As a candidate for this exam, you’re a technology professional who wants to demonstrate foundational knowledge of cloud concepts in general and Microsoft Azure in particular. This exam is a common starting point in a journey towards a career in Azure.
You can describe Azure architectural components and Azure services, such as:
You can also describe features and tools to secure, govern, and administer Azure.
You should have skills and experience working with an area of IT, such as:
Here’s how Contoso Electronics could leverage each cloud service type to migrate their old Testing/QA Server 2012 R2 to Azure, with examples:
IaaS: Contoso could create a virtual machine (VM) in Azure running Windows Server. They manage the OS, apps, and updates.
PaaS: If the testing/QA workload involves a specific app, Contoso could migrate the app to an Azure App Service or Azure DevTest Labs, removing the need to manage the underlying OS.
SaaS: For simpler QA/testing needs, Contoso could use SaaS-based testing tools (e.g., Azure DevOps Test Plans) without managing infrastructure or platforms.
Each analogy aligns with control levels:
Tags in Azure are key-value pairs that users create to organize and manage their resources. They're flexible and customizable, making them useful for filtering, reporting, and governance. Here are some examples of commonly used tags:
Role-Based Tags
Role, Value: QA Database Environment, Value: Production Function, Value: Web Server Cost and Budget Management Tags
CostCenter, Value: 12345 Project, Value: Migration2024 BillingOwner, Value: JohnDoe Resource Ownership and Accountability Tags
Owner, Value: AliceSmith Team, Value: DevOps Department, Value: IT Location and IP Address Tags
Location, Value: East US IP Address, Value: 12.34.56.78 Purpose and Lifecycle Tags
Purpose, Value: Backup Lifecycle, Value: Decommission Q3 Status, Value: Active Security and Compliance Tags
Compliance, Value: GDPR Confidentiality, Value: High Tags are useful for querying resources quickly via the Azure portal, CLI, or API, enabling you to group resources logically, even if they're scattered across subscriptions or regions.
A: Handling Subscription Limits in Azure
B: Azure Subscription Types
C: Management Group Limitations
D: Using Management Groups in Azure
E: Understanding Containers
F: Azure Container Options
G: Azure Functions and Microservices
H: Load Balancing in Azure
I: Memory-Optimized Virtual Machines (VMs)
J: Azure App Service Tiers
K: Azure Container Registry (ACR)
L: Monitoring and Insights Tools
M: Scaling and Storage in AKS
N: Azure Virtual Desktop Load Balancing
O: Global Scalability and Disaster Recovery
P: Azure Hybrid Cloud and Connectivity Options
Q: Azure Stack and Private Cloud Deployment
R: Core Cloud Features
S: Scaling in Cloud Environments
T: Cloud Models and Security Levels
U: Cloud Service Models
V: Agility in Cloud Development
W: Azure Availability Strategies
X: Data Replication and Regional Pairs
Y: Cost Management with Resource Groups
Z: Azure Subscription Limits
To transition a large capital expenditure (CapEx) to an operational expenditure (OpEx), Contoso's CIO has suggested to the board that the organization move their virtual machine (IaaS) workloads to Azure. The CFO argues that this will result in unpredictable OpEx spending. In this case, what pricing option is available to reduce costs and making predicting future spending easier?
Tailspin Toys, a small startup, is choosing their initial services architecture. They choose to rely on Office 365 and Microsoft Azure for all services. Which of the following best describes the cloud model they have chosen?
Which of the following statements are true of a Software as a Service solution?
Contoso is planning to move to Azure, but currently hosts business applications in a shared virtualization infrastructure on-premises, utilizing Hyper-V. This is an example of which cloud computing model?
Azure SQL Database and an on-premises SQL cluster represent a(n) …. expense and a(n) …. expense, respectively.
In Azure, you are charged only for what you use. This is known as a
Contoso runs several business applications in Azure VMs. Which cloud computing model best categorizes Azure VMs?
Azure App Service, Azure SQL Database, and Cosmos DB are examples of which category of cloud computing service?
You need to provide additional capacity than what is currently available in your on-premises datacenter. The solution must minimize capital expense (CapEx) and operational expense (OpEx). Which solution should you recommend?
Office 365, Azure VMs, and Event Grid represent, ……, ……, and ……, respectively.
Contoso host databases for customer-facing web applications in Azure MySQL Database. Which cloud computing model best categorizes this service?
Contoso hosts a legacy CRM application that runs on an Azure VM scale set. The application runs at a steady state of around 30% resource utilization. However, during month end closing activities, the application spikes to 90% resource utilization for extended periods during the last week of the month. Azure allows Contoso IT to meet these spikes in resource demand at the push of a button, paying for the additional capacity only when needed. This is an example of:
Contoso plans to migrate their existing on-premises SQL VMs to Azure. Which expenditure model does this implement?
A financial analysis of migration of on-premises files to Azure Storage at Contoso showed that storing 2TB of archived data in Azure would be less expensive than hosting this data on-premises. The report also showed unit cost in Azure would decrease even further as the data archive grows. This is an example of cloud
The Contoso Corp Financial Services team needs to automate several business processes. They need to create workflows in a low-code environment with a visual interface. The service must have built-in connectivity to their existing platforms, like SalesForce and SAP. The members working on the project are only lightly technical (citizen developers). Which Microsoft service will best fit their use case?
Kelly, who works in IT Operations, wants to automate a task using a script she wrote. She wants to do this with a minimum of expense and maintenance effort. She selected Azure Functions to host the job, instead of Azure Virtual Machines (IaaS). Does this service meet the solution criteria?
Contoso has a line-of-business application that requires access to a file share. You need to host this share in Azure with a minimum of cost and administration effort. Which service would best fulfill this requirement?
Contoso IT needs to ensure deployments of like Azure resources are the same for every deployment. Which of the following could be used to automate resource deployment?
You are testing new software in an Azure VM. When you are done testing, you shut down the VM, which shows a state of “Stopped” in the Azure portal. Will you incur additional costs while the VM is in this state?
You are deploying multiple instances of a custom Contoso web application. The application instances share a common management lifecycle, but will be located in different Azure regions. Can you deploy resources across multiple Azure regions in a single resource group?
You are responsible for recommending infrastructure architectures for applications at Contoso. Which solution would you recommend for on-demand execution of automated tasks in Python for minimum of expense?
Which Azure service would you use to correlate events from multiple Azure resources in a central repository? (choose the best answer)
An …… protects against datacenter-level failures.
Contoso has messages from a variety of sources (many Azure services) that need to be need to be relayed to an application. Which Azure service would be best suited to the task?
You can monitor health and availability of your Azure Kubernetes Service (AKS) cluster with:
Which storage tier in Azure Storage delivers the highest cost of data storage?
To retire some aging on-premises servers, Contoso is planning to move several SQL databases to Azure SQL Database. The CIO has asked for a tool to estimate the cost of hosting these resources in Azure. Sally suggests using the Azure Pricing Calculator to estimate costs prior to migration. Does Sally's solution meet the solution criteria?
Which storage tier in Azure Storage delivers the lowest cost of data storage?
You have a mobile application that exchanges large numbers of messages with customer devices. Which type of Azure storage is optimized for storing large numbers of messages, accessible from anywhere via authenticated HTTP or HTTPS calls?
Contoso's Security team wants to apply policy-based configuration across deployments in multiple Azure subscriptions. Which of the following can help achieve this requirement?
Contoso plans to implement a hybrid cloud architecture utilizing Azure. They need to connect on-premises application resources. The solution should minimize latency and maximize security. Which option should they choose?
As part of a hybrid cloud deployment at Contoso, you need to connect Contoso's on-premises datacenter to Azure. The solution you choose should minimize expense during the low-scale pilot deployment. Which option will you choose?
For regulatory compliance, you need to ensure Contoso's corporate web apps use TLS 1.2 for encryption. Does Azure App Service support enforcing this specific requirement?
Contoso wants to migrate a legacy application to Azure that requires an file share accessible on a UNC path. You need to provide an SMB file share and secure access. The solution should minimize administrative effort. Which service will you use?
Storage for Azure VMs is hosted in which Azure Storage type?
Contoso IT wants to configure separate Azure subscriptions for different environments (production, development, test) and products. Can they associate multiple Azure subscriptions to the same Entra ID tenant?
Contoso Financial Services regularly creates documents containing sensitive customer data, including personally identifiable information. You need to ensure access is restricted to finance personnel, regardless of where the document travels. Which service should you use to classify and protect these documents?
An Azure …… is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
Which Azure storage redundancy option does Microsoft recommend for maximum redundancy and recoverability?
An …… protects against VM failures due to failures in updates, power, or network connectivity.
You need to manage your Azure VMs using the Azure portal. Which URL would you use to manage the Azure VMs?
Contoso IT wants to develop modern application components using a serverless architecture. Which Azure service is best for hosting code as part of a services infrastructure?
You can monitor health and performance of microservices applications running on Azure Kubernetes Service (AKS) with:
You need to store unstructured data, such as images, video files, social media posts on Azure Storage. Which type of Azure Storage is optimized for storage of large amounts of unstructured data?
Contoso IT has deployed a group of Azure VMs for hosting production. They want best practices recommendations for high availability of their VM resources. Will the Azure Advisor tool provide recommendations for these existing resources?
The Contoso IT Operations team needs to monitor their customer-facing web apps for performance anomalies. Which Azure service will best fulfill this need?
You need to automate responses to some alerts from Azure Monitor. Which service supports automating responses and corrective actions in this scenario?
The Contoso IT Operations team needs to aggregate events from a large number of resources hosted in Azure for correlation, alerting, and reporting. Which Azure service would you use to centrally collect, store, and act on events?
You need to alert on service failures in your Azure services, such as web app instances hosted in App Service, and Azure VMs that stop running for any reason. Which tool should you use?
You can find recommendations for security best practices security configuration for Azure Kubernetes Service (AKS) with:
Azure VMs in different virtual networks can communicate by default
Which Microsoft solution provides support for passwordless authentication on Windows 10 and 11 systems?
You have deployed an Azure VM hosting a line-of-business web application. You need to provide access to the application over the Internet via HTTP/S. You add a security rule to the Network Security Group (NSG) to allow inbound traffic from the Internet. Does this solution meet the requirement?
Contoso IT has deployed multiple Azure VM across 15 virtual networks. How can you most securely limit inbound traffic and protect these VMs from unwanted inbound requests? (choose the best answer)
You need to define and enforce corporate standards for new and existing Azure resource deployments in all of Contoso's Azure subscriptions. What should you use to meet this objective?
Tailspin Toys relies heavily on Entra ID for cloud identity. They want to more effectively protect their identities from external threats. Which service should they choose?
In a Site-to-Site VPN, the…. is the cross-premises gateway that connects your Azure Virtual Network with your on-premises VPN appliances
You need to prevent accidental deletion of Azure resources in your subscription. Which feature will meet this requirement? (choose the best answer)
You are responsible for creating Azure resources at Contoso using ARM templates. You need to ensure Azure resources are only created in approved regions. What should you use to enforce this requirement
Contoso IT assigns permissions at the resource group level for all resources deployed to Azure. Will resources in the resource group inherit permissions assigned to the resource group?
Contoso has implemented a hybrid, synchronized identity model, consisting of on-premises Active Directory and Entra ID. They want to more effectively protect their on-premises identities from external threats. Which service should they choose?
You need to implement multi-factor authentication for your Entra ID users. However, you only want to prompt for an additional authentication factor when users are not in a trusted location on an unmanaged device. Which feature should you implement? (choose the best answer)
The Contoso Security team has implemented a new security policy. When users connect from an outside corporate offices, they must be prompted for MFA. Which feature will you implement?
You need to support OATH tokens (one-time password) as a second authentication factor for Entra ID. What Microsoft solution enables use of OATH tokens for Entra ID and other identity providers?
The Contoso Legal Department has asked Contoso IT to verify whether the Contoso's Azure environment meets regulatory requirements. Which service should you use to answer this question?
What are the three foundational principles of Zero Trust?
Contoso Electronics is a global retailer. The Contoso Cloud Architecture team needs to simplify deployments of new environments in Azure, including Azure Resource Manager (ARM) templates , role-based access, and policies. Which Azure service enables delivery of templates for repeatable deployment and configuration of new subscriptions and environments? (choose the best answer)
Your company is planning to host services in Azure. You want to leverage identities in Entra ID, but still need to support on-premises identities in Active Directory. Can you support single sign-on (SSO) and multi-factor authentication for both on-premises and cloud with Entra ID?
You need to configure access to Office 365 resources for users at Contoso. To group users for assignment of permissions, which of the following options would you use?
Implementing Azure MFA (multi-factor authentication) will ensure we know who the user is who they claim to be. This is an example of:
You need to ensure on-premises file shares and Azure Files remain in sync in both directions, regardless of where the file was changed. Which tool or service would you choose? (choose the best answer)
Contoso's Security team wants to implement selective use of multi-factor authentication (MFA) based on multiple factors related to the authentication request, such as device health and sign-in risk. Which service should they implement?
Contoso has deployed resources across multiple Azure regions for multiple business units. They have a requirement to generate cost and chargeback reporting to track the Azure costs to be charged back to each business unit. Which Azure feature should they use to simplify this task?
You need to identify and enforce Contoso's corporate standards across new and existing Azure deployments. Which service would you choose to achieve this requirement? (choose the best answer)
Using role based access control (RBAC) in Azure, we can determine which resources and services a user has access to. This is an example of:
Azure China and Azure Government are examples of:
You need to ensure no one (including administrators) can create additional resources in a Azure resource group. What will you do to achieve this objective?
Which of the following describes authentication?
You need to track resource consumption by application and department for cost tracking and chargeback. Which of the following will enable this capability.
You need to automate movement of multiple files to a storage account. What command line tool can you use to script copying blobs or files to or from your storage account? (choose the best answer)
Which Azure storage redundancy option would you select for development workloads where minimizing expense is the highest priority?
Contoso needs Azure capacity to support spikes in request traffic to their load-balanced web farm during the holiday shopping season. A consultant recommends deploying the website to a virtual machine scale set in Azure. Will this meet the requirement?
Which type of Azure storage stores NoSQL data in Azure, including a schemaless key/attribute store?
You need to identify deviations from Microsoft security best practices in your Azure cloud infrastructure. Which service should you use?
Contoso IT is planning to migrate all on-premises data to Azure. The Legal Department has asked for verification that Azure complies with Contoso's regulatory obligations, such as HIPAA and PCI DSS. Which Azure service can be used to monitor for regulatory compliance?
You need to calculate the estimated cost of a set of Azure resources before you deploy them. Which service or tool will you use?
As part of a migration of on-premises VM workloads to Azure VMs, Contoso wants to minimize costs. Since the VMs will be running in Azure for an extended period of time (years), what option should they consider to reduce hosting costs?
A …… is a virtual network gateway that sends encrypted traffic between an Azure VNET and an on-premises location over the Internet
Contoso IT Operations has been tasked with providing recommendations on how to reducing cost of running Azure VMs. Which service should they use to gather recommendations?
Contoso is planning to move several on-premises services to Azure PaaS and IaaS solutions. The CIO has asked for a tool to estimate the cost of hosting these resources in Azure. Tom suggests Azure Cost Management to estimate costs prior to migration. Does Tom's solution meet the solution criteria?
To manage service lifecycle with more granularity, Contoso cloud architects have designed a model that involves a large number of resource groups. Will Contoso incur additional costs for the resources groups?
You plan to deploy several Azure VMs. The applications running on these VMs should remain available if a single Azure datacenter fails. You opt to deploy VMs to multiple availability zones. Does your solution meet the solution criteria?
Contoso IT has deployed a group of VMs in Azure. They want to identify recommendations on how to reduce the cost of running these VMs. Which tool should they use? (choose the best answer)
Azure App Service supports which of the following application type(s)?
Which virtual machine configuration supports a more resilient, highly available environment by staggering VM updates and ensuring varied power and network connectivity?
Tailspin Toys uses a pay-as-you-go (PAYG) subscription in Azure. PAYG generally provides lowest cost over time, but least flexibility in terms of shifting consumption to new services.
Azure Container Instances enable running containers without host servers to manage.
Azure Container Instances enable elastic bursting for Azure Kubernetes Service
Azure VMs in different subnets in the same virtual network can communicate by default
Azure DDoS, which protects your Azure resources against distributed denial of services attacks, includes both a Basic and Standard tiers.