Free sample — No sign-in required. Real AZ-900 content, real exam format.
AZ-900 · Azure Fundamentals

See what a full
AZ-900 course looks like

A real sample of the study guide, practice questions, and flashcards MS Exam Prep generates from Microsoft Docs.

Get your full AZ-900 course → Browse the sample
Study Guide Extract

Domain 1: Describe Cloud Concepts

Sample objective from the AZ-900 study guide MS Exam Prep generates — sourced exclusively from Microsoft Docs.

The Shared Responsibility Model

In Azure, security and compliance responsibilities are divided between Microsoft and the customer. The split depends on the service type (IaaS, PaaS, or SaaS) — understanding this model is a core AZ-900 exam objective.

Microsoft is always responsible for:

  • Physical datacentre security and hardware
  • Network infrastructure and host hypervisor
  • Physical hosts and the physical network

The customer is always responsible for:

  • Data stored in the cloud
  • Identity and access management (who has access to what)
  • Devices connecting to the cloud (endpoints)
  • Accounts and identities of internal users

Responsibility shifts by service model: With IaaS you manage the OS, middleware, and applications. With PaaS, Microsoft manages the underlying platform — you manage your data and applications. With SaaS, Microsoft manages almost everything.

💡 Exam Thinking

The exam often tests the boundary between Microsoft and customer responsibility in a given scenario. Remember: Microsoft always owns the physical infrastructure; the customer always owns their data and identities. The OS and application layers shift depending on the service model.

Cloud Deployment Models

Azure supports three deployment models, each suited to different organisational needs:

Public cloud: Resources are owned and operated by a third-party provider (Microsoft) and delivered over the internet. You share infrastructure with other organisations but have logical isolation. No upfront capital expenditure required.

Private cloud: Cloud resources used exclusively by one organisation. Can be hosted on-premises or by a third party. Gives maximum control and customisation, but carries the full cost and responsibility of maintaining hardware.

Hybrid cloud: Combines public and private cloud. Allows data and apps to be shared between them. Useful for regulatory requirements, gradual migration, or burst scenarios (extending capacity to the public cloud when on-premises resources are exhausted).

💡 Exam Thinking

Questions about deployment models often describe a scenario — look for the key constraint. Regulatory or data-sovereignty requirement? → Private or hybrid. Cost sensitivity, no existing hardware? → Public. Keep some workloads on-premises but extend to the cloud? → Hybrid.

CapEx vs OpEx: The Consumption-Based Model

Traditional on-premises IT uses Capital Expenditure (CapEx) — large upfront purchases for servers and infrastructure. Azure uses an Operational Expenditure (OpEx) model.

The consumption-based model means:

  • No upfront cost for infrastructure
  • You pay only for what you use
  • Resources can be provisioned quickly and deprovisioned when no longer needed
  • Predictable billing based on actual consumption
💡 Exam Thinking

AZ-900 frequently asks why cloud computing is described as OpEx. The key phrase is "no upfront cost" and "pay for what you use." Contrast this with CapEx where you purchase and maintain your own hardware — even if utilisation is low.

Practice Questions

AZ-900 Practice MCQ

5 questions from the Cloud Concepts domain. Click an answer to check. Your full course includes 2–3 questions per objective.

Score: 0/5
Question 1 of 5
In the shared responsibility model, which of the following is always the responsibility of the cloud provider?
A
Securing the customer's application data
B
Physical security of the datacenter
C
Managing user accounts and identities
D
Configuring firewall rules on virtual machines
✅ Correct! The cloud provider is always responsible for the physical infrastructure — datacentres, servers, and physical networking. Customer data, identities, and application config are always the customer's responsibility.
❌ Incorrect. The correct answer is B. Physical datacenter security is always the cloud provider's responsibility. Data, identities, and firewall config are the customer's responsibility regardless of service model.
Question 2 of 5
A company wants to deploy resources with no upfront infrastructure costs, paying only for what they consume. Which billing model does this describe?
A
Capital Expenditure (CapEx)
B
Fixed monthly subscription
C
Consumption-based (OpEx) model
D
Reserved instance pricing
✅ Correct! Azure's consumption-based model is an Operating Expenditure (OpEx) model — no upfront cost, pay only for what you use, scale up or down on demand.
❌ Incorrect. The correct answer is C. The consumption-based (OpEx) model means no upfront hardware investment — you pay for usage. CapEx involves large upfront purchases of hardware.
Question 3 of 5
A healthcare organisation must keep patient data within a specific country due to regulatory requirements, but wants to use cloud services for less sensitive workloads. Which deployment model is most appropriate?
A
Public cloud only
B
Hybrid cloud
C
Community cloud
D
Private cloud only
✅ Correct! A hybrid cloud allows sensitive, regulated data to stay in a private/on-premises environment while less sensitive workloads run in the public cloud. It's the ideal fit for organisations with mixed compliance requirements.
❌ Incorrect. The correct answer is B — Hybrid cloud. It lets the organisation keep regulated patient data on-premises (or in a private cloud) while using public cloud for everything else. Private cloud only would mean forgoing cloud benefits entirely for non-regulated workloads.
Question 4 of 5
Which cloud service model gives the customer the most control over the operating system and middleware?
A
Software as a Service (SaaS)
B
Platform as a Service (PaaS)
C
Infrastructure as a Service (IaaS)
D
Function as a Service (FaaS)
✅ Correct! IaaS gives you the most control — you manage the OS, middleware, runtime, and applications. The provider handles the physical infrastructure and hypervisor. Azure Virtual Machines is a classic IaaS example.
❌ Incorrect. The correct answer is C — IaaS. With IaaS you manage the OS, patches, middleware and applications. PaaS removes OS management; SaaS removes almost everything from the customer's responsibility.
Question 5 of 5
What does "high availability" mean in the context of Azure services?
A
Services remain accessible with minimal downtime, even during failures
B
The ability to recover a service after a major disaster
C
The ability to add more compute resources on demand
D
Distributing workloads across multiple geographic regions
✅ Correct! High availability ensures a service continues to function with minimal interruption. Azure achieves this through redundancy, health monitoring, and automatic failover. It's measured as a percentage uptime (e.g., 99.9%).
❌ Incorrect. The correct answer is A. High availability = minimal downtime. Option B describes disaster recovery, C describes scalability, and D describes geographic distribution (which supports HA but isn't the definition itself).
Flashcards

AZ-900 Flashcards

Click a card to reveal the answer. Use the arrows to move between cards.

Card 1 of 5
Click to reveal answer
What is the shared responsibility model?
Shared Responsibility Model
A framework defining which security tasks Microsoft handles (physical infrastructure, host, network) and which the customer handles (data, identities, applications). Responsibility shifts by service model: IaaS → PaaS → SaaS, with more moving to Microsoft as you go up the stack.

Ready for your full AZ-900 course?

Sign in free to generate your complete personalised course — study guide, 60+ practice questions, flashcard deck, and slide deck. All from Microsoft Docs.

📖 Full study guide ✅ 60+ practice questions 🃏 Complete flashcard deck 📊 Exam-prep slides 🤖 AI learning agent
Get your full AZ-900 course →