Part 2 : Passed AZ-900. With a Score over 900. Section 1, 2 and 3

  • Describe cloud concepts (20–25%)
  • Describe core Azure services (15–20%)
  • Describe core solutions and management tools on Azure (10–15%)
  • Describe general security and network security features (10–15%)
  • Describe identity, governance, privacy, and compliance features (20–25%)
  • Describe Azure cost management and Service Level Agreements (10–15%)

Describe cloud concepts (20–25%)

Tip : This section has the most verbose questions from my experience in practice tests. Watch out for dis-tractors, questions with specific justification can only have the right answer. So subset or even 1st guess is always right.

Could Models

Advantages of Cloud Computing

  1. High Availability — No downtime
  2. HA = (Uptime/(Uptime + Downtime)) * 100
  3. Depends on SLA for each service
  4. Increase HA by running workloads on multiple Availability Zones
  5. Load Balancer — Evenly distributed traffic to multiple servers in one or more data centers. Routes the traffic to only available data centers with servers.

Scalability -

  1. Vertical — Increase computing capacity by adding RAM or CPU to one Virtual machine.
  2. Horizontal — increase computing capacity by adding instances of resources i.e virtual machines to your configuration.

Elasticity -

  1. Auto-scaling so applications always have the resources they need.
  2. Automatically increase or decrease capacity based on traffic, memory and computing power.

Agility -

  1. Deploy and configure quickly
  1. to indicate done via APIs and demand
  2. Geo-distribution
  3. Data centers around the globe

Disaster Recovery

  1. Backup services, data replication and geo distribution.
  2. Power outages, network failures, natural disaster, etc

Fault Tolerance

  1. This is to do with Uptime in case of faults in any model, how resilient is the system.

Consumption based Model

  1. End users only pay for the resources they use, based on real time constraints on billing

CapEx vs OpEx

  1. Capital Expenditure
  1. Own Infrastructure
  2. Big Initial Investment
  3. Lot of maintenance
  1. There is no upfront cost as you Pay-As-You-Go for a service or product as you use it.
  2. Rent Infrastructure
  3. No initial investment
  4. Operational team maintenance

Serverless Computing

  1. Eliminating the need to manage infrastructure.
  2. Tip: remember PSM. Provisions, Scales and Manages the infrastructure required to run the code.
  3. Invisible to the developer

Types of Cloud Computing

Public Cloud -Servers and storage are owned and operated by a third party cloud service provider and delivered over the internet

  1. Used exclusively by users from one business or organization. Either on-premises data centers or 3rd party providers.
  1. Combines public & private cloud by allowing data and application to be shared between them.

Exam Tip : Read up as much as you can. This is such a section where questions come from any and all corners.

Describe core Azure services (15–20%)

Compute services

  1. Azure Compute is an on-demand computing service for running cloud-based applications.
  2. Examples are Azure VMs, Azure Container Instances, App Service and Azure Functions.

Azure Virtual Machines (AVMs)

Tip: VP-MSN- short for Virtual Processor, Memory Storage and Networking resources.

Virtual Machine Scale sets designed to support Autoscale. (Vertical and/or Horizontal). Machines are identical and Load Balanced vMs.

Azure Batch — High Performance Computing batch jobs.

Containers and Kubernetes

Multiple instances of a containerized application on a single host machine.

Azure Functions

  1. Triggers used to perform response to an event (via REST request), timer or message.
  2. Choose the amount of memory & duration.

Azure App Service

  1. Build, deploy & Scale enterprise-grade apps.
  2. It is a PaaS
  3. It offers automatic scaling and high availability.
  4. Types


  1. Azure VPN Gateway
  1. Site-to-site connection (vNET to data center)
  2. Point-to-Site connection (device to vNET)
  3. Network-to-Network connection (vNET to vNET)
  1. Policy based VPNs
  1. IPSec tunnels are modelled as network interface or virtual tunnel interface. To be used when
  2. Connection between vNETs
  3. Point to site connections
  4. Multiple connections
  5. Co-existence with Azure Express Route gateway.
  6. Features
  1. Sizes
  1. For On-premise
  2. VPN device
  3. Public facing (internal-routable) IPv4 address
  1. Azure Express Route
  1. Microsoft Cloud Services
  2. MS Dynamics 365
  3. Azure Compute services such as VMs
  4. Azure Cloud services such as Azure CosmosDB and Azure Storage.
  5. Connectivity Models

Azure Virtual Network (vNET)


Isolation and Segmentation

Divide private IP address space into subnets

Internet Communications

Enable incoming connections from the internet by defining a public IP address or public load balancer.

Communication between Azure resources

Virtual Networks not only VMs but PowerApps, AKS, VMSS, etc

Communication with on-premises resources

Link on-prem with Azure Subscription

Client computer initiates an encrypted VPN connection to Azure to connect to the Azure Virtual Network.

Site-to-Site VPN

Route network traffic

Connection/traffic between vNET, On-premises and/or internet

Network Security Groups

inbound/Outbound rules to block/allow based on IP, Port and Protocol.

Virtual Network Peering

Peering — enables resources in each virtual network to communicate with each other.


Architectural Components and Service Guarantees

  1. US DoD Central, US Government Virginia, US Government Iowa, etc
  2. China East, China North, etc — Partnership with Microsoft 21vianet.
  3. T-Systems German data trustee German Central & German Northeast.
  1. Americas
  2. Europe
  3. Asia Pacific
  4. Middle east
  5. Africa
  1. Central US
  2. East US2
  3. West US2
  4. West Europe
  5. France Central
  6. North Europe
  7. Southeast asia
  1. AZ are physically separate data centers within an Azure region.
  1. AZ is primarily for VMs, managed disks, load balancers and SQL databases.

Azure region must have at least 3 AZs

What is region-pair

  1. Each Azure region is always paired with another region within same geography at least 300 miles away

Services would fail over to other regions in region-pair.

Resource Group

  1. Fundamental element of Azure platform
  2. Logical container for resources deployed on Azure.
  3. All resources must be in a resource group and resource can only be a member of a single resource group.

Logical Grouping

  1. Based on usage, type or location.

Azure Resource Manager

  1. It is a management layer.
  2. Create, update, delete, organize, manage, control and tag resources in AZ Subscription.
  3. Accessing using Azure Portal, Azure Powershell, Azure CLI, REST Clients.


  1. Management Groups — These groups help you manage access, policy and compliance for multiple subscriptions. All subscriptions in the management group automatically inherit the conditions applied to the management group.



  1. Billing boundary
  2. Access control boundary

Resource groups

Resources — Azure resource is a manageable item that’s available through Azure Virtual Machines (VMs), storage accounts, web apps, databases and virtual networks are all examples of resources.

Azure Storage

  1. Storage account — 500 TB. 2PB for US & Europe
  2. IaaS or/and PaaS
  3. SLA is upto 11 nines to 16 nines
  4. Storage Account -> Container -> Blob
  1. Standard — less critical
  2. Premium — Mission Critical
  3. Ultra — Data intensive

Blob storage — Object Serverless Storage

  1. Binary or text data in massive amounts
  2. Audio, Video, Images of 8TB
  3. Unstructured

Azure Files (Shared Volumes)

  1. Accessed via Server Message Block (SMB) and Network File System protocols.
  2. Shared Access Signature (SAS) token and SAS URI

Blob Access Tiers

  1. Hot -access tier — frequent access
  2. Cool — access tier — At Least 30 days
  3. Archive access tier — At Least 180 days

Describe core solutions and management tools on Azure (10–15%)

Core Services


Azure CosmosDB is a globally distributed, multi-model database service.

Azure SQL

  1. Relational database based on MS SQL server database engine.
  2. PaaS (DBaaS — Structured)
  3. It enables both relational and non-relational structure such as graphs, JSON, spatial and XML.
  4. Migrations can be done via Azure Database Migration Service via Microsoft Data Migration Assistant.

Azure SQL Managed Instance

  1. Scalable cloud data service that provides the broadcast.
  2. It is PaaS
  3. SLA is 99.99% uptime.
  4. SQL DB does not have Cyrillic characters support but SQL Managed Instance does.
  5. Migration Process flow Discover -> Assess-> Migrate->CutOvers->Optimize

Azure database for MySQL

  1. LAMP — Linux Apache MySQL PHP
  2. Relational database service based on MySQL Community Edition database engine version 5.6, 5.7 & 8.0.
  3. SLA 99.99%
  4. Point in time restore to recover a server to an earlier state as far back as 35 days.

Azure Database for PostgreSQL

  1. Relational Database service based on community version of the open-source PostgreSQL database engine.
  2. High Availability
  3. Simple & Flexible Pricing
  4. Scale up or down as needed within seconds.
  5. Adjustable automatic backups and point-in-time restore for upto 35 days.
  6. Enterprise grade security of data at-rest (encryption on disk) and in-motion SSL encryption b/w client & server.

Azure Synapse Analytics (formerly Azure SQL Data Warehouse)

  1. Data warehousing + Big data analytics
  2. You query data on your terms by using either serverless or provisioned resources at scale.
  1. Big data analytics
  2. Massively Parallel Processing (MPP) of SQL Server data.
  3. Pipelines, Studio, Spark, Synapse SQL, Azure data lake Storage Gen 2

Azure HDInsights

  1. Extraction Transformation and Loading (ETL), data warehousing, machine learning and IoT.
  2. Apache Hadoop, Apache Kafka, Apache Storm and Machine Learning services.

Azure Databricks

  1. Open source
  2. Apache Spark based analytics
  3. Unlock insights from all your data and build artificial solutions
  4. Supports Python, Scala, R, Java and SQL. Also Tensor flow, PyTorch and scikit-learn.

IoT Hub, IoT Central & Sphere

  1. IoT enables devices to gather and then relay information
  2. Smart devices are equipped with sensors that collect data.

IoT Hub

IoT Hub is a message hub for communication between IoT applications and devices Bi directional communication.

IoT Central

SaaS on top of IoT Hub

Azure Sphere — Hardware and OS of the device to secure message sending.

  1. 3 parts

Azure Machine Learning, Cognitive Services and Bot service

  1. Deep Learning — modeled on a neutral network of the human mind, enabling it to discover learning and grow through experience.
  2. Machine Learning — data science technique using existing data to train a model, test it and then apply to model to forecast future outcomes.

Azure ML

Create a process to obtain data.

Azure Cognitive Services

  1. Pre-trained models easily included by few lines of code to API.
  2. 4 categories

Azure Bot Service

  1. Bot Service is for a use case Virtual agents to communicate.
  2. Via text, speech and or interactive cards.

Azure DevOps, Github and GitHub Actions

  1. GitHub — Git is a decentralized source code management tool and Github is a hosted version of Git that serves as a remote.
  2. Toolchain — output of 1 tool is input to the next in the tool chain.

Azure DevTest Labs

  1. Anything you can deploy in Azure via a ARM template and pre-provisioned through Dev/Test Labs.

Management Tools

Azure Advisor — provides recommendations on

Reliability (High availability)

Azure Monitor

  1. Logs & Metrics — Application, OS, Resource, Subscription Tenant, Custom services and Real Time alerts.

Azure Service Health

  1. Health of Azure services, regions and resources
  3. Only major issues all small & big issues, & provides Root Cause Analysis
  4. Service issues, Planned Maintenance, Health advisories.


ARM Templates — JSON format templates are verified before any code is executed to ensure resources will be created correctly and connected correctly. Then orchestrates the operation in parallel.

Azure Functions (nano service & event-based)

  1. Service you may host a single method or function by using programming in the cloud that runs in response to an event.
  2. Atomic in nature
  3. C#, Python, Javascript, Typescript, Java and powershell.
  4. AF scale automatically and changes occur only when triggered.

Azure Logic Apps (PaaS)

  1. Low-code / no-code
  2. Enterprise Application Integration (EAI) with Azure logic apps you can choose connectors from galleries such as Salesforce, SAP, OracleDB and File Share.
  3. 200+ connectors
  4. Difference between Azure Functions and Azure Logic Apps
  5. AF pricing is based on the number of executions and running time of each execution.
  6. ALA pricing is based on the number of executions and the type of connectors that it utilizes.

Conclusion lets just say BEST OF LUCK. See you on the other side after you cross this bridge.

Let me know in the comments if anything.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya Naidu

Aditya Naidu

Have been working as a Techie for the past 15 years and excellence in domains such as IoT 4.0, BFSI, Telecom, e-com and more recently AI.