🛡️ Azure Security Services - AZ-900 Practice Questions

Explore Microsoft Defender for Cloud, Azure Key Vault, Azure DDoS Protection, Network Security Groups, and security best practices.

1Questions Available
1Exam Domains

Practice Security Questions Now

Start a timed practice session focusing on Azure Security Services topics from the AZ-900 question bank.

Start AZ-900 Practice Quiz →

How Security Is Really Tested in AZ-900

Security questions in AZ-900 test layered protection mindset rather than one-tool memorization. Microsoft expects you to map threat type to the correct security service and control plane.

The exam frequently contrasts identity controls, network controls, and data protection controls. Correct answers usually combine multiple layers for defense in depth.

Look for requirement hints such as secret storage, posture management, or DDoS mitigation to identify the intended service quickly.

Security service choices AZ-900 commonly checks

Decision PointOption AOption BExam Takeaway
Secret and key protectionAzure Key Vault for centralized secret/key/certificate managementStore credentials in app configuration files or codeCredential protection scenarios typically point to Key Vault as best practice.
Security posture visibilityMicrosoft Defender for Cloud recommendations and threat insightsNo centralized security posture monitoringGovernance and hardening questions often expect Defender for Cloud usage.
Network attack mitigationUse NSGs/firewall controls with DDoS protections where requiredOpen network exposure with minimal filteringPublic-facing workload protection scenarios usually require explicit network safeguards.

Baseline hardening for new Azure landing environment

A new environment must enforce secret protection, detect risky configurations, and reduce external attack surface before production launch.

  • Move sensitive credentials into managed secret storage.
  • Enable security posture assessment and prioritized remediation.
  • Apply network segmentation and filtering controls.
  • Define monitoring and alerting for high-risk security events.

Common Exam Trap: Relying on perimeter-only controls without identity and secret governance layers is a frequent exam misstep.

AZ-900 Security Question Bank (1 Questions)

Browse all 1 practice questions covering Azure Security Services for the AZ-900 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Describe Azure architecture and services

    What is Network Security Group (NSG) in Azure?

    AA firewall appliance deployed in a VNet
    BA set of security rules that filter inbound and outbound network traffic for Azure resources
    CA managed DDoS protection service
    DA private DNS zone for VNet resources

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-900 Quiz

Key Security Concepts for AZ-900

defender for cloudkey vaultddos protectionnsgnetwork security groupsecurity centersentinel

AZ-900 Security Exam Tips

Azure Security Services questions in AZ-900 are typically scenario-based. Focus on Azure fundamentals, service purpose recognition, and cost/governance basics. Priority concepts: defender for cloud, key vault, ddos protection, nsg, network security group, security center.

What AZ-900 Expects

  • Anchor your answer in pick concise foundational answers and avoid advanced implementation details.
  • Security scenarios for AZ-900 are frequently mapped to Domain 3 (30-35%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where Security interacts with identity, networking, governance, or monitoring patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Fundamentals) and vendor best practices.

High-Value Security Concepts

  • Know the core Security building blocks cold: defender for cloud, key vault, ddos protection, nsg.
  • Review the edge-case features and limits for network security group, security center; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Security pairs with Identity, Networking, Governance in real deployment patterns.
  • For AZ-900, explain why the chosen Security design meets reliability, security, and cost expectations better than the alternatives.

Common AZ-900 Traps

  • Watch for mixing IaaS, PaaS, and SaaS responsibilities.
  • Questions in Describe Azure Management and Governance often include distractors that look correct for Security but violate least-privilege, compliance, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Security implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Describe Azure Management and Governance (30-35%) outcomes for AZ-900?
  • Can you explain security and access boundaries for Security without relying on default-open assumptions?
  • Can you describe how Security integrates with Identity and Networking during failure, scaling, and monitoring events?

Exam Domains Covering Security

Domain 3Describe Azure Management and Governance30-35%

Related Resources

🎯 Free AZ-900 Mock Exam Identity Questions Networking Questions Governance Questions

More AZ-900 Study Resources

← AZ-900 Study Hub30-Day Study PlanFull Practice Exam