The Microsoft Azure AZ-700 exam, also known as the Designing and Implementing Microsoft Azure Networking Solutions exam, is designed to test a candidate’s knowledge and skills in designing and implementing networking solutions on the Microsoft Azure platform. The difficulty of the exam can vary depending on an individual’s level of experience and knowledge in Azure networking solutions.
However, in general, the AZ-700 exam is considered to be an advanced-level certification exam and can be quite challenging for those who are not familiar with the Azure networking concepts and technologies. To pass the exam, candidates will need to have a good understanding of various Azure networking services such as virtual networks, load balancers, network security groups, and VPN gateways, among others.
It is recommended that candidates have a solid understanding of Azure networking concepts, design patterns, and implementation best practices before attempting the exam. Additionally, it is also advised that candidates have hands-on experience in designing and implementing Azure networking solutions, as this will greatly help them in their preparation for the exam.
Overall, while the AZ-700 exam is not easy, but with proper preparation and study, it is definitely achievable. Let us now look
About Microsoft Azure AZ-700 Exam
Candidates with an in-depth understanding of developing, implementing, and managing Azure networking systems, including hybrid networking, connectivity, routing, security, and private access to Azure services, should take the Microsoft Azure AZ-700 exam. You must have extensive networking, hybrid connection, network security knowledge, and sophisticated Azure management skills.
Exam Format
There will be 40–60 questions on the Microsoft AZ-700 test. The test, however, validates the candidate’s abilities to do tasks, including planning and executing private access to Azure Services, developing and constructing fundamental networking architecture, and securing networks. This test is available in Arabic (Saudi Arabia), English, Spanish, French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, Chinese (Simplified), and Indonesian (Indonesia) for $165 USD* (Traditional). Candidates must also pass the AZ-700 exam with a minimum score of 700.
Let us now jump to the difficulty level of the exam!
Microsoft AZ-700 Exam Course Outline
Consider including this in your plans as being crucial. There are essential exam subjects for every exam. Investigating each component in its totality is also crucial for gaining a thorough understanding of the subject. Each topic on the Microsoft AZ-700 test comprises parts and subsections.
Design and implement core networking infrastructure (25–30%)
Design and implement private IP addressing for Azure resources
- Plan and implement network segmentation and address spaces (Microsoft Documentation: Implement network segmentation patterns on Azure)
- Create a virtual network (VNet) (Microsoft Documentation: Create a virtual network using the Azure portal)
- Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion (Microsoft Documentation: Integrate your app with an Azure virtual network, Create a site-to-site VPN connection in the Azure portal, Azure networking services overview)
- Plan and configure subnet delegation (Microsoft Documentation: What is subnet delegation, Add or remove a subnet delegation)
- Plan and configure shared or dedicated subnets
- Create a prefix for public IP addresses (Microsoft Documentation: Public IP address prefix)
- Choose when to use a public IP address prefix
- Plan and implement a custom public IP address prefix (bring your own IP) (Microsoft Documentation: Custom IP address prefix (BYOIP))
- Create a public IP address (Microsoft Documentation: Create, change, or delete an Azure public IP address)
- Associate public IP addresses to resources (Microsoft Documentation: Associate a public IP address to a virtual machine)
- Upgrade IP address SKU
Design and implement name resolution
- Design name resolution inside a VNet (Microsoft Documentation: Name resolution for resources in Azure virtual networks)
- Configure DNS settings for a VNet
- Design public DNS zones (Microsoft Documentation: Overview of DNS zones and records)
- Design private DNS zones (Microsoft Documentation: What is a private Azure DNS zone)
- Configure a public or private DNS zone (Microsoft Documentation: Azure Private Endpoint DNS configuration)
- Link a private DNS zone to a VNet (Microsoft Documentation: What is a virtual network link)
- Design and implement Azure DNS Private Resolver
Design and implement VNet connectivity and routing
- Design service chaining, including gateway transit (Microsoft Documentation: Virtual network peering, Configure VPN gateway transit for virtual network peering)
- Implement VNet peering
- Implement and manage virtual networks by using Azure Virtual Network Manager
- Design and implement user-defined routes (UDRs) (Microsoft Documentation: Virtual network traffic routing)
- Associate a route table with a subnet (Microsoft Documentation: Create, change, or delete a route table)
- Configure forced tunneling
- Diagnose and resolve routing issues (Microsoft Documentation: Diagnose a virtual machine routing problem)
- Design and implement Azure Route Server (Microsoft Documentation: What is Azure Route Server)
- Identify appropriate use cases for a network address translation (NAT) gateway
- Implement a NAT gateway (Microsoft Documentation: Create a NAT gateway using the Azure portal)
Monitor networks
- Configure monitoring, network diagnostics, and logs in Azure Network Watcher (Microsoft Documentation: What is Azure Network Watcher)
- Monitor and troubleshoot network health by using Azure Network Watcher
- Monitor and troubleshoot networks by using Azure Monitor Network Insights
- Activate and monitor distributed denial-of-service (DDoS) protection (Microsoft Documentation: What is Azure DDoS Protection)
- Evaluate network security recommendations identified by Microsoft Defender for Cloud Secure Score
- Evaluate network security recommendations identified by Microsoft Defender For Cloud Attack Path Analysis
- Identify network resources by using Microsoft Defender for Cloud Security Explorer
Design, implement, and manage connectivity services (20–25%)
Design, implement, and manage a site-to-site VPN connection
- Design a site-to-site VPN connection, including for high availability (Microsoft Documentation: Highly Available cross-premises and VNet-to-VNet connectivity)
- Select an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements (Microsoft Documentation: What is Azure VPN Gateway)
- Implement a site-to-site VPN connection (Microsoft Documentation: Create a site-to-site VPN connection)
- Identify when to use a policy-based VPN versus a route-based VPN connection
- Create and configure a local network gateway
- Create and configure an IPsec/Internet Key Exchange (IKE) policy (Microsoft Documentation: Configure custom IPsec/IKE connection policies for S2S VPN and VNet-to-VNet: PowerShell)
- Create and configure a virtual network gateway
- Diagnose and resolve virtual network gateway connectivity issues
- Implement Azure Extended Network (Microsoft Documentation: Extend your on-premises subnets into Azure)
Design, implement, and manage a point-to-site VPN connection
- Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
- Select and configure a tunnel type
- Select an appropriate authentication method
- Configure RADIUS authentication (Microsoft Documentation: Plan NPS as a RADIUS server, RADIUS authentication with Azure Active Directory)
- Configure authentication by using Microsoft Entra ID (Microsoft Documentation: Azure Active Directory authentication)
- Implement a VPN client configuration file (Microsoft Documentation: Configure the Azure VPN Client)
- Diagnose and resolve client-side and authentication issues
- Specify Azure requirements for Always On VPN
- Specify Azure requirements for Azure Network Adapter (Microsoft Documentation: Use Azure Network Adapter to connect a server to an Azure Virtual Network)
Design, implement, and manage Azure ExpressRoute
- Select an ExpressRoute connectivity model (Microsoft Documentation: ExpressRoute connectivity models)
- Select an appropriate ExpressRoute SKU and tier (Microsoft Documentation: ExpressRoute virtual network gateways)
- Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery (Microsoft Documentation: Designing for disaster recovery with ExpressRoute private peering, Designing for high availability with ExpressRoute)
- Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct (Microsoft Documentation: ExpressRoute FastPath, About ExpressRoute Direct, ExpressRoute Global Reach)
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering
- Configure Microsoft peering (Microsoft Documentation: Create and modify peering for an ExpressRoute)
- Create and configure an ExpressRoute gateway (Microsoft Documentation: Configure a virtual network gateway for ExpressRoute)
- Connect a virtual network to an ExpressRoute circuit (Microsoft Documentation: Connect a virtual network to an ExpressRoute)
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute (Microsoft Documentation: ExpressRoute encryption)
- Implement Bidirectional Forwarding Detection (Microsoft Documentation: Configure BFD over ExpressRoute)
- Diagnose and resolve ExpressRoute connection issues (Microsoft Documentation: Verify ExpressRoute connectivity)
Design and implement an Azure Virtual WAN architecture
- Select a Virtual WAN SKU (Microsoft Documentation: What is Azure Virtual WAN)
- Design a Virtual WAN architecture, including selecting types and services
- Create a hub in Virtual WAN
- Choose an appropriate scale unit for each gateway type (Microsoft Documentation: Scaling Application Gateway v2 and WAF v2)
- Deploy a gateway into a Virtual WAN hub
- Configure virtual hub routing (Microsoft Documentation: How to configure virtual hub routing)
- Integrate a Virtual WAN hub with a third-party NVA for cloud connectivity
Design and implement application delivery services (15–20%)
Design and implement Azure Load Balancer and Azure Traffic Manager
- Map requirements to features and capabilities of Azure Load Balancer (Microsoft Documentation: What is Azure Load Balancer)
- Identify appropriate use cases for Azure Load Balancer
- Choose an Azure Load Balancer SKU and tier (Microsoft Documentation: Azure Load Balancer SKUs)
- Choose between public and internal load balancers
- Choose between regional and global load balancer
- Create and configure an Azure Load Balancer (Microsoft Documentation: Create a public load balancer to load balance VMs using the Azure portal)
- Implement Azure Traffic Manager
- Implement a gateway load balancer
- Implement a load balancing rule (Microsoft Documentation: Manage rules for Azure Load Balancer using the Azure portal)
- Create and configure inbound NAT rules (Microsoft Documentation: Create a single virtual machine inbound NAT rule using the Azure portal)
- Create and configure explicit outbound rules, including source network address translation (SNAT) (Microsoft Documentation: Use Source Network Address Translation (SNAT) for outbound connections)
Design and implement Azure Application Gateway
- Map requirements to features and capabilities of Azure Application Gateway (Microsoft Documentation: Azure Application Gateway features)
- Identify appropriate use cases for Azure Application Gateway
- Choose between manual and autoscale
- Create a back-end pool (Microsoft Documentation: Backend pool management)
- Configure health probes (Microsoft Documentation: Azure Load Balancer health probes)
- Configure listeners (Microsoft Documentation: Application Gateway listener configuration)
- Configure routing rules
- Configure HTTP settings (Microsoft Documentation: Application Gateway HTTP settings configuration)
- Configure Transport Layer Security (TLS) (Microsoft Documentation: Transport Layer Security (TLS) registry settings)
- Configure rewrite sets (Microsoft Documentation: Rewrite URL with Azure Application Gateway)
Design and implement Azure Front Door
- Map requirements to features and capabilities of Azure Front Door (Microsoft Documentation: What is Azure Front Door)
- Identify appropriate use cases for Azure Front Door
- Choose an appropriate tier
- Configure an Azure Front Door, including routing, origins, and endpoints (Microsoft Documentation: Origins and origin groups in Azure Front Door, What is Azure Front Door)
- Configure SSL termination and end-to-end SSL encryption (Microsoft Documentation: Overview of TLS termination and end to end TLS with Application Gateway)
- Configure caching
- Configure traffic acceleration (Microsoft Documentation: Load-balancing options)
- Implement rules, URL rewrite, and URL redirect (Microsoft Documentation: Creating Rewrite Rules for the URL Rewrite Module)
- Secure an origin by using Azure Private Link in Azure Front Door (Microsoft Documentation: Secure your Origin with Private Link in Azure Front Door Premium)
Design and implement private access to Azure services (10–15%)
Design and implement Azure Private Link service and Azure private endpoints
- Plan private endpoints
- Create private endpoints
- Configure access to private endpoints
- Create a Private Link service
- Integrate Private Link and Private Endpoint with DNS
- Integrate a Private Link service with on-premises clients
Design and implement service endpoints
- Choose when to use a service endpoint (Microsoft Documentation: Virtual Network service endpoints)
- Create service endpoints (Microsoft Documentation: Create, change, or delete service endpoint policy using the Azure portal)
- Configure service endpoint policies
- Configure access to service endpoints
Design and implement Azure network security services (15–20%)
Implement and manage network security groups
- Create a network security group (NSG) (Microsoft Documentation: Create, change, or delete a network security group)
- Associate an NSG to a resource
- Create an application security group (ASG) (Microsoft Documentation: Application security groups)
- Associate an ASG to a network interface card (NIC) (Microsoft Documentation: Create, change, or delete a network interface)
- Create and configure NSG rules
- Interpret NSG flow logs (Microsoft Documentation: Introduction to flow logs for network security groups)
- Validate NSG flow rules
- Verify IP flow
- Configure an NSG for remote server administration, including Azure Bastion (Microsoft Documentation: Working with NSG access and Azure Bastion)
Design and implement Azure Firewall and Azure Firewall Manager
- Map requirements to features and capabilities of Azure Firewall (Microsoft Documentation: Azure Firewall Standard features)
- Select an appropriate Azure Firewall SKU
- Design an Azure Firewall deployment (Microsoft Documentation: Deploy and configure Azure Firewall using the Azure portal)
- Create and implement an Azure Firewall deployment
- Configure Azure Firewall rules (Microsoft Documentation: What is Azure Firewall?)
- Create and implement Azure Firewall Manager policies (Microsoft Documentation: Azure Firewall Manager policy overview)
- Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub (Microsoft Documentation: Configure Azure Firewall in a Virtual WAN hub)
Design and implement a Web Application Firewall (WAF) deployment
- Map requirements to features and capabilities of WAF
- Design a WAF deployment (Microsoft Documentation: What is Azure Web Application Firewall on Azure Application Gateway?)
- Configure detection or prevention mode
- Configure rule sets for WAF on Azure Front Door (Microsoft Documentation: Create a Web Application Firewall policy on Azure Front Door)
- Configure rule sets for WAF on Application Gateway
- Implement a WAF policy (Microsoft Documentation: Create Web Application Firewall policies for Application Gateway)
- Associate a WAF policy
Microsoft AZ-700 Learning Resources
Microsoft Learning Path
Microsoft offers innovative ways to learn ideas. In other words, Microsoft provides a variety of study routes that cover the exam’s subject matter in modules. They provide all the necessary information in addition to useful reference links. Learn how to create and implement a secure network architecture in Azure, as well as how to configure the hybrid connection, routing, private access to Azure services, and monitoring.
Microsoft Instructor-led Training
Through this course, network engineers may learn how to design, create, and manage Azure networking systems. This course covers all the topics of basic Azure networking architecture design, implementation, and management, Hybrid Networking connections, traffic load balancing, network routing, private access to Azure services, network security, and network monitoring. Learn how to create and manage a secure, reliable network architecture in Azure, as well as how to configure the hybrid connection, routing, private access to Azure services, and monitoring.
Microsoft Community
Join the experts as they share tips on preparing for a Microsoft Certification exam. You can greatly benefit from your study time by putting the conversations, skills, and knowledge you learn from the readings to use. The experts will call attention to objectives that many exam participants find difficult. To choose the best response, you can also include any questions you have about a topic in the AZ-700 exam.
Take AZ-700 Formative Assessments
Starting to assess yourself using the practice exams is the best method to raise your level of preparation. Once you’ve finished the topics, you can take these tests. This can help you quickly assess your accomplishments and areas for improvement while enhancing your ability to respond. Some businesses offer authentic, cost-free AZ-700 practice tests to get you started.
Finally, Some tips!
The Microsoft Azure AZ-700 exam’s difficulty level varies depending on a person’s past knowledge and amount of preparation. Yet, most people may pass the exam and obtain their Azure Administrator certification with the proper study resources and preparation.
The specifics of the Microsoft AZ-700 exam and its crucial study guide have been described in depth above. The AZ-700 exam will test all of your knowledge and abilities. To improve your preparation, you must therefore pay close attention to every crucial area. Create a study schedule and action plan based on the information provided, then begin the step-by-step preparation procedure. But don’t forget to review by finishing sample tests and exams. Lastly, just take the exam and pass!