjunction with continuous integration and
continuous delivery (CI/CD).

IaC, CI/CD, DevOps, and DevSecOps are part of daily life in the cloud!
DOMAIN 3: Describe core solutions & TooLS
❖ Describe the purpose of Azure Advisor
❖ Describe Azure Service Health
❖ Describe Azure Monitor, including Log Analytics,
Azure Monitor alerts, and Application Insights

3.4 Describe monitoring tools in Azure

For more exam prep and Azure tutorials, follow us on Youtube at https://bit.ly/azurevideos
Describe azure management tools

Scans your Azure configuration and

recommends changes to optimize deployments,
increase security, and save you money.
Azure Advisor
Describe azure management tools

Scans your Azure configuration and

recommends changes to optimize deployments,
increase security, and save you money.
Analyzes the configuration of the resource
Azure Advisor deployed in the Azure subscriptions

high availability, security, performance, costs

Describe azure management tools

A service that collects monitoring telemetry

from a variety of on-premises and Azure sources.

Azure Monitor
Describe azure management tools

A service that collects monitoring telemetry

from a variety of on-premises and Azure sources.

Can monitor resources like app, VMs, guest OS,

Azure Monitor containers, DBs, security, and network events
Describe azure management tools

A service that collects monitoring telemetry

from a variety of on-premises and Azure sources.

Can monitor resources like app, VMs, guest OS,

containers, DBs, security, and network events
Azure Monitor Azure Monitor aggregates and stores this
telemetry in an Azure Log Analytics instance

backend data store

Describe azure management tools

A proactive way to detect and address issues

before they become critical.

You can create alerts on any metric or log data

source in the Azure Monitor data platform.
Azure Monitor Types include metric, log, activity, service health,
Alerts resource health, smart detection, and Prometheus.

e.g. Azure Functions or Azure Automation runbooks

View alerts in the portal, send notifications, or initiate automated responses

Describe azure management tools

An extension of Azure Monitor and provides

application performance monitoring (APM) features.

Application Monitors the availability, performance, and usage

of your web applications.
Insights

Enables proactive understanding of app performance and

reactive review of app execution to determine root cause
Describe azure management tools

Notifies you about Azure service incidents

and planned maintenance so you can take
Azure Service action to mitigate downtime.
Health
Az-900 EXAM CRAM
THE COMPLETE COURSE

A brief introduction to
Azure Log Analytics
BONUS
to assess your readiness
FREE PRACTICE
questions
for the AZ-900 exam
INSIDE CLOUD

THANKS
F O R W A T C H I N G!

AZ 305 Designing Microsoft Azure Infrastructure Solutions
100% (10)
AZ 305 Designing Microsoft Azure Infrastructure Solutions
278 pages
AZ 104 Microsoft Azure Administrator
100% (8)
AZ 104 Microsoft Azure Administrator
431 pages
AZ-500 Book PDF
67% (3)
AZ-500 Book PDF
253 pages
Azure AZ-305 Exam Prep Latest
100% (9)
Azure AZ-305 Exam Prep Latest
69 pages
Microsoft Azure Fundamentals Exam Ref AZ-900
100% (7)
Microsoft Azure Fundamentals Exam Ref AZ-900
152 pages
AZ 900 Exam PDF
40% (5)
AZ 900 Exam PDF
7 pages
AZ-900 Cheatsheet
100% (13)
AZ-900 Cheatsheet
22 pages
Azure Microsoft Azure Administrator (AZ-104) Practice Tests
100% (5)
Azure Microsoft Azure Administrator (AZ-104) Practice Tests
163 pages
AZ-900 Slides - 5th May
100% (1)
AZ-900 Slides - 5th May
285 pages
Microsoft EXAM CRAM AZ-900 Azure Fundamentals
100% (2)
Microsoft EXAM CRAM AZ-900 Azure Fundamentals
203 pages
AZ 900.prepaway - Premium.exam.230q
100% (1)
AZ 900.prepaway - Premium.exam.230q
185 pages
Az-900 Dump - Most Important Questions: Datawolfs
No ratings yet
Az-900 Dump - Most Important Questions: Datawolfs
186 pages
Exam Ref AZ 305 Designing Microsoft Azure Infrastructure Sol 2023
100% (2)
Exam Ref AZ 305 Designing Microsoft Azure Infrastructure Sol 2023
285 pages
PRACTICE TEST - AZURE Fundamentals (AZ-900) - PASS in FIRST Attempt
83% (6)
PRACTICE TEST - AZURE Fundamentals (AZ-900) - PASS in FIRST Attempt
314 pages
AZ-900 Exam Study Guide (Microsoft Azure Fundamentals)
No ratings yet
AZ-900 Exam Study Guide (Microsoft Azure Fundamentals)
32 pages
Microsoft Azure AZ-900 Exam Dumps With P PDF
0% (1)
Microsoft Azure AZ-900 Exam Dumps With P PDF
3 pages
Az-305 V5
No ratings yet
Az-305 V5
167 pages
AZ 104T00A ENU PowerPoint - 02
No ratings yet
AZ 104T00A ENU PowerPoint - 02
39 pages
Az 400t00a Enu Powerpoint
100% (1)
Az 400t00a Enu Powerpoint
674 pages
3.1 All Slides AZ900
No ratings yet
3.1 All Slides AZ900
254 pages
Final Report FYP 12 Aug
No ratings yet
Final Report FYP 12 Aug
184 pages
AZ-900 Exam Prep Downloadable Slide Deck
100% (6)
AZ-900 Exam Prep Downloadable Slide Deck
453 pages
Microsoft - Azure 900 Premium
100% (6)
Microsoft - Azure 900 Premium
177 pages
AZ-900 Exam - All You Need To Know
No ratings yet
AZ-900 Exam - All You Need To Know
9 pages
AZ-900 Practice Questions
33% (3)
AZ-900 Practice Questions
11 pages
AZ-900 Full Summary
No ratings yet
AZ-900 Full Summary
52 pages
AZ-304 Exam - Free Actual Q&as, Page 1 - ExamTopics
No ratings yet
AZ-304 Exam - Free Actual Q&as, Page 1 - ExamTopics
215 pages
AZ 900 Dump
No ratings yet
AZ 900 Dump
172 pages
Microsoft AZURE® AZ-104 Administrator Practice Tests
From Everand
Microsoft AZURE® AZ-104 Administrator Practice Tests
iCertify Training
No ratings yet
Microsoft Azure Security Technologies (AZ-500) - A Certification Guide: Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices
From Everand
Microsoft Azure Security Technologies (AZ-500) - A Certification Guide: Get qualified to secure Azure AD, Network, Compute, Storage and Data services through Security Center, Sentinel and other Azure security best practices
Jayant Sharma
No ratings yet
AZ 900T01 A Microsoft Azure Fundamentals
100% (2)
AZ 900T01 A Microsoft Azure Fundamentals
203 pages
Az 900
No ratings yet
Az 900
15 pages
Az 900
No ratings yet
Az 900
16 pages
Zacker C Exam Ref MS 900 Microsoft 365 Fundamentals 2ed 2023
No ratings yet
Zacker C Exam Ref MS 900 Microsoft 365 Fundamentals 2ed 2023
492 pages
AZ900-With Comments
No ratings yet
AZ900-With Comments
442 pages
AZ-900 Azure Fundamentals Reviewer
67% (3)
AZ-900 Azure Fundamentals Reviewer
35 pages
Az 900 1
100% (2)
Az 900 1
342 pages
AZ 104T00A ENU TrainerHandbook
100% (1)
AZ 104T00A ENU TrainerHandbook
433 pages
Episode 01 AZ-500 Course Introduction
100% (2)
Episode 01 AZ-500 Course Introduction
276 pages
AZ 104.prepaway - Premium.5130.exam.103q 2
No ratings yet
AZ 104.prepaway - Premium.5130.exam.103q 2
102 pages
Az 900
67% (3)
Az 900
180 pages
Microsoft Azure Fundamentals: Microsoft AZ-900 Dumps Available Here at
No ratings yet
Microsoft Azure Fundamentals: Microsoft AZ-900 Dumps Available Here at
9 pages
Az 304
100% (1)
Az 304
403 pages
Az 900
No ratings yet
Az 900
16 pages
AZ 104T00A ENU TrainerHandbook
100% (1)
AZ 104T00A ENU TrainerHandbook
387 pages
AZ-900 Microsoft Azure Fundamentals - 12
No ratings yet
AZ-900 Microsoft Azure Fundamentals - 12
8 pages
Az 305
No ratings yet
Az 305
933 pages
100 Practice Questions For Az 900
100% (1)
100 Practice Questions For Az 900
31 pages
AZ-900 - Azure Fundamentals Exam Preparation - Taygan
100% (4)
AZ-900 - Azure Fundamentals Exam Preparation - Taygan
15 pages
AZ-700 Study Guide
No ratings yet
AZ-700 Study Guide
150 pages
AZ 900 Exam
100% (1)
AZ 900 Exam
7 pages
Dokumen
No ratings yet
Dokumen
372 pages
Microsoft Prep4sure Az-900 PDF Exam 2021-Jun-13 by Noel 172q Vce
No ratings yet
Microsoft Prep4sure Az-900 PDF Exam 2021-Jun-13 by Noel 172q Vce
15 pages
AZ 900T00A ENU TrainerHandbook PDF
82% (11)
AZ 900T00A ENU TrainerHandbook PDF
158 pages
MS 900 Demo PDF
No ratings yet
MS 900 Demo PDF
11 pages
AZ 104T00A ENU PowerPoint - 00
No ratings yet
AZ 104T00A ENU PowerPoint - 00
4 pages
AZ 305 Master Cheat Sheet
No ratings yet
AZ 305 Master Cheat Sheet
126 pages
Azure Fundamentals AZ 900
100% (1)
Azure Fundamentals AZ 900
62 pages
Az 900
82% (17)
Az 900
318 pages
AZ 400T01A ENU TrainerHandbook
100% (2)
AZ 400T01A ENU TrainerHandbook
191 pages
Microsoft Azure Administrator Exam Prep (AZ-104): Practice Labs, Mock Exams, and Real Scenarios to Get You Certified on the Microsoft Azure Platform - 2nd Edition
From Everand
Microsoft Azure Administrator Exam Prep (AZ-104): Practice Labs, Mock Exams, and Real Scenarios to Get You Certified on the Microsoft Azure Platform - 2nd Edition
Lalit Rawat
1/5 (1)
MAC109
No ratings yet
MAC109
4 pages
Labsheet 1 Embedded System Application
No ratings yet
Labsheet 1 Embedded System Application
7 pages
Lecture 1.1.2
No ratings yet
Lecture 1.1.2
16 pages
MCSP 232 - Project - MCA - NEW
No ratings yet
MCSP 232 - Project - MCA - NEW
21 pages
Interface Changes
No ratings yet
Interface Changes
2 pages
Omni Orb
No ratings yet
Omni Orb
137 pages
Section 9 Quiz
100% (2)
Section 9 Quiz
6 pages
SimaPro Classroom
No ratings yet
SimaPro Classroom
2 pages
Introduction To Cloud Development With HTML, CSS and Javascript
No ratings yet
Introduction To Cloud Development With HTML, CSS and Javascript
12 pages
pl-300 C580ca9141ce
No ratings yet
pl-300 C580ca9141ce
87 pages
Chapter 4 Communication
No ratings yet
Chapter 4 Communication
10 pages
Maheswara Reddy Resume
No ratings yet
Maheswara Reddy Resume
5 pages
Interview
100% (1)
Interview
87 pages
Lovely Professional University, Punjab: Course No Cours Title Course Planner Lectures Tutorial Practical Credits
No ratings yet
Lovely Professional University, Punjab: Course No Cours Title Course Planner Lectures Tutorial Practical Credits
8 pages
4 - Bitwise Operators in C
No ratings yet
4 - Bitwise Operators in C
2 pages
Database Free Installation Guide Linux
No ratings yet
Database Free Installation Guide Linux
35 pages
Junior Developer Position
No ratings yet
Junior Developer Position
2 pages
C# Module 2
No ratings yet
C# Module 2
82 pages
Tao of React
No ratings yet
Tao of React
113 pages
PFP - Imp.practice Question
No ratings yet
PFP - Imp.practice Question
5 pages
Full Download Pro Oracle SQL Development: Best Practices For Writing Advanced Queries 2nd Edition Jon Heller PDF
100% (2)
Full Download Pro Oracle SQL Development: Best Practices For Writing Advanced Queries 2nd Edition Jon Heller PDF
47 pages
44 Python Learning Questions and Answers
No ratings yet
44 Python Learning Questions and Answers
12 pages
How To Properly Name Css Classes
No ratings yet
How To Properly Name Css Classes
9 pages
Computer 10th
No ratings yet
Computer 10th
15 pages
PRAGMA (Pragma Autonomous - Transaction) - ErpSchools
No ratings yet
PRAGMA (Pragma Autonomous - Transaction) - ErpSchools
5 pages
ISAM Assignment #3
No ratings yet
ISAM Assignment #3
6 pages
Java Interview
No ratings yet
Java Interview
7 pages
Java 106 - 107 - Method Overloading and Constructor, Constructor Overlaoding TP
No ratings yet
Java 106 - 107 - Method Overloading and Constructor, Constructor Overlaoding TP
5 pages