How to Pass Microsoft Azure Foundation Exam AZ-900 (Part 2 of 3)

The Microsoft Azure Foundation Exam AZ-900 or the equivalent from AWS are usually the first cloud certificates that someone new to the cloud starts with. Both cover basic cloud concepts and ensure that you gain a profound understanding of the respective services. As the passing grade of 80% for the AZ-900 is quite high, it is advisable to thoroughly study for the exam. This is the first of three posts that will provide you with all key information about the Azure services that you need to pass the Azure Foundation Exam AZ-900.

The following structure is taken from the latest exam syllabus for the Azure Foundation 2021 and indicates the weight of each chapter in the exam. For each chapter, I have written down a very brief summary of key concepts and information that are typically asked for during the exam. The summary is a great resource to check and finalize your studies for the exam. However, if you are new to the topic, you should first start by going through the official Microsoft Azure training materials.

This is part 2 of the three-parts series regarding the Microsoft Azure Foundation exam AZ-900 and it will cover the third and fourth topic from the content below:

1. Describe Cloud Concepts (20-25%)

2. Describe Core Azure Services (15-20%)

3. Describe core solutions and management tools on Azure (10-15%)

3.1 Describe core solutions available in Azure

3.2 Describe Azure management tools

4. Describe general security and network security features (10-15%)

4.1 Describe Azure security features

4.2 Describe Azure network security

5. Describe identity, governance, privacy, and compliance features (20- 25%)

6. Describe Azure cost management and Service Level Agreements (10- 15%)

3. Describe core solutions and management tools on Azure (10-15%)

3.1 Describe core solutions available in Azure

Virtual Machines

A virtual machine is an IaaS service. Administrators from a company would have full control over the operating system and be able to install all applications on it. For example, Virtual machines can have a VPN installed that encrypts all traffic from the virtual machine itself to a host on the Internet. They can also transfer a virtual machine between different subscriptions.

Scale sets help to manage increased demands, load balancer help to distribute user traffic among identical virtual machines. Azure Virtual Machine Scale Sets are used to host and manage a group of identical Virtual Machines.

To avoid failure in case that a data center fails, you need to deploy across multiple availability zones. At least two virtual machines are needed to ensure 99.99% up time. If a virtual machine is switched off, there are no costs for processing, but still for storage services.


Containers are more lightweight than virtual machines. Instead of virtualizing the complete operating system, they only need the images and libraries and access the underlying operating system from the host environment. Multiple containers are managed with Azure Kubernetes, which is an IaaS solution.


Data disks for virtual machines are available through blob storage. Blob storage costs depend on the region. Storage costs depend on the amount of stored data, but also on the amount of read and write operations. Transfers between different regions also costs.

An Azure Storage account – file service – can be used to map a network drive from on premise computers to a Microsoft Azure storage.

Cool storage and archive storage can be used for data that is infrequently accessed.

Further Azure Services

  • Azure SQL database is a PaaS service. Companies buying the service would not have control over the underlying server hosting in Azure

  • Azure Web App is a PaaS solution, accessible via One would not have full access on the underlying machine hosting the web application

  • Azure DevOps is an integration solution for the deployment of code. It provides a continuous integration and delivery toolset

  • Azure DevTestLabs quickly provides development and test environments, such as 50 customized virtual machines per week

  • Azure Event Grid can collect events from multiple sources and process them to an application

  • Azure Databricks is a big data analysis service for machine learning

  • Azure Machine Learning Studio can be used to build, test, and deploy predictive analytics solutions

  • Azure Logic Apps is a platform to create workflows

  • Azure Data Lakes is a storage repository holding large amounts of data in its native, raw format

  • Azure Data Lake Analytics helps to transform data and provide valuable insights on the data itself

  • Azure SQL Data Warehouse is a centralized repository of integrated data from one or more sources. It requires zero administration of the underlying infrastructure and provides low latency access to the data

  • Cosmos DB Service is a globally distributed, multimodal database service. It can host tables and json documents in Azure without required administration of the underlying infrastructure

  • Azure Synapse Analytics is an analytics service that brings together enterprise data ware housing and Big Data Analytics

  • Azure HD Insight is a managed, full-spectrum, open-source analytics service. It can be used for frameworks such as Hadoop, Apache etc

  • Azure Functions App and Azure Logic App are platforms for serverless code. Azure Logic focuses on workflows, automation, integration, and orchestration, while Azure Functions merely executes code

  • Azure App Services hosts web apps / web-based applications. It requires to manage the infrastructure

  • Azure Marketplace is an online store that offers applications and services either built on or designed to integrate with Azure

  • IoT Central provides a fully managed SaaS solution that makes it easy to connect, monitor, and manage IoT assets at scale

  • IoT Hub can be used to monitor and control billions of Internet of Things assets

  • IoT Edge is an IoT solution that can be used to analyze data on end user devices

  • Azure Time Series Insights provides data exploration and telemetry tools to help refine operational analysis

  • Azure Cognitive Services is a simplified tool to build intelligent Artificial Intelligence applications

3.2 Describe Azure management tools

  • Azure Applications Insights monitors web applications and detects and diagnoses anomalies in web apps

  • The Azure CLI, Azure Powershell, and Azure Portal can be used on Windows 10, Ubuntu, and macOS machines

  • Cloud Shell works on Android or MacOS that has Powershell Core 6.0 installed

  • Windows PowerShell and Command Prompt can be used to install the CLI on a computer

4. Describe general security and network security features (10-15%)

4.1 Describe Azure security features

  • The Azure Firewall protects the network infrastructure

  • The Azure DDoS Protection provides protection against distributed denial of service attacks

  • Network Security Groups restrict inbound and outbound traffic. They are used to secure Azure environments

  • Azure Multi-Factor Authentication provides an extra level of security when users log into the Azure Portal. It is available for administrative and non-administrative user accounts

  • The Azure Key Vault can be used to store secrets, certificates, or database passwords etc.

  • Azure Information Protection encrypts documents and email messages

  • Azure AD Identity Protection can make users that try to login from an anonymous IT address to need to change their password

  • Authentication is the process of verifying a user´s credentials

4.2 Describe Azure network security

  • A Network Security Group can filter network traffic to and from Azure resources in an Azure virtual network. They can also ensure that traffic restrictions are in place so that a database server can only communicate with the web browser

  • An Azure Virtual Network can provide an isolated environment for hosting of virtual machines

  • A Virtual Network Gateway is needed to connect an on-premise data center to an Azure Virtual Network using a Site-to-Site connection

  • A Local Network Gateway can represent a VPN device in the cloud context

Leave a comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest