My AZ-900 Journey: Third Practice Test - A New Question Set and What It Exposed

After scoring 94.59% on my second attempt at Set 1, I moved on to an entirely new question bank: Tutorial Dojo Set 2. Fresh questions, different scenarios, and a more honest test of where my knowledge actually stands. The result was 81.82%, a drop from the previous attempt, and that drop is worth understanding properly.

The Result

Overall Score - Set 2

81.82%

63 out of 77 points

First attempt at a brand new question set

PASSED

Questions

41:23

Time Taken

70%

Pass Threshold

Breakdown by Category

Describe Cloud Concepts

92.31% was 92.86%

Describe Azure Architecture and Services

81.40% was 92.11%

Describe Azure Management and Governance

76.19% was 100%

All three domains cleared the 70% passing threshold. Cloud Concepts remained the strongest category.

Understanding the Drop

The score went from 94.59% down to 81.82%, and the first instinct is to read that as a regression. It is not. Here is why:

This is a completely different question set. Set 1 was attempted twice, which means by the second run there was some familiarity with question patterns even if not specific answers. Set 2 is fresh material with new scenarios, different wording, and different traps. Comparing the score on Set 2 to the score on Set 1 repeat is not an apples-to-apples comparison.

The time tells the real story. Set 1 was completed in around 23 minutes both times. Set 2 took 41 minutes and 23 seconds, nearly double. That is not because of slowness but because these questions required more careful reading and deliberation. That is the correct response to harder questions.

81.82% on an unfamiliar question set is still a pass with comfortable margin. The exam threshold is 70%. Scoring 81.82% with 11 percentage points of headroom, on questions I have never seen before, reflects genuine understanding rather than pattern recognition.

Progress Across All Three Tests

Set 1 - Attempt 1

83.78%

23:02

Set 1 - Attempt 2

94.59%

23:38

Set 2 - Attempt 1

81.82%

41:23

What This Test Exposed

Going through the detailed explanations after the test, a few patterns emerged in the questions I got wrong.

Defense-in-Depth Layer Ordering

One question asked me to correctly order all seven layers of the defense-in-depth security model. This is a question that looks straightforward but requires precise recall of the ordering, not just knowing that the layers exist. The correct order from first to seventh is:

Physical Security
Identity and Access
Perimeter
Network
Compute
Application
Data

Knowing the layers conceptually is not enough here. The exam wants the exact sequence, and getting any layer out of place costs points on a multi-part question.

Application Security Groups vs Network Security Groups

The distinction between Application Security Groups (ASGs) and Network Security Groups (NSGs) is subtle and worth being precise about. NSGs filter traffic across an entire virtual network. ASGs let you group virtual machines logically and apply security rules to those groups without managing explicit IP addresses. If a question asks specifically about grouping VMs and applying policies to those groups without IP address management, the answer is ASG, not NSG.

Azure Preview Stages

A question about Azure preview stages caught me out. The three stages are:

Private Preview - invitation only, available to a selected subset of customers
Public Preview - available to all Azure customers, but without the standard SLA commitments
General Availability (GA) - fully released, supported by all Microsoft support channels, available to all customers

The tricky part is that GA is available to all customers, not just a subset. That is an easy assumption to get backwards under pressure.

Storage Redundancy for Cross-Region Failover

Several questions tested the nuances between storage redundancy options. The key rule to remember:

LRS (Locally Redundant Storage) - three copies within a single data centre in one region. Does not survive a regional failure.
ZRS (Zone-Redundant Storage) - three copies across availability zones within one region. Does not survive a full regional failure.
GRS (Geo-Redundant Storage) - primary region plus a secondary region. Survives a regional failure. This is the cost-effective option for cross-region protection.
GZRS (Geo-Zone-Redundant Storage) - ZRS in the primary region plus a secondary region. More resilient but more expensive than GRS.

If a question asks for cross-region protection that is also cost-effective, GRS is the right answer. GZRS satisfies cross-region protection but at higher cost.

What I Am Revising Before the Exam

Final Revision Focus Areas

Defense-in-depth layer ordering

Memorise the exact sequence from Physical Security through to Data, not just the names of the layers.

ASG vs NSG distinction

Be precise about when to choose Application Security Groups over Network Security Groups, particularly around IP address management and VM grouping.

Storage redundancy options

Lock down LRS vs ZRS vs GRS vs GZRS, especially which options survive a full regional failure and which are most cost-effective for cross-region scenarios.

Azure preview release stages

Be clear that Private Preview is invite-only, Public Preview is open to all customers, and GA is fully supported and open to all customers.

Where Things Stand

Three practice tests in, the overall picture is this: I can consistently pass on unfamiliar material, and the questions I get wrong are almost always precision errors rather than fundamental gaps in understanding. I knew what Azure Service Health was. I knew the defense-in-depth model existed. What I sometimes missed was the exact detail that distinguishes the right answer from a plausible distractor.

That is actually a good position to be in heading into the real exam. The foundation is solid. What is left is sharpening the edges.

If you are working through AZ-900 and want to compare notes, feel free to reach out.