Examworthyexamworthy.comMicrosoft Azure Fundamentals (AZ-900) cheat sheet
Microsoft
Free to share. Examworthy is not affiliated with or endorsed by Microsoft; AZ-900 and related marks belong to their respective owners.
At a glance
Format: Multiple choice and multiple response, at a Pearson VUE testing center or online proctored
Domain weight map
Heaviest first - spend your time hereHow this exam thinks
AZ-900 is a recognition exam: read a short need, then name the single Azure service or concept built for it while rejecting the close-sounding neighbours that do a different job.
Spot the trap
Tempting wrong answers, and why they failTempting but wrong
An availability zone spans two regions in a geography for cross-region recovery
Why it fails
That describes a region pair, which operates above the region level. An availability zone sits inside a single region as a physically separate datacentre and serves as a resiliency isolation boundary within that region, not across regions.
Describe Azure Architecture and Services
Tempting but wrong
Azure Policy gives you a single unified view that discovers and classifies data across all sources
Why it fails
Azure Policy enforces rules on Azure resource configurations such as allowed regions or required tags. It operates on resource settings, not on data, so it cannot map, classify, or trace the lineage of a data estate. Microsoft Purview is the tool that gives a unified view of data across on-premises, multicloud, and SaaS sources.
Describe Azure Management and Governance
Tempting but wrong
The physical datacentre is my responsibility because I pay for the capacity in it
Why it fails
Paying for capacity does not make the physical datacentre yours to manage. The shared responsibility model lists the physical datacentre as always the provider's responsibility, never the customer's, in every service model.
Describe Cloud Concepts
Tempting but wrong
A resource group is the physical isolation boundary made of separate datacentres
Why it fails
A resource group is a logical management container with no physical datacentre or independent power meaning. The construct made of physically separate datacentres acting as an isolation boundary within a region is the availability zone.
Describe Azure Architecture and Services
Tempting but wrong
Microsoft Defender for Cloud discovers and classifies data across on-premises, multicloud, and SaaS sources
Why it fails
Microsoft Defender for Cloud assesses security posture and surfaces protection recommendations. Its focus is security, not discovering and classifying the data estate. Microsoft Purview is the data governance service that catalogues, classifies, and traces lineage across all data sources.
Describe Azure Management and Governance
Tempting but wrong
The physical hosts that run my workloads are something I have to maintain
Why it fails
Even though your workloads run on them, the physical hosts are placed permanently with the provider regardless of service type. The customer never maintains the underlying hardware in the shared responsibility model.
Describe Cloud Concepts
Tempting but wrong
A deployed VM or database is itself called a resource group
Why it fails
A resource group is the logical container that holds related items, not the deployed item. The individually created VM, network, or database is the resource; the group is just where it is placed.
Describe Azure Architecture and Services
Tempting but wrong
Azure Resource Manager by itself can project on-premises and other-cloud servers into Azure
Why it fails
Azure Resource Manager is the management layer that processes create, update, and delete requests, and Arc relies on it, but ARM alone does not reach out to external machines. Azure Arc is the capability that projects non-Azure servers and clusters into ARM so they can be governed like native Azure resources.
Describe Azure Management and Governance
Key terms
Exam-day rules
- Read the need first, then the options. AZ-900 questions are short and the wording usually names the exact job, so identify what is required before you weigh any service.
- Beat the close-pair traps on scope. When two services overlap, ask who or what each one governs: identity (Entra ID) versus security posture (Defender for Cloud), configuration rules (Policy) versus a single resource lock.
- Map benefit words to definitions, not feelings. Scalability is sizing to demand, high availability is staying up through failure, cost predictability is forecasting spend; do not pick the answer that merely sounds reassuring.
- Anchor service-type questions to the shared responsibility model. Data and identities are always yours; if the scenario needs operating-system control it is IaaS, and if it wants a ready-made application it is SaaS.
- Watch multiple-response questions. Some items ask you to select more than one correct answer, so read the instruction and pick every option that fits, not just the first good one.
Revision schedule
- Day 1Map the blueprint and book a date
- Week 1Lock the shared responsibility model and service types
- Week 2Build the Azure architecture hierarchy
- Weeks 2 to 3Drill compute, storage, identity, and security services
- Week 3Cover cost, governance, and monitoring tools