Try 10 focused AZ-900 questions on Describe Cloud Concepts, with explanations, then continue with IT Mastery.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
| Field | Detail |
|---|---|
| Exam route | AZ-900 |
| Topic area | Describe Cloud Concepts |
| Blueprint weight | 25% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Describe Cloud Concepts for AZ-900. Work through the 10 questions first, then review the explanations and return to mixed practice in IT Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 25% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Describe Cloud Concepts
A team wants to reduce monthly Azure compute costs for its development environment. Which of the following actions will NOT help reduce their Azure charges?
Options:
A. Configuring automatic shutdown for dev/test virtual machines outside of business hours
B. Leaving all non-production virtual machines running 24x7, even when no one is using them, to avoid delays when developers start work
C. Deleting unused managed disks and public IP addresses that are no longer attached to any virtual machine
D. Deallocating lab virtual machines after a training session is complete and recreating them only when needed again
Best answer: B
Explanation: Cloud cost optimization in Azure relies heavily on paying only for what you actually use. Because Azure uses a consumption-based pricing model, running or keeping unused resources provisioned leads directly to unnecessary charges.
For virtual machines, compute charges apply while the VM is running. If you leave dev/test or lab VMs running 24x7, you pay for CPU and memory continuously, even during nights and weekends when no one is using them. Best practice is to stop and deallocate or delete resources when they are not required, particularly in non-production environments.
Actions like configuring automatic shutdown, deallocating VMs when they are idle, and deleting unused disks or IP addresses all align with the principle of removing or turning off unused resources to avoid extra costs.
Topic: Describe Cloud Concepts
Which of the following scenarios is NOT typically appropriate for using a public cloud deployment model such as Microsoft Azure?
Options:
A. A government agency is legally required to keep all workloads in its own privately controlled datacenter and is prohibited from using any third‑party cloud providers.
B. A startup wants to launch an online service quickly and scale to thousands of users without buying its own servers.
C. A development team needs short-lived test environments that can be created and deleted frequently without purchasing new hardware.
D. A retail company runs a marketing website that experiences large traffic spikes only during holiday sales.
Best answer: A
Explanation: A public cloud deployment model, such as Microsoft Azure, is owned and operated by a cloud provider and shared by multiple customers (tenants). Organizations consume services over the internet on a pay-as-you-go basis without owning the underlying hardware.
Public cloud is typically appropriate when an organization wants to avoid large upfront investments in datacenters, needs to scale quickly, or wants to provision and deprovision resources on demand. It works well for startups, variable or seasonal workloads, and development and test environments.
However, if an organization is legally required to host all workloads in its own datacenter and is forbidden from using third-party cloud providers, then a public cloud deployment is not appropriate. In that case, a private cloud or traditional on-premises environment is required to satisfy those constraints.
Topic: Describe Cloud Concepts
A development team created a temporary test environment in Azure and deleted all test resources on May 8. They review the daily cost data for the related resource group, shown in the exhibit.
Exhibit:
| Date | Test resources present | Daily cost ($) |
|---|---|---|
| May 1 | Yes | 3.20 |
| May 2 | Yes | 3.15 |
| May 3 | Yes | 3.18 |
| May 4 | Yes | 3.25 |
| May 5 | Yes | 3.22 |
| May 6 | Yes | 3.19 |
| May 7 | Yes | 3.17 |
| May 8 | No (deleted) | 0.00 |
| May 9 | No | 0.00 |
| May 10 | No | 0.00 |
Based on this exhibit, which statement best describes how Azure’s consumption-based pricing supports low-risk experimentation?
Options:
A. Azure charges only while the test resources exist and are consuming services, so you can experiment for a short time and stop paying as soon as you delete them.
B. Azure charges a fixed monthly amount for the resource group, so you pay the same total cost even after deleting all test resources.
C. Azure requires you to keep test resources for the entire billing month, so you cannot delete them to reduce costs during that month.
D. Azure increases the daily cost after you delete resources to recover early termination fees for short-term experiments.
Best answer: A
Explanation: The exhibit illustrates Azure’s consumption-based (pay-as-you-go) pricing model. While the test resources exist (May 1–May 7), the daily cost is a little over USD 3 each day. Once the team deletes all test resources on May 8, the daily cost shown in the table becomes USD 0.00 and remains at zero on subsequent days.
This pattern shows that the organization is billed only while the resources are allocated and consuming Azure services. When the test environment is removed, the charges stop accruing. This directly supports low-risk experimentation: teams can create resources, try services for a short time, and then delete them to stop paying, without long-term contracts or large upfront investments.
This is a key advantage of cloud economics compared to traditional on-premises environments, where you might buy hardware upfront and continue to incur costs even if it is not used.
Topic: Describe Cloud Concepts
A company migrates a line-of-business web app to Azure and hosts it on two Windows virtual machines in a virtual network. The security team requires that only HTTPS traffic is allowed to the VMs using network security groups (NSGs) and that the guest operating systems are kept up to date with security patches. According to the Azure shared responsibility model, who is primarily responsible for configuring the NSG rules and applying the OS security updates on these VMs?
Options:
A. A third-party security vendor, because security is always outsourced in the cloud
B. Microsoft, because Azure provides the virtual machines
C. Responsibility is shared equally between Microsoft and your internet service provider (ISP)
D. Your organization (the Azure customer)
Best answer: D
Explanation: The Azure shared responsibility model defines which security tasks are handled by Microsoft and which remain with the customer. For infrastructure-as-a-service (IaaS) virtual machines, Microsoft is responsible for securing the physical datacenters, power, cooling, physical networking, and the virtualization layer. The customer is responsible for what they deploy and configure on top of that infrastructure.
Configuring network security groups (NSGs) to control inbound and outbound traffic to virtual machines is part of the customer’s responsibility because it relates to how the customer exposes and protects their workloads. Similarly, applying security updates to the guest operating system of the VMs is a customer task, because the OS and anything installed on it are under the customer’s control. Microsoft may provide tools and services to help, but does not automatically manage these aspects in a standard IaaS deployment.
Topic: Describe Cloud Concepts
A company hosts a public web app in Azure for customers in North America and Asia. Some Asian users report slow page loads, and the company wants to use Azure’s global infrastructure to reduce latency for those users without moving the existing North America deployment. Which approach is the MOST appropriate?
Options:
A. Increase the size of the existing web app’s compute resources in the North America region so it can handle more traffic.
B. Deploy a second instance of the web app in an Azure region close to Asian users and use Azure Traffic Manager to route users to the nearest endpoint.
C. Keep the web app only in the North America region and configure a site-to-site VPN connection for users in Asia.
D. Enable Azure Backup to replicate the web app’s data to a secondary region for disaster recovery.
Best answer: B
Explanation: This question targets how Azure’s global reach helps reduce latency for users in different parts of the world. Azure has many regions distributed globally, and you can deploy your application to multiple regions so that users connect to a region that is geographically closer to them.
The best way to improve latency for Asian users is to run the web app in an Azure region near those users and use a global traffic-routing service such as Azure Traffic Manager. Traffic Manager uses DNS-based routing to direct users to the closest healthy endpoint, which takes advantage of Azure’s global footprint without forcing you to move or replace the existing North America deployment.
Topic: Describe Cloud Concepts
A small startup is launching a new mobile app and expects usage to grow quickly but unpredictably. They want to avoid buying and maintaining any physical servers and prefer a pay-as-you-go model managed by an external provider. Which type of cloud deployment model is most appropriate for this scenario?
Options:
A. Traditional on-premises datacenter
B. Hybrid cloud
C. Public cloud
D. Private cloud
Best answer: C
Explanation: This scenario describes a startup that wants to scale quickly, avoid purchasing physical servers, and pay only for what it uses. These are classic benefits of a public cloud deployment model.
In a public cloud, a cloud provider like Microsoft owns and operates the datacenters and underlying hardware. Customers share the provider’s infrastructure in a multi-tenant environment and consume resources over the internet on a consumption-based model. This lets organizations, especially startups, move quickly without large capital expenses.
Private and hybrid models are useful when you must keep control of hardware or maintain on-premises environments for compliance or technical reasons, but they do not remove infrastructure ownership in the way the startup is asking for.
Topic: Describe Cloud Concepts
A company runs a customer-facing web application on an Azure PaaS service. The security team reviews a summary of shared responsibilities, shown in the exhibit.
Which action is the company responsible for, based on this information?
Exhibit:
| Area | Responsibility owner |
|---|---|
| Physical datacenter security | Azure |
| Network controls inside Azure datacenters | Azure |
| Customer identities, accounts, and data | Customer |
| Application configuration and code | Customer |
Options:
A. Install biometric locks at the Azure datacenter entrances where the application is hosted.
B. Decide when Azure applies operating system updates to the underlying PaaS compute nodes.
C. Configure multi-factor authentication (MFA) for employee sign-ins to the web application.
D. Replace failed disks in the physical servers that host the PaaS web application.
Best answer: C
Explanation: The exhibit presents a simplified view of the shared responsibility model for an Azure PaaS application. It separates platform-level tasks, such as physical datacenter security and internal network controls, from customer-level tasks, such as managing identities, data, and application configuration.
In the shared responsibility model, Microsoft secures the underlying cloud infrastructure, including physical buildings, hardware, and core platform services. Customers are responsible for how they use the platform: securing identities, classifying and protecting their data, and configuring and maintaining their applications.
Because the row “Customer identities, accounts, and data” is assigned to the customer, any control that governs how users authenticate to the application (such as multi-factor authentication) is clearly within the customer’s responsibility. Actions related to physical infrastructure or platform OS management are owned by Azure and are not tasks the customer can or must perform.
This question reinforces that, even with managed services like PaaS, customers still have important security responsibilities around accounts, data, and workload configuration.
Topic: Describe Cloud Concepts
Which statement best describes Azure’s consumption-based pricing model?
Options:
A. You pay only for the cloud resources you use, and costs increase or decrease based on actual usage.
B. You pay a fixed monthly fee for a predefined amount of capacity, whether you use it or not.
C. You buy a single enterprise license that allows unlimited Azure usage worldwide for a fixed term.
D. You must pay the full hardware cost up front, but there are no additional usage charges.
Best answer: A
Explanation: Azure uses a consumption-based (pay-as-you-go) pricing model for most services. In this model, you are charged based on what you actually use, such as compute hours, storage consumed, or data transferred. If you use more resources, your bill increases; if you use fewer, your bill decreases.
This model supports the core cloud benefits of elasticity and agility because you do not need to guess future capacity or make large up-front investments. Instead, you start small and scale your usage (and therefore your costs) up or down as your needs change.
Topic: Describe Cloud Concepts
In the context of moving workloads to Microsoft Azure, which example best represents operational expenditure (OpEx)?
Options:
A. Buying physical servers upfront for your on-premises datacenter
B. Paying a monthly bill for Azure virtual machines based on actual usage
C. Purchasing network switches and storage arrays outright for long-term use
D. Constructing a new building to host your company’s datacenter
Best answer: B
Explanation: Capital expenditure (CapEx) is money spent upfront to acquire long-term assets such as buildings, servers, and networking equipment. Operational expenditure (OpEx) is ongoing spending to operate and consume services over time.
With Azure and other public cloud providers, most costs shift from CapEx to OpEx. Instead of buying hardware and facilities, you pay for services like virtual machines, storage, and databases as you use them, typically on a monthly bill. This pay-as-you-go model is a key part of cloud economics.
In this question, the option that describes paying a monthly bill for Azure virtual machines based on actual usage is the best example of OpEx, because it is an ongoing, consumption-based cost rather than an upfront investment in assets.
Topic: Describe Cloud Concepts
An organization wants to provide users with email, online meetings, and file collaboration by subscribing to Microsoft 365. The IT team does not want to install or manage any servers or application updates and prefers a per-user subscription. Which cloud service type does this scenario describe?
Options:
A. Platform as a Service (PaaS)
B. Serverless computing
C. Software as a Service (SaaS)
D. Infrastructure as a Service (IaaS)
Best answer: C
Explanation: This scenario describes a company subscribing to Microsoft 365 to get email, meetings, and file collaboration, without managing servers or application updates. This aligns directly with Software as a Service (SaaS).
With SaaS, the cloud provider hosts and manages the entire application stack, including infrastructure, operating systems, and the application itself. Customers access the software over the internet, usually via a web browser or thin client, and pay via a subscription model (often per user per month).
Microsoft 365 (and Dynamics 365) are classic Microsoft SaaS offerings. Organizations use them to consume fully managed business applications, rather than building or hosting those applications themselves. This is different from PaaS or IaaS, where the customer is more involved in creating or managing the underlying application components.
Understanding that Microsoft 365 is SaaS helps clarify which responsibilities belong to the customer (like user data and access control) and which stay with Microsoft (like infrastructure, patching, and app maintenance).
Use the AZ-900 Practice Test page for the full IT Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try AZ-900 on Web View AZ-900 Practice Test
Read the AZ-900 Cheat Sheet on Tech Exam Lexicon, then return to IT Mastery for timed practice.