Are you preparing for the AZ-700 Design and Implement Azure Network Solutions exam? This study guide will share with you how to prepare and pass the AZ-700: Microsoft Certified Azure Network Engineer Associate successfully (with links to exam objectives).
In This Article
Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.
After the recent announcement of the new certifications exams that focus on Security, Compliance, and Identity (SCI) solutions and the Microsoft Azure Virtual Desktop specialty exam, Microsoft Learning announced a new associate certification exam for Azure Networking Solutions which expands Azure training and certification portfolio.
While preparing to take this exam myself, I would like to share with you how to prepare and pass the AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam successfully. To prepare for this exam, I usually use a couple of online resources, mainly Microsoft Docs, Microsoft Learn, and Training Labs, which I am going to share with you in the next section.
Updated on 16/08/2021 – In this exam, I got around 59 questions in total with 2 case studies, and 2 sections with Yes/No answers. There are no lab questions. The total time for this exam is 120 minutes (2 hours). The exam is very long and a bit tough, you need to manage your time and prepare very well. The questions do pretty much match the list of skills measured below.
The exam is available starting mid of July 2021 in the Beta phase at the time of this writing. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.
Exam Target Audience
The candidates for the Azure Network Engineer Associate certification should have subject matter expertise in planning, implementing, and maintaining Azure networking solutions, including hybrid networking, connectivity, routing, security, and private access to Azure services.
Responsibilities for this role include recommending, planning, and implementing Azure networking solutions. Professionals in this role manage the solutions for performance, resiliency, scale, and security. They deploy networking solutions by using the Azure Portal and other methods, including PowerShell, Azure Command-Line Interface (CLI), and Azure Resource Manager templates (ARM templates).
As an Azure Network Engineer, you work and collaborate with solution architects, cloud administrators, security engineers, application developers, and DevOps engineers to deliver Azure solutions.
To prepare for this exam, you should have expert Azure administration skills, in addition to extensive experience and knowledge of networking, hybrid connections, and network security.
Please note that to take this exam, you must have expert Azure administration skills. Check my AZ-104 Exam: Microsoft Certified Azure Administrator Associate study guide to get prepared.
Successful Azure Network Engineers start this role with experience in enterprise networking, on-premises or cloud infrastructure, and network security. As a prerequisite for this exam, you should be familiar with the following:
- Understanding on-premises virtualization technologies, including virtual networking and VMs.
- Understanding network configurations, including TCP/IP, Domain Name System (DNS), firewalls, and encryption technologies.
- Understanding of software-defined networking.
- Understanding hybrid network connectivity methods, such as VPN.
- Understanding resilience and disaster recovery, including high availability and restore operations regarding networking.
Skills measured on this exam
This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft Learning.
I have also included the direct link to the Microsoft documentation so you can read more about each objective.
Design, Implement and Manage Hybrid Networking (10–15%)
Design, implement and manage a site-to-site VPN connection
- Design a site-to-site VPN connection for high availability
- Select an appropriate virtual network (VNet) gateway SKU
- Identify when to use policy-based VPN versus route-based VPN
- Create and configure a local network gateway
- Create and configure an IPsec/IKE policy
- Create and configure a virtual network gateway
- Diagnose and resolve VPN gateway connectivity issues
Design, implement and manage a point-to-site VPN connection
- Select an appropriate virtual network gateway SKU
- Plan and configure RADIUS authentication
- Plan and configure certificate-based authentication
- Plan and configure OpenVPN authentication
- Plan and configure Azure Active Directory (Azure AD) authentication
- Implement a VPN client configuration file
- Diagnose and resolve client-side and authentication issues
Design, implement and manage Azure ExpressRoute
- Choose between provider and direct model (ExpressRoute Direct)
- Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
- Select an appropriate ExpressRoute SKU and tier
- Design and implement ExpressRoute Global Reach
- Design and implement ExpressRoute FastPath
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering
- Configure Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a virtual network to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection
- Diagnose and resolve ExpressRoute connection issues
Design and Implement Core Networking Infrastructure (20–25%)
Design and implement private IP addressing for VNets
- Create a VNet
- Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, and VNet-integrated platform services
- Plan and configure subnet delegation
Design and implement name resolution
- Design public DNS zones
- Design private DNS zones
- Design name resolution inside a VNet
- Configure a public or private DNS zone
- Link a private DNS zone to a VNet
Design and implement cross-VNet connectivity
- Design service chaining, including gateway transit
- Design VPN connectivity between VNets
- Implement VNet peering
Design and implement an Azure Virtual WAN architecture
- Design an Azure Virtual WAN architecture, including selecting SKUs and services
- Connect a VNet gateway to Azure Virtual WAN
- Create a hub in Virtual WAN
- Create a network virtual appliance (NVA) in a virtual hub
- Configure virtual hub routing
- Create a connection unit
Design and Implement Routing (25–30%)
Design, implement and manage VNet routing
- Design and implement user-defined routes (UDRs)
- Associate a routing table with a subnet
- Configure forced tunneling
- Diagnose and resolve routing issues
Design and implement an Azure Load Balancer
- Choose an Azure Load Balancer SKU (Basic versus Standard)
- Choose between public and internal
- Create and configure an Azure Load Balancer (including cross-region)
- Implement a load balancing rule
- Create and configure inbound NAT rules
- Create explicit outbound rules for a load balancer
Design and implement Azure Application Gateway
- Recommend Azure Application Gateway deployment options
- Quickstart: Direct web traffic with Azure Application Gateway using Azure Portal
- Quickstart: Direct web traffic with Azure Application Gateway using Azure PowerShell
- Quickstart: Direct web traffic with Azure Application Gateway using Azure CLI
- Quickstart: Direct web traffic with Azure Application Gateway using ARM template
- Choose between manual and autoscale
- Create a back-end pool
- Configure health probes
- Configure listeners
- Configure routing rules
- Configure HTTP settings
- Configure Transport Layer Security (TLS)
- Configure rewrite policies
Implement Azure Front Door
- Choose an Azure Front Door SKU
- Configure health probes, including customization of HTTP response codes
- Configure SSL termination and end-to-end SSL encryption
- Configure multisite listeners
- Configure back-end targets
- Configure routing rules, including redirection rules
Implement an Azure Traffic Manager profile
- Configure a routing method (mode)
- Configure endpoints
- Create HTTP settings
Design and implement an Azure Virtual Network NAT
- Choose when to use a Virtual Network NAT
- Allocate public IP or public IP prefixes for a NAT gateway
- Associate a Virtual Network NAT with a subnet
Secure and Monitor Networks (15–20%)
Design, implement and manage an Azure Firewall deployment
- Design an Azure Firewall deployment
- Create and implement an Azure Firewall deployment
- Configure Azure Firewall rules
- Create and implement Azure Firewall Manager policies
- Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub
- Integrate an Azure Virtual WAN hub with a third-party NVA
Implement and manage network security groups (NSGs)
- Create an NSG
- Associate an NSG to a resource
- Create an application security group (ASG)
- Associate an ASG to a NIC
- Create and configure NSG rules
- Interpret NSG flow logs
- Validate NSG flow rules
- Verify IP flow
Implement a Web Application Firewall (WAF) deployment
- Configure detection or prevention mode
- Configure rule sets for Azure Front Door, including Microsoft managed and user-defined
- Configure rule sets for Application Gateway, including Microsoft managed and user-defined
- Implement a WAF policy
- Associate a WAF policy
- Configure network health alerts and logging by using Azure Monitor
- Create and configure a Connection Monitor instance
- Configure and use Traffic Analytics
- Configure NSG flow logs
- Enable and configure diagnostic logging
- Configure Azure Network Watcher
Design and Implement Private Access to Azure Services (10–15%)
Design and implement Azure Private Link service and Azure Private Endpoint
- Create a Private Link service
- Plan private endpoints
- Create private endpoints
- Configure access to private endpoints
- Integrate Private Link with DNS
- Integrate a Private Link service with on-premises clients
Design and implement service endpoints
- Create service endpoints
- Configure service endpoint policies
- Configure service tags
- Configure access to service endpoints
Configure VNet integration for a dedicated platform as a service (PaaS) services
- Configure App Service for regional VNet integration
- Configure Azure Kubernetes Service (AKS) for regional VNet integration
- Configure clients to access App Service Environment
Microsoft Learn – Study Resources
To prepare for this exam, I use the new Microsoft Learn, a great resource and provides self-paced skills training on a variety of Azure Networking topics. I highly recommend checking the following 8 modules:
- Introduction to Azure virtual networks (11 units)
- Design and implement hybrid networking (9 units)
- Design and implement Azure ExpressRoute (11 units)
- Load balance non-HTTP(S) traffic in Azure (7 units)
- Load balance HTTP(S) traffic in Azure (7 units)
- Design and implement network security (11 units)
- Design and implement private access to Azure Services (8 units)
- Design and implement network monitoring (5 units)
Microsoft Documentation – Study Resources
I gathered all the resources available on Microsoft documentation to help you get prepared ahead of time and pass this exam.
Links to relevant reading from the official Microsoft documentation for each skill tested in the AZ-700 exam are listed below:
- Architect network infrastructure in Azure
- Explore Azure Networking Services
- Secure Network Connectivity on Azure
- Secure and isolate access to Azure resources by using Network Security Groups and Service Endpoints
- Monitor and troubleshoot your end-to-end Azure network infrastructure by using network monitoring tools
- Configure the network for your virtual machines
- Connect your on-premises network to the Microsoft global network by using ExpressRoute
- Distribute your services across Azure virtual networks and integrate them by using virtual network peering
- Connect your on-premises network to Azure with VPN Gateway
- Manage and control traffic flow in your Azure deployment with routes
- Encrypt network traffic end to end with Azure Application Gateway
- Implement network security in Azure
- Troubleshoot inbound network connectivity for Azure Load Balancer
- Design an IP addressing schema for your Azure deployment
- Centralize your core services by using a hub and spoke Azure virtual network architecture
- Design a hybrid network architecture on Azure
- Configure and manage virtual networks for Azure administrators
- Implement Windows Server IaaS VM networking
- Introduction to Azure Firewall
- Introduction to key Azure network security services
- Introduction to Secure Application Delivery with Azure network security
- Introduction to Secure Network Infrastructure with Azure network security
- Implement hybrid network infrastructure
- Introduction to Azure Front Door
- Introduction to Azure Virtual WAN
Check the following step-by-step hands-on labs that will help you to gain more practical experience. At the time of this writing, these labs are still new and they will evolve:
- Exercise 1 – Design and implement a Virtual Network in Azure
- Exercise 2 – Configure DNS configuration in Azure
- Exercise 3 – Connect two Azure Virtual Networks using global virtual network peering
- Exercise 4 – Create and configure a virtual network gateway
- Exercise 5 – Create a Virtual WAN by using Azure Portal
- Exercise 6 – Configure an ExpressRoute Gateway
- Exercise 7 – Provision an ExpressRoute circuit
- Exercise 8 – Create and configure an Azure load balancer
- Exercise 9 – Create a Traffic Manager profile using the Azure Portal
- Exercise 10 – Deploy Azure Application Gateway
- Exercise 11 – Create a Front Door for a highly available web application using the Azure Portal
- Exercise 12 – Configure DDoS Protection on a virtual network using the Azure Portal
- Exercise 13 – Deploy and configure Azure Firewall using the Azure Portal
- Exercise 14 – Secure your virtual hub using Azure Firewall Manager
- Exercise 15 – Create an Azure private endpoint using Azure PowerShell
- Exercise 16 – Restrict network access to PaaS resources with virtual network service endpoints
- Exercise 17 – Secure your virtual hub using Azure Firewall Manager
At the time of this writing, there are two books that you can use to prepare for this exam.
The first one, the Azure Networking cookbook is published by my fellow MVP, Mustafa Toroman – Manage your network more effectively with the Azure Networking Cookbook – 2nd Edition. You can download this ebook for free here.
The e-book features step-by-step information on how to:
- Create and work on hybrid connections.
- Configure and manage Azure network services.
- Design high availability network solutions.
- Monitor and troubleshoot network resources.
- Connect local networks to virtual networks.
This e-book also includes a link to an example code bundle on GitHub to help you learn. I highly recommend this hands-on guidance book to prepare for this exam.
The second book, Microsoft Azure Network Security published by Microsoft Press and written by two of Microsoft’s leading Azure network security experts. You can purchase this book from Amazon here.
This book features expert, start-to-finish guidance for every Azure cloud environment, regardless of size or complexity, and cover the following Azure network security concepts:
- Chapter 1 Introduction to Azure Network Security
- Chapter 2 Secure Azure Network architectures
- Chapter 3 Controlling traffic with Azure Firewall
- Chapter 4 Traffic Inspection in Azure Networks
- Chapter 5 Secure application delivery with Azure Web Application Firewall
- Chapter 6 Mitigating DDoS attacks
- Chapter 7 Enabling Network Security log collection
- Chapter 8 Security monitoring with Azure Sentinel, Security Center, and Network Watcher
- Chapter 9 Combining Azure resources for a holistic network security strategy
This book is for Security Operations (SecOps) analysts, cybersecurity/information security professionals, network security engineers, and other IT professionals. It’s also for individuals with security responsibilities in any Azure environment, no matter how large, small, simple, or complex.
If you are interested to prepare for this exam using video training, then I highly recommend checking the following resources:
- Pluralsight: Managing Microsoft Azure Networking
- LinkedIn Learning:
- Udemy: AZ-700 Designing and Implementing Azure Networking Exam 2021
- YouTube: AZ-700 Designing and Implement Azure Networking Study Cram 3 hours
Instructor-led virtual training
Last but certainly not least, if you prefer instructor-led training, Microsoft released the AZ-700T00 3 days course. This course teaches Network Engineers how to design, implement, and maintain Azure networking solutions. This course covers the process of designing, implementing, and managing core Azure networking infrastructure, Hybrid Networking connections, load balancing traffic, network routing, private access to Azure services, network security, and monitoring. Learn how to design and implement a secure, reliable, network infrastructure in Azure and how to establish hybrid connectivity, routing, private access to Azure services, and monitoring in Azure.
Schedule AZ-700 Exam
Updated – 20/07/2021 –At the time of this writing, Microsoft launched the AZ-700 exam in beta mode, if you would like to take the beta exam and receive the 80% discount*, use the code below when prompted for payment:
You must register for the exam on or before August 17, 2021. The seats are offered on a first-come, first-served basis. Please note that this beta exam is NOT available in Turkey, Pakistan, India, or China.
If you would like to take the beta exam and receive the 80% discount*, bookmark my study guide here where I will share the code to register for this exam before the end of July 2021. Please note that the seats are offered on a first-come, first-served basis.
Once you are ready, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.
Other Microsoft Azure Exam Study Guides
Are you interested in another Azure certification exam? I highly encourage you to check out the following Azure exam study guides:
- Exam AZ-900: Microsoft Azure Fundamentals Exam Study Guide
- Exam AZ-104: Microsoft Azure Administrator Exam Study Guide
- Exam AZ-140: Microsoft Azure Virtual Desktop Exam Study Guide
- Exam AZ-204: Developing Solutions for Microsoft Azure Exam Study Guide
- Exam AZ-303: Microsoft Azure Architect Technologies Exam Study Guide
- Exam AZ-304: Microsoft Azure Architect Design Certification Exam Study Guide
- Exam AZ-500: Microsoft Azure Security Technologies Exam Study Guide
- Exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Exam Study Guide
- Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Exam Study Guide
- Exam SC-200: Microsoft Security Operations Analyst Exam Study Guide
- Exam SC-300: Microsoft Identity and Access Administrator Exam Study Guide
- Exam SC-400: Microsoft Information Protection Administrator Exam Study Guide
- Exam MS-500: Microsoft 365 Security Administrator Exam Study Guide
If you are planning to take this exam… I wish you all the best and Happy Studying!!!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.