Welcome to this set of 10 carefully selected practice questions for Domain 2 of the AZ-900 exam: Describe Azure Architecture and Services. These questions are designed to help you test your understanding of key concepts like Azure regions, availability zones, resource groups, compute options, and core Azure services. Each question comes with a clear explanation to not only help you get the right answer, but also understand the logic behind it.
Whether you’re reviewing before exam day or just getting started with Azure, this quick quiz will help reinforce what you’ve learned and highlight any gaps in your knowledge.
Question: Which Azure service lets you run event-driven code without managing any servers?
- Azure Virtual Machines
- Azure App Service
- Azure Functions
- Azure Batch
Correct Answer
C. Azure Functions
Explanation:
Azure Functions is serverless and executes code only when triggered, so no servers or scaling tasks are managed by you.
Azure Virtual Machines give full OS control, but you still patch, scale, and maintain the VMs.
Azure App Service hosts web and API apps on managed servers, yet the underlying compute still exists and incurs cost while an app is idle.
Azure Batch schedules large parallel or batch jobs on pools of VMs, which again require capacity planning and VM management.
Question: Which Azure service provides global, latency-optimized, Layer 7 routing for HTTP and HTTPS traffic while also offering built-in web application firewall features?
- Azure Load Balancer
- Azure Application Gateway
- Azure Traffic Manager
- Azure Front Door
Correct Answer
D. Azure Front Door
Explanation:
Azure Front Door is a globally distributed entry point that accelerates traffic and includes a web application firewall, so it meets both requirements.
Azure Load Balancer works at Layer 4 and is scoped to a single region, so it lacks global reach and Layer 7 routing.
Azure Application Gateway delivers Layer 7 routing and WAF, but it is regional, not global.
Azure Traffic Manager performs DNS-based load balancing worldwide, yet it does not inspect Layer 7 data or include a firewall.
Question: Your company needs a logical container to hold related resources such as virtual machines, storage accounts, and databases that share the same lifecycle and permissions. What should you create?
- An Azure subscription
- A management group
- A resource group
- An availability set
Correct Answer
C. A resource group
Explanation:
A resource group groups resources for common management, access control, and lifecycle, so it is the correct choice.
An Azure subscription is a billing boundary that can contain many resource groups, but it is broader than needed.
A management group organizes multiple subscriptions, not individual resources.
An availability set only places virtual machines in separate fault and update domains, offering no grouping for other resource types.
Question: Which option enables a private, dedicated connection from an on-premises data center to Azure that bypasses the public internet, providing consistent latency and higher security?
- Azure VPN Gateway
- Azure Virtual Network peering
- Azure ExpressRoute
- Azure Bastion
Correct Answer
C. Azure ExpressRoute
Explanation:
Azure ExpressRoute uses a partner or point-to-point link to create a private circuit to Microsoft’s network, avoiding the public internet.
Azure VPN Gateway uses encrypted tunnels over the public internet, so latency can fluctuate.
Azure Virtual Network peering links two Azure virtual networks, not an on-premises site.
Azure Bastion provides secure SSH or RDP into Azure virtual machines, not site connectivity.
Your company has deployed identical web apps in East US and West Europe to reach global customers. You need an Azure service that automatically directs each visitor to the closest region based on network latency, improving response time without modifying the app.
Question: Which Azure service best meets this requirement?
- Azure Load Balancer
- Azure Application Gateway
- Azure Traffic Manager
- Virtual Network Peering
Correct Answer
Azure Traffic Manager
Explanation:
Azure Traffic Manager performs DNS-level routing using latency profiles, so users are sent to the nearest healthy endpoint, which matches the goal.
Azure Load Balancer is regional and works at Layer 4 inside a single region only, so it cannot distribute traffic across continents.
Azure Application Gateway adds layer-7 routing and WAF features but still operates within one region, so it will not pick the lowest-latency region for each user.
Virtual Network Peering simply connects VNets for private traffic flow; it does not provide any user-facing load-balancing or latency-based routing.
Question: A development team wants to run containerized workloads that start quickly and bill only while the container is running, without managing underlying virtual machines or orchestrators. Which service should they choose?
- Azure Virtual Machines
- Azure Kubernetes Service
- Azure Container Instances
- Azure App Service
Correct Answer
C. Azure Container Instances.
Explanation:
Azure Container Instances lets you deploy a single container or group on demand with per-second billing and no VM management.
Azure Kubernetes Service removes much cluster overhead but still requires orchestrator configuration and node maintenance.
Azure Virtual Machines place full responsibility for OS patching and scaling on the user.
Azure App Service can host containerized web apps, yet it keeps resources warm and charges even when idle.
Question: Your organization runs a mission-critical application in a single Azure region. Management wants protection from a datacenter power loss within that region, with automatic failover to a separate physical location in the same region. Which Azure feature meets this need?
- Availability Set
- Availability Zone
- Resource Group
- Virtual Machine Scale Set
Correct Answer
B. Availability Zone
Explanation:
- Availability Zone places replicas in separate datacenters inside one region, so a local facility outage will not bring down the workload.
- Availability Set only spreads VMs across fault and update domains within one datacenter, leaving them vulnerable to a full site failure.
- Resource Group is a logical container for permissions and lifecycle, not a resiliency feature.
- Virtual Machine Scale Set handles horizontal scaling but does not guarantee placement across distinct datacenters.
Question: A team needs a fully managed file share that supports the SMB protocol so on-premises Windows and Linux servers can mount it without refactoring applications. Which storage option should you choose?
- Azure Blob Storage
- Azure Disks
- Azure Files
- Azure Table Storage
Correct Answer
C. Azure Files
Explanation:
Azure Files offers SMB file shares with cloud or on-premises mounting, so it matches the requirement.
Azure Blob Storage is for object data accessed by REST or SDK, not by SMB file paths.
Azure Disks provide block storage attached to a single virtual machine, not a multi-host share.
Azure Table Storage is a NoSQL key–value store and cannot act as a traditional file system.
Question: You want to speed up delivery of large static images to users worldwide by caching the files at edge locations closer to customers. Which Azure service is designed for this scenario?
- Azure CDN
- Azure Application Gateway
- Azure Traffic Manager
- Azure ExpressRoute
Correct Answer
A. Azure CDN
Explanation:
Azure CDN caches content on a global edge network, reducing latency for static assets.
Azure Application Gateway is a regional layer-7 load balancer and web application firewall, but it does not cache at edges.
Azure Traffic Manager directs traffic using DNS but still serves content from the original endpoints.
Azure ExpressRoute provides a private circuit to Azure for enterprise networks, not public content acceleration.
Question: A development group needs a relational database service that is fully managed by Microsoft, offers automatic backups, and does not require operating-system patching or manual high-availability configuration. Which option fits best?
- Azure SQL Database
- SQL Server running on an Azure Virtual Machine
- Azure Cosmos DB
- Azure Database Migration Service
Correct Answer
A. Azure SQL Database
Explanation:
Azure SQL Database is Platform as a Service, so Microsoft handles patching, backups, and built-in HA.
SQL Server running on an Azure Virtual Machine leaves OS maintenance, backups, and clustering to the customer.
Azure Cosmos DB is a globally distributed NoSQL database, not a relational SQL engine.
Azure Database Migration Service only moves data between sources, it is not a production database platform.
