The Microsoft Azure AZ-700 exam has been developed for professionals having subject matter expertise in planning, implementing, and maintaining Azure networking solutions, including hybrid networking, connectivity, routing, security, and private access to Azure services. Moreover, the demand for becoming Microsoft Certified: Azure Network Engineer Associate is increasing. Many candidates are preparing for the AZ-700 exam to pass and get certified for this role. This as a result has also increased the level of the exam. So, in order to pass the exam, in this blog, we will be covering everything related to the AZ-700 exam including the preparation guide to help you pass the exam.
However, to make things simpler, this AZ-700 exam guide is divided into steps to begin the journey in a manner full way.
Step by Step Study Guide for Microsoft AZ-700 Exam
Step 1: Understand the AZ-700 Exam Pattern
Microsoft AZ-700 exam is created for candidates having skills and knowledge for designing, applying, and maintaining Azure networking solutions. They also handle the hybrid networking, connectivity, routing, security, and private access to Azure services.
Azure Network Engineer Tasks:
- Azure Network Engineer is responsible for suggesting, planning, and applying Azure networking solutions.
- Secondly, they control the solution for performance, resiliency, scale, and security.
- Third, they have the ability in deploying networking solutions using the Azure Portal and other techniques like PowerShell, Azure Command-Line Interface (CLI), and Azure Resource Manager templates (ARM templates).
- Lastly, the Azure Network Engineer has to operate with solution architects, application developers, cloud administrators, security engineers, and DevOps engineers for delivering Azure solutions.
Knowledge Requirements:
Candidates taking the exam must gain expert-level knowledge and skills in Azure administration. They must have a high level of understanding of networking, hybrid connections, and network security.
AZ-700 Exam Format:
Microsoft AZ-700 exam will have 40-60 questions in the exam. However, this exam validates the candidate’s abilities for executing tasks like planning and applying core networking infrastructure, securing networks, planning, and implementing private access to Azure Services. This exam is available in the English language at the cost of $165 USD*. Further, to pass the exam, candidates have to score a minimum of 700.
Step 2: Get familiar with the Exam Objectives
Consider this a crucial part of your preparation. Exam topics are very important in every exam. It is also essential to read through each section in order to gain a deeper understanding of the topic. There are several topics for the Microsoft AZ-700 test, each with sections and subsections. Let’s take a look at them!
Design and implement core networking infrastructure (25–30%)
Design and implement private IP addressing for Azure resources
- Plan and implement network segmentation and address spaces (Microsoft Documentation: Implement network segmentation patterns on Azure)
- Create a virtual network (VNet) (Microsoft Documentation: Create a virtual network using the Azure portal)
- Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion (Microsoft Documentation: Integrate your app with an Azure virtual network, Create a site-to-site VPN connection in the Azure portal, Azure networking services overview)
- Plan and configure subnet delegation (Microsoft Documentation: What is subnet delegation, Add or remove a subnet delegation)
- Plan and configure shared or dedicated subnets
- Create a prefix for public IP addresses (Microsoft Documentation: Public IP address prefix)
- Choose when to use a public IP address prefix
- Plan and implement a custom public IP address prefix (bring your own IP) (Microsoft Documentation: Custom IP address prefix (BYOIP))
- Create a public IP address (Microsoft Documentation: Create, change, or delete an Azure public IP address)
- Associate public IP addresses to resources (Microsoft Documentation: Associate a public IP address to a virtual machine)
- Upgrade IP address SKU
Design and implement name resolution
- Design name resolution inside a VNet (Microsoft Documentation: Name resolution for resources in Azure virtual networks)
- Configure DNS settings for a VNet
- Design public DNS zones (Microsoft Documentation: Overview of DNS zones and records)
- Design private DNS zones (Microsoft Documentation: What is a private Azure DNS zone)
- Configure a public or private DNS zone (Microsoft Documentation: Azure Private Endpoint DNS configuration)
- Link a private DNS zone to a VNet (Microsoft Documentation: What is a virtual network link)
- Design and implement Azure DNS Private Resolver
Design and implement VNet connectivity and routing
- Design service chaining, including gateway transit (Microsoft Documentation: Virtual network peering, Configure VPN gateway transit for virtual network peering)
- Implement VNet peering
- Implement and manage virtual networks by using Azure Virtual Network Manager
- Design and implement user-defined routes (UDRs) (Microsoft Documentation: Virtual network traffic routing)
- Associate a route table with a subnet (Microsoft Documentation: Create, change, or delete a route table)
- Configure forced tunneling
- Diagnose and resolve routing issues (Microsoft Documentation: Diagnose a virtual machine routing problem)
- Design and implement Azure Route Server (Microsoft Documentation: What is Azure Route Server)
- Identify appropriate use cases for a network address translation (NAT) gateway
- Implement a NAT gateway (Microsoft Documentation: Create a NAT gateway using the Azure portal)
Monitor networks
- Configure monitoring, network diagnostics, and logs in Azure Network Watcher (Microsoft Documentation: What is Azure Network Watcher)
- Monitor and troubleshoot network health by using Azure Network Watcher
- Monitor and troubleshoot networks by using Azure Monitor Network Insights
- Activate and monitor distributed denial-of-service (DDoS) protection (Microsoft Documentation: What is Azure DDoS Protection)
- Evaluate network security recommendations identified by Microsoft Defender for Cloud Secure Score
- Evaluate network security recommendations identified by Microsoft Defender For Cloud Attack Path Analysis
- Identify network resources by using Microsoft Defender for Cloud Security Explorer
Design, implement, and manage connectivity services (20–25%)
Design, implement, and manage a site-to-site VPN connection
- Design a site-to-site VPN connection, including for high availability (Microsoft Documentation: Highly Available cross-premises and VNet-to-VNet connectivity)
- Select an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements (Microsoft Documentation: What is Azure VPN Gateway)
- Implement a site-to-site VPN connection (Microsoft Documentation: Create a site-to-site VPN connection)
- Identify when to use a policy-based VPN versus a route-based VPN connection
- Create and configure a local network gateway
- Create and configure an IPsec/Internet Key Exchange (IKE) policy (Microsoft Documentation: Configure custom IPsec/IKE connection policies for S2S VPN and VNet-to-VNet: PowerShell)
- Create and configure a virtual network gateway
- Diagnose and resolve virtual network gateway connectivity issues
- Implement Azure Extended Network (Microsoft Documentation: Extend your on-premises subnets into Azure)
Design, implement, and manage a point-to-site VPN connection
- Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
- Select and configure a tunnel type
- Select an appropriate authentication method
- Configure RADIUS authentication (Microsoft Documentation: Plan NPS as a RADIUS server, RADIUS authentication with Azure Active Directory)
- Configure authentication by using Microsoft Entra ID (Microsoft Documentation: Azure Active Directory authentication)
- Implement a VPN client configuration file (Microsoft Documentation: Configure the Azure VPN Client)
- Diagnose and resolve client-side and authentication issues
- Specify Azure requirements for Always On VPN
- Specify Azure requirements for Azure Network Adapter (Microsoft Documentation: Use Azure Network Adapter to connect a server to an Azure Virtual Network)
Design, implement, and manage Azure ExpressRoute
- Select an ExpressRoute connectivity model (Microsoft Documentation: ExpressRoute connectivity models)
- Select an appropriate ExpressRoute SKU and tier (Microsoft Documentation: ExpressRoute virtual network gateways)
- Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery (Microsoft Documentation: Designing for disaster recovery with ExpressRoute private peering, Designing for high availability with ExpressRoute)
- Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct (Microsoft Documentation: ExpressRoute FastPath, About ExpressRoute Direct, ExpressRoute Global Reach)
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering
- Configure Microsoft peering (Microsoft Documentation: Create and modify peering for an ExpressRoute)
- Create and configure an ExpressRoute gateway (Microsoft Documentation: Configure a virtual network gateway for ExpressRoute)
- Connect a virtual network to an ExpressRoute circuit (Microsoft Documentation: Connect a virtual network to an ExpressRoute)
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute (Microsoft Documentation: ExpressRoute encryption)
- Implement Bidirectional Forwarding Detection (Microsoft Documentation: Configure BFD over ExpressRoute)
- Diagnose and resolve ExpressRoute connection issues (Microsoft Documentation: Verify ExpressRoute connectivity)
Design and implement an Azure Virtual WAN architecture
- Select a Virtual WAN SKU (Microsoft Documentation: What is Azure Virtual WAN)
- Design a Virtual WAN architecture, including selecting types and services
- Create a hub in Virtual WAN
- Choose an appropriate scale unit for each gateway type (Microsoft Documentation: Scaling Application Gateway v2 and WAF v2)
- Deploy a gateway into a Virtual WAN hub
- Configure virtual hub routing (Microsoft Documentation: How to configure virtual hub routing)
- Integrate a Virtual WAN hub with a third-party NVA for cloud connectivity
Design and implement application delivery services (15–20%)
Design and implement Azure Load Balancer and Azure Traffic Manager
- Map requirements to features and capabilities of Azure Load Balancer (Microsoft Documentation: What is Azure Load Balancer)
- Identify appropriate use cases for Azure Load Balancer
- Choose an Azure Load Balancer SKU and tier (Microsoft Documentation: Azure Load Balancer SKUs)
- Choose between public and internal load balancers
- Choose between regional and global load balancer
- Create and configure an Azure Load Balancer (Microsoft Documentation: Create a public load balancer to load balance VMs using the Azure portal)
- Implement Azure Traffic Manager
- Implement a gateway load balancer
- Implement a load balancing rule (Microsoft Documentation: Manage rules for Azure Load Balancer using the Azure portal)
- Create and configure inbound NAT rules (Microsoft Documentation: Create a single virtual machine inbound NAT rule using the Azure portal)
- Create and configure explicit outbound rules, including source network address translation (SNAT) (Microsoft Documentation: Use Source Network Address Translation (SNAT) for outbound connections)
Design and implement Azure Application Gateway
- Map requirements to features and capabilities of Azure Application Gateway (Microsoft Documentation: Azure Application Gateway features)
- Identify appropriate use cases for Azure Application Gateway
- Choose between manual and autoscale
- Create a back-end pool (Microsoft Documentation: Backend pool management)
- Configure health probes (Microsoft Documentation: Azure Load Balancer health probes)
- Configure listeners (Microsoft Documentation: Application Gateway listener configuration)
- Configure routing rules
- Configure HTTP settings (Microsoft Documentation: Application Gateway HTTP settings configuration)
- Configure Transport Layer Security (TLS) (Microsoft Documentation: Transport Layer Security (TLS) registry settings)
- Configure rewrite sets (Microsoft Documentation: Rewrite URL with Azure Application Gateway)
Design and implement Azure Front Door
- Map requirements to features and capabilities of Azure Front Door (Microsoft Documentation: What is Azure Front Door)
- Identify appropriate use cases for Azure Front Door
- Choose an appropriate tier
- Configure an Azure Front Door, including routing, origins, and endpoints (Microsoft Documentation: Origins and origin groups in Azure Front Door, What is Azure Front Door)
- Configure SSL termination and end-to-end SSL encryption (Microsoft Documentation: Overview of TLS termination and end to end TLS with Application Gateway)
- Configure caching
- Configure traffic acceleration (Microsoft Documentation: Load-balancing options)
- Implement rules, URL rewrite, and URL redirect (Microsoft Documentation: Creating Rewrite Rules for the URL Rewrite Module)
- Secure an origin by using Azure Private Link in Azure Front Door (Microsoft Documentation: Secure your Origin with Private Link in Azure Front Door Premium)
Design and implement private access to Azure services (10–15%)
Design and implement Azure Private Link service and Azure private endpoints
- Plan private endpoints
- Create private endpoints
- Configure access to private endpoints
- Create a Private Link service
- Integrate Private Link and Private Endpoint with DNS
- Integrate a Private Link service with on-premises clients
Design and implement service endpoints
- Choose when to use a service endpoint (Microsoft Documentation: Virtual Network service endpoints)
- Create service endpoints (Microsoft Documentation: Create, change, or delete service endpoint policy using the Azure portal)
- Configure service endpoint policies
- Configure access to service endpoints
Design and implement Azure network security services (15–20%)
Implement and manage network security groups
- Create a network security group (NSG) (Microsoft Documentation: Create, change, or delete a network security group)
- Associate an NSG to a resource
- Create an application security group (ASG) (Microsoft Documentation: Application security groups)
- Associate an ASG to a network interface card (NIC) (Microsoft Documentation: Create, change, or delete a network interface)
- Create and configure NSG rules
- Interpret NSG flow logs (Microsoft Documentation: Introduction to flow logs for network security groups)
- Validate NSG flow rules
- Verify IP flow
- Configure an NSG for remote server administration, including Azure Bastion (Microsoft Documentation: Working with NSG access and Azure Bastion)
Design and implement Azure Firewall and Azure Firewall Manager
- Map requirements to features and capabilities of Azure Firewall (Microsoft Documentation: Azure Firewall Standard features)
- Select an appropriate Azure Firewall SKU
- Design an Azure Firewall deployment (Microsoft Documentation: Deploy and configure Azure Firewall using the Azure portal)
- Create and implement an Azure Firewall deployment
- Configure Azure Firewall rules (Microsoft Documentation: What is Azure Firewall?)
- Create and implement Azure Firewall Manager policies (Microsoft Documentation: Azure Firewall Manager policy overview)
- Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub (Microsoft Documentation: Configure Azure Firewall in a Virtual WAN hub)
Design and implement a Web Application Firewall (WAF) deployment
- Map requirements to features and capabilities of WAF
- Design a WAF deployment (Microsoft Documentation: What is Azure Web Application Firewall on Azure Application Gateway?)
- Configure detection or prevention mode
- Configure rule sets for WAF on Azure Front Door (Microsoft Documentation: Create a Web Application Firewall policy on Azure Front Door)
- Configure rule sets for WAF on Application Gateway
- Implement a WAF policy (Microsoft Documentation: Create Web Application Firewall policies for Application Gateway)
- Associate a WAF policy
Step 3: Explore Microsoft Study Resources
Microsoft provides various methods to help candidates in preparing for the AZ-700 exam. This includes:
Microsoft Learning Path
Microsoft also offers new ways to learn the concepts. That is to say, for each exam, Microsoft provides a variety of learning paths that cover the exam’s subjects in modules. These contain all of the relevant information as well as good resource links. The paths include:
1. Introduction to Azure virtual networks
In this, you will learn the process of planning and applying fundamental Azure Networking resources like virtual networks, public and private IPs, DNS, virtual network peering, routing, and Azure Virtual NAT.
2. Designing and implementing hybrid networking
In this, you will learn the process of planning and applying hybrid networking solutions like Site-to-Site VPN connections, Point-to-Site VPN connections, Azure Virtual WAN, and Virtual WAN hubs.
3. Designing and implementing Azure ExpressRoute
In this, you will learn the process of planning and applying
- Azure ExpressRoute
- ExpressRoute Global Reach
- ExpressRoute FastPath
And, you will learn about when to use each service as per the needs of the environment.
4. Loading balance non-HTTP(S) traffic in Azure
In this, you will learn about load balancer options in Azure and the process of selecting and implementing the right Azure solution for non-HTTP(S) traffic.
5. Loading balance HTTP(S) traffic in Azure
In this, you will learn the process of planning load balancer solutions for HTTP(S) traffic and applying Azure Application Gateway and Azure Front Door.
6. Designing and implementing network security
In this, you will learn the process of planning and applying network security solutions like Azure Firewall, Azure DDoS, Network Security Groups, and Web Application Firewall.
7. Designing and implementing private access to Azure Services
In this, you will learn the process of planning and applying private access to Azure Services with Azure Private Link, and virtual network service endpoints.
8. Designing and implementing network monitoring
In this, you will learn the process of planning and applying network monitoring solutions like Azure Monitor and Network watcher.
2. Microsoft Documentation
Microsoft documentation help in understanding and familiarise with concepts. For the Microsoft AZ-700 examination, you will learn about the various ways for planning and implementing a secure network infrastructure in Azure and creating hybrid connectivity, routing, private access to Azure services, and monitoring in Azure.
3. Microsoft Instructor-led Training
For the AZ-700 exam, Microsoft offers Designing and Implementing Microsoft Azure Networking Solutions courses to help in better preparation. Network Engineers will learn how to design, develop, and maintain Azure networking solutions in this instructor-led course. This also covers,
- Firstly, the process of developing, deploying, and controlling basic Azure networking infrastructure
- Secondly, Hybrid Networking connections
Load balancing traffic - Thirdly, Network routing
- Lastly, private access to Azure services, network security, and monitoring.
Further, this course is best for Network Engineers who want to get advanced in Azure networking solutions. Here, the Azure network engineer will control networking solutions for providing optimal performance, resiliency, scale, and security.
Step 4: Start taking Practice Tests
Starting to examine yourself using the practice exams is the best method to improve your preparation. After you’ve finished the topics, you can take these tests. This will not only help you improve your answering abilities, but will also provide you a quick overview of your strengths and weaknesses. However, there are a variety of providers that offer unique and free practice tests to get you started.
Final Words
The details of the Microsoft AZ-700 exam, as well as the key preparation guide, have been explained above to begin in a stepwise manner. This exam will put your knowledge, expertise, and ability to collaborate towards the test. As a result, you must concentrate on all of the critical areas in order to improve your preparation. Take time to develop a study schedule and pattern based on the given information, and then begin the preparation process in a step-by-step way. However, remember to revise by completing practice examinations and assessments. Finally, simply take the exam and pass!
Become Microsoft Certified by preparing and passing the AZ-700 Exam!
