The Microsoft Azure Fundamentals certification is one of the most accessible entry points into cloud computing, and passing the AZ-900 exam is a concrete way to prove that you understand the core concepts employers care about. This page gives you a free, printable az 900 practice test PDF you can download and study anywhere โ at your desk, on the train, or away from a screen entirely. The PDF covers all three exam domains: cloud concepts, Azure architecture and services, and Azure management and governance, with question difficulty calibrated to match the real exam.
Many candidates underestimate the AZ-900 and then find themselves surprised by the breadth of topics tested. The exam expects you to understand not just what Azure services exist, but how they relate to each other, which pricing model applies in which scenario, and why governance tools matter in an enterprise context. Working through a full practice test PDF before your exam date gives you a complete picture of where your knowledge is strong and where you need more review. Combine this PDF with the free interactive az 900 practice tests on this site for a well-rounded study plan.
The cloud concepts domain accounts for roughly 25โ30% of the AZ-900 exam and tests your understanding of what cloud computing is, why organizations adopt it, and how different service and deployment models work. At the core of this domain is the distinction between the three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). With IaaS, the cloud provider supplies the virtualized infrastructure โ compute, storage, and networking โ while you manage the operating system, middleware, and applications. Azure Virtual Machines is the canonical IaaS example. PaaS removes OS management from your plate, giving you a managed platform on which to deploy and run applications; Azure App Service and Azure SQL Database are PaaS offerings. SaaS delivers complete, ready-to-use applications over the internet โ Microsoft 365 is the most familiar example in the Azure ecosystem.
The shared responsibility model defines which security and operational tasks belong to Microsoft and which belong to the customer, and this boundary shifts depending on the service model. In IaaS, customers are responsible for patching the guest OS and securing their applications. In PaaS, Microsoft handles the underlying infrastructure and platform but customers remain responsible for their data and user access. In SaaS, nearly all responsibility shifts to the provider. Understanding this model is critical because exam questions frequently present scenarios asking who is responsible for a specific security control in a given deployment type.
Consumption-based pricing (pay-as-you-go) is a defining characteristic of public cloud, contrasted with traditional capital expenditure (CapEx) models where organizations purchase and depreciate hardware upfront. Cloud computing shifts spending to operational expenditure (OpEx), which is more predictable, scalable, and aligned with actual usage. Other key cloud benefits tested on the AZ-900 include high availability (the ability to remain operational despite component failures), scalability (adding resources to handle increased demand), elasticity (automatically adjusting resources up and down as demand changes), reliability (resilient, distributed infrastructure), predictability (consistent performance and cost), security (built-in controls and compliance frameworks), and manageability (tools to deploy, monitor, and control resources at scale).
The Azure Architecture and Services domain is the largest on the exam, weighted at approximately 35โ40%. It covers Microsoft's global infrastructure and the breadth of Azure services across compute, networking, storage, and identity. Azure is built on a worldwide network of physical datacenters organized into regions โ geographic areas each containing one or more datacenters connected by low-latency networks. As of 2026, Azure operates over 60 regions globally, giving organizations the ability to deploy workloads close to their users. Within a region, Availability Zones are physically separate datacenters with independent power, cooling, and networking. Deploying across multiple Availability Zones provides high availability by ensuring that a failure in one zone does not affect services running in another.
At the management level, Azure resources are organized into a hierarchy: individual resources sit inside resource groups, which exist within subscriptions, which can be grouped under management groups at the top level. This hierarchy maps directly to governance and billing: subscriptions define billing boundaries and resource quotas, while management groups allow organizations to apply policies and access controls across multiple subscriptions simultaneously. Azure Resource Manager (ARM) is the control plane that underlies all resource deployment and management in Azure โ whether you use the Azure portal, Azure CLI, PowerShell, or infrastructure-as-code tools like Bicep or Terraform, all requests flow through ARM.
The compute category includes Azure Virtual Machines (IaaS virtual servers), Azure App Service (PaaS web hosting), Azure Container Instances (serverless containers), Azure Kubernetes Service (managed Kubernetes), and Azure Functions (serverless event-driven compute). Each service suits different workload types, and exam questions frequently test your ability to match a business requirement to the correct compute option. Networking services include Azure Virtual Network (VNet) for isolated private networking, Azure VPN Gateway and Azure ExpressRoute for hybrid connectivity to on-premises environments, Azure Load Balancer and Azure Application Gateway for traffic distribution, and Azure DNS for domain name resolution.
Storage services include Azure Blob Storage (unstructured object storage ideal for images, videos, and backups), Azure Disk Storage (managed block storage for VMs), Azure Files (managed file shares accessible via SMB and NFS protocols), and Azure Queue Storage (message queuing for decoupled application architectures). Azure Active Directory (now Microsoft Entra ID) is the cloud identity and access management service that handles authentication and authorization across Azure and Microsoft 365. Azure AD supports multi-factor authentication (MFA), single sign-on (SSO), and Conditional Access policies that enforce security controls based on user, device, location, and risk signals.
The management and governance domain covers approximately 25โ30% of the exam and focuses on the tools Azure provides to control costs, enforce compliance, manage access, and monitor the health of cloud resources. Azure Cost Management and Billing gives organizations visibility into their spending, the ability to set budgets and alerts, and tools to analyze cost trends over time. Understanding how to use Cost Management to identify waste โ such as idle VMs or over-provisioned storage โ is a practical skill tested in scenario questions. Azure Advisor is a free personalized recommendation service that analyzes your Azure deployment and suggests improvements across reliability, security, performance, operational excellence, and cost optimization.
Azure Policy is the governance tool used to define and enforce organizational standards across Azure resources. Policies can audit existing resources, deny the creation of non-compliant resources, or automatically remediate configurations that drift from the defined standard. Policy initiatives (groups of related policies) simplify compliance at scale. Azure Policy integrates with regulatory compliance frameworks, making it possible to map your Azure environment's compliance posture to standards like ISO 27001, NIST, and PCI-DSS from within the Azure portal.
Role-Based Access Control (RBAC) is the authorization system used to manage who has access to which Azure resources and what they can do with them. RBAC assigns roles โ built-in or custom โ to users, groups, or service principals at a specific scope: a resource, resource group, subscription, or management group. The principle of least privilege is fundamental to good RBAC design, meaning each identity receives only the permissions it needs to perform its function and no more. Resource locks are a complementary governance feature that prevent accidental deletion or modification of critical resources, independent of RBAC permissions. Two lock types exist: ReadOnly (no changes allowed) and Delete (no deletion allowed).
Azure Monitor is the unified observability platform for Azure, collecting metrics, logs, and traces from Azure resources and applications. Within Azure Monitor, Log Analytics provides a query environment for exploring log data, while Application Insights delivers application performance monitoring (APM) for custom applications. Alerts can be configured to notify teams or trigger automated actions when metrics cross defined thresholds. The Service Trust Portal is Microsoft's transparency hub, hosting audit reports, compliance documentation, and data protection information for Azure, Microsoft 365, and Dynamics 365. Understanding the purpose of the Service Trust Portal โ and how it differs from operational tools like Azure Advisor or Azure Monitor โ is a common exam question. Together, these governance and management tools form the framework that allows enterprises to operate Azure environments at scale while maintaining security, compliance, and cost discipline.
Download the PDF, work through every question in a single timed sitting, and note every answer you are uncertain about โ those are your study priorities. Then return to the full library of interactive az 900 practice tests to drill the weak areas before exam day. The combination of offline PDF review and immediate online feedback is the fastest path to a confident, passing score on the AZ-900.