Are you preparing for the AZ-900 certification? Then this cheat sheet is exactly what you need. We’ve compiled the most frequently tested topics based on real exam experiences. Additionally, we’ve organized everything for quick review before your test day.
This guide focuses on what actually appears on the exam. Instead of covering everything in Azure, we highlight the essential concepts. As a result, you’ll study smarter, not harder.
Quick Exam Overview
First, let’s review the basics. The AZ-900 exam contains 40-60 questions. You’ll have 85 minutes to complete them. Furthermore, you need 700 points out of 1000 to pass.
The exam costs $99 USD. However, many training programs offer discount vouchers. Therefore, check for special pricing before paying full price.
Cloud Concepts: The Foundation
What Cloud Computing Really Means
Cloud computing delivers services over the internet. These include servers, storage, and software. Instead of buying hardware, you rent what you need.
Think of it like electricity. You don’t own the power plant. Rather, you pay for what you use each month. Similarly, cloud computing works on a consumption model.
Three Cloud Deployment Models
Public Cloud is the most common type. Microsoft owns the infrastructure. Meanwhile, multiple customers share the same physical resources. However, your data remains completely separate.
Private Cloud offers dedicated resources. Only your organization uses them. Consequently, this option provides maximum control. Nevertheless, it costs significantly more.
Hybrid Cloud combines both approaches. For example, keep sensitive data on-premises. At the same time, use public cloud for other workloads. This flexibility suits many businesses perfectly.
Understanding IaaS, PaaS, and SaaS
These three models appear constantly on the exam. Therefore, know them well.
IaaS (Infrastructure as a Service) gives you virtual machines. You control everything from the OS upward. For instance, Azure Virtual Machines represent IaaS. You manage updates, security, and applications.
PaaS (Platform as a Service) handles infrastructure for you. Instead, you focus purely on your code. Azure App Service exemplifies this model. Microsoft manages servers while you deploy applications.
SaaS (Software as a Service) provides ready-to-use software. Microsoft 365 is a perfect example. You simply log in and start working. No installation or maintenance required.
The Shared Responsibility Model
This topic appears frequently in exam questions. Security responsibilities split between you and Microsoft.
Microsoft always handles physical security. This includes datacenters, networks, and hardware. They also manage host infrastructure.
You always control your data and access. Additionally, you manage user accounts and passwords. Your responsibility also includes endpoint security.
The middle layer varies by service model. With IaaS, you handle more. Conversely, with SaaS, Microsoft manages more. Therefore, understanding these shifts is crucial for exam success.
CapEx vs OpEx Explained Simply
Traditional IT requires Capital Expenditure (CapEx). You buy expensive hardware upfront. Then it depreciates over time. Moreover, you risk buying too much or too little capacity.
Cloud computing uses Operational Expenditure (OpEx). Instead of big purchases, you pay monthly. This approach offers several advantages. First, you preserve cash for other needs. Second, you avoid obsolete technology. Third, you scale costs with business growth.
Azure Core Services
Regions and Availability Zones
Azure operates in 60+ regions globally. Each region contains one or more datacenters. Choosing regions affects performance and compliance.
Availability Zones provide additional protection. These are physically separate datacenters within regions. Each zone has independent power and cooling. Therefore, zone failures don’t affect others.
However, not all regions have Availability Zones. This detail appears in exam scenarios. Remember that Availability Zones cost more but provide better reliability.
Resource Groups Explained
Resource groups organize your Azure resources. Think of them as folders for related items. For example, group all resources for one application together.
Here’s a critical point: deleting a resource group removes everything inside. Therefore, always double-check before deletion. Additionally, resources can move between groups when needed.
Best practices include organizing by lifecycle. Group resources that you’ll create and delete together. Alternatively, organize by environment like development or production.
Subscription Management
Subscriptions are billing agreements with Microsoft. Most companies use multiple subscriptions. This helps separate costs by department or project.
Each subscription has its own spending limits. Furthermore, subscriptions provide administrative boundaries. Resources in different subscriptions can still communicate. However, you need proper network configuration.
The hierarchy works this way: Management Groups contain Subscriptions. Then Subscriptions contain Resource Groups. Finally, Resource Groups contain individual Resources.
Virtual Machines Essentials
VMs provide complete control over computing. You choose the operating system and software. However, you’re also responsible for maintenance.
VM sizes optimize for different workloads. For example, some emphasize CPU power. Meanwhile, others focus on memory or storage. Choose the right size for your needs.
Availability Sets distribute VMs across fault domains. This protects against hardware failures. Similarly, Scale Sets automatically create identical VMs. This enables automatic scaling based on demand.
Azure App Service Benefits
App Service is fully managed PaaS. You deploy code without managing servers. Microsoft handles updates, scaling, and infrastructure.
Supported languages include .NET, Java, Python, and Node.js. Additionally, App Service includes many built-in features. These include SSL certificates, custom domains, and authentication.
Deployment slots enable testing before production. For instance, deploy to a staging slot first. Then swap to production after testing. This approach minimizes deployment risks.
Serverless with Azure Functions
Functions run code without managing servers. You pay only for execution time. Consequently, Functions work perfectly for intermittent tasks.
Common scenarios include processing files and scheduled jobs. Additionally, Functions respond to database changes. They also build lightweight APIs efficiently.
Two pricing plans exist. The Consumption plan charges per execution. Meanwhile, the Premium plan provides dedicated resources. Choose based on your performance needs.
Azure Storage Types
Azure Storage includes four distinct services. Each serves different purposes.
Blob Storage handles unstructured data. Use it for images, videos, and backups. Three access tiers exist: Hot, Cool, and Archive. Hot costs more but provides faster access. Conversely, Archive costs least but requires rehydration.
File Storage provides network file shares. These work like traditional file servers. Access them via SMB protocol from anywhere.
Queue Storage enables messaging between applications. Messages wait in queues for processing. This decouples application components effectively.
Table Storage offers simple NoSQL databases. Store structured data without complex schemas. It’s perfect for large datasets with simple queries.
Virtual Network Basics
Virtual Networks (VNets) create private networks in Azure. Your resources communicate securely within VNets. Additionally, VNets connect to on-premises networks.
Subnets divide VNets into smaller segments. This helps organize resources by function. Furthermore, subnets enable different security policies.
VNet Peering connects two virtual networks. This allows resources to communicate across VNets. Peering works within regions or across them.
VPN Gateway provides secure connections. Use it to connect Azure with on-premises networks. Alternatively, connect multiple Azure regions together.
Identity and Access Management
Azure Active Directory Overview
Azure AD is your cloud identity service. It manages users and their access to resources. However, it differs from traditional Active Directory.
Key features include single sign-on. Users sign in once to access multiple applications. Additionally, multi-factor authentication adds security layers.
Azure AD integrates with thousands of SaaS apps. This includes Salesforce, Dropbox, and more. Therefore, users enjoy seamless access everywhere.
Role-Based Access Control
RBAC assigns permissions through roles. This approach is more secure than giving everyone full access. Azure provides many built-in roles.
The Owner role provides full control. Meanwhile, Contributor can manage resources but not access. Reader can only view resources.
Roles apply at different scopes. These include Management Groups, Subscriptions, Resource Groups, and Resources. Additionally, roles inherit down the hierarchy.
Always follow least privilege principles. Give users only the permissions they need. This reduces security risks significantly.
Azure Policy for Governance
Azure Policy enforces organizational rules. Policies can prevent or audit resource configurations. For example, require all resources to have tags.
Policies differ from RBAC importantly. RBAC controls who can do what. Conversely, Policy controls what can be done. Both work together for complete governance.
Policies apply to new and existing resources. They can automatically remediate non-compliant resources. Therefore, Policy maintains standards continuously.
Resource Locks
Locks prevent accidental changes to critical resources. Two types exist for different needs.
CanNotDelete allows modifications but prevents deletion. Meanwhile, ReadOnly prevents all changes. Users can only view the resource.
Locks inherit to child resources automatically. Even Owners must remove locks before deletion. This provides strong protection against mistakes.
Cost Management and Billing
Azure Pricing Calculator
This tool estimates costs before deployment. Add services and configure their options. Then see estimated monthly costs immediately.
Several factors affect pricing. First, your chosen region matters significantly. Additionally, resource sizes impact costs. Usage patterns also play a major role.
Always use the calculator before deploying. This prevents unexpected bills later. Furthermore, compare different configurations easily.
Total Cost of Ownership Calculator
The TCO Calculator compares cloud versus on-premises costs. It considers all expenses, not just hardware.
On-premises costs include electricity and cooling. Additionally, count physical security and maintenance staff. Don’t forget software licensing and datacenter space.
Many organizations underestimate true on-premises costs. The TCO Calculator reveals the complete picture. Often, cloud migration saves more than expected.
Cost Management Tools
Azure Cost Management tracks spending in real-time. View costs by resource, resource group, or tag. This helps identify where money goes.
Set budgets with automatic alerts. For instance, get notified at 80% of budget. This prevents overspending before it happens.
Additionally, Cost Management suggests optimizations. Recommendations include rightsizing underused resources. Following these tips reduces costs significantly.
Understanding Azure Pricing
Azure uses pay-as-you-go pricing by default. You pay only for what you consume. However, other options can save money.
Reserved Instances provide significant discounts. Commit to one or three years for savings. This works well for predictable workloads.
Spot VMs use excess Azure capacity. They cost much less than regular VMs. However, Azure can reclaim them when needed.
Security and Compliance
Network Security Groups
NSGs filter network traffic to resources. They contain rules allowing or denying connections. Each rule specifies source, destination, and ports.
Rules have priority numbers. Lower numbers are evaluated first. Therefore, order your rules carefully.
Apply NSGs to subnets or network interfaces. This provides flexible security control. Additionally, NSGs are stateful. Return traffic is allowed automatically.
Azure Firewall
Azure Firewall is a managed network security service. It provides centralized protection for VNets. Unlike NSGs, Firewall offers advanced features.
Features include application-level filtering. Additionally, Firewall supports threat intelligence. It can automatically block known malicious addresses.
Firewall is fully managed by Microsoft. You don’t maintain hardware or software. However, it costs more than basic NSGs.
Defense in Depth
This security strategy uses multiple layers. If one layer fails, others still protect. Think of it like castle defenses.
Layers include physical security at datacenters. Then network security with firewalls. Additionally, identity and access control. Finally, application and data security.
Each layer addresses different threats. Together, they provide comprehensive protection. This approach is fundamental to cloud security.
Azure Security Center
Security Center provides unified security management. It monitors resources across Azure. Additionally, it works with on-premises resources.
Security Center offers recommendations continuously. These cover networking, storage, and compute. Follow recommendations to improve security posture.
Advanced features include threat protection. This detects and responds to attacks. Furthermore, Security Center integrates with other tools.
Service Level Agreements
Understanding SLAs
SLAs define Microsoft’s uptime commitments. Most services guarantee 99.9% or higher availability. This means less than 43 minutes downtime monthly.
Different services have different SLAs. For example, VMs with Availability Zones get higher SLAs. Meanwhile, single-instance VMs have lower guarantees.
SLAs include financial credits for downtime. If Microsoft misses the target, you get refunds. However, you must claim these credits.
Composite SLAs
When combining services, calculate composite SLAs. Multiply individual SLAs together. For example, two 99.9% services give 99.8% together.
This calculation matters for architecture decisions. Adding more services decreases overall availability. Therefore, design systems carefully.
However, you can improve composite SLAs. Use redundancy and failover strategies. Deploy across multiple regions or zones.
Support Plans
Available Support Tiers
Azure offers five support plans. Each provides different features and response times.
Basic comes free with all accounts. However, it only covers billing support. Technical support isn’t included.
Developer costs $29 monthly. It suits development and testing scenarios. Response time is within 8 business hours.
Standard costs $100 monthly. This works for production workloads. Response time drops to 1 hour for critical cases.
Professional Direct costs $1000 monthly. It includes faster responses and architectural guidance. You also get a dedicated support team.
Premier offers customized pricing and features. This suits large enterprises with complex needs.
Monitoring and Management
Azure Monitor
Monitor collects data about resource performance. It gathers two types of information.
Metrics are numerical values over time. These include CPU usage and memory consumption. Metrics update in real-time.
Logs record specific events with details. Use them for troubleshooting complex issues. Logs provide more context than metrics.
Create alerts based on metrics or logs. Alerts notify you when problems occur. Additionally, alerts can trigger automated responses.
Azure Advisor
Advisor analyzes your Azure environment continuously. Then it provides personalized recommendations. These cover five categories.
Reliability recommendations improve availability and resilience. Security suggestions protect against threats. Performance tips speed up applications.
Cost advice helps reduce spending. Finally, Operational Excellence guidance improves management practices.
Following recommendations optimizes your environment. Many improvements require just a few clicks. Therefore, check Advisor regularly.
Study Tips for Quick Success
Focus on High-Yield Topics
Not all topics are equally important. Focus on areas that appear most frequently. This cheat sheet already highlights them.
Spend extra time on cloud concepts. Additionally, master the service models thoroughly. These foundational topics appear throughout the exam.
Use Hands-On Practice
Create a free Azure account immediately. Experiment with the services we’ve discussed. Practical experience reinforces learning effectively.
Try creating VMs and storage accounts. Additionally, set up virtual networks. Then configure RBAC and policies. Hands-on practice beats reading alone.
Take Multiple Practice Tests
Practice exams reveal your weak areas. They also familiarize you with question formats. Take at least three practice tests.
Review every wrong answer carefully. Understand why the correct answer is right. Additionally, learn why wrong answers are incorrect.
Understand, Don’t Memorize
The exam tests understanding, not memorization. Know when to use each service. Additionally, understand why one option is better.
Focus on decision-making scenarios. For example, when should you use VMs versus App Service? Similarly, when is Blob storage better than File storage?
Final Exam Day Tips
Review this cheat sheet the night before. Don’t study new material on exam day. Instead, relax and trust your preparation.
Arrive early at the testing center. Alternatively, prepare your testing environment for online exams. Ensure stable internet and quiet surroundings.
Read each question carefully. Look for key words like “most cost-effective” or “highest availability.” These words guide you to correct answers.
Don’t spend too much time on one question. If stuck, mark it for review. Then move forward and return later.
Your Path to Certification
This cheat sheet covers the essential exam topics. You now know what appears most frequently. Therefore, focus your remaining study time wisely.
Remember that AZ-900 is just the beginning. It opens doors to advanced certifications. Consider AZ-104 or AZ-204 as next steps.
Start your hands-on practice today. Use Microsoft Learn for free training. Then take practice tests regularly.
Your cloud computing career starts with this certification. Approach the exam with confidence. You’ve got this!
Good luck on your AZ-900 journey!
Leave a Comment