Free Practice Questions for Microsoft Azure Network Engineer Associate (AZ-700) Certification

    🔄 Last checked for updates July 3rd, 2026

    Study with 689 exam-style practice questions designed to help you prepare for the Microsoft Azure Network Engineer Associate (AZ-700).

    Start Practicing

    All Domains

    Practice with randomly mixed questions from all topics

    Question MixAll Topics
    FormatRandom Order

    Domain Mode

    Practice questions from a specific topic area

    Quiz History

    Exam Details

    Key information about Microsoft Azure Network Engineer Associate (AZ-700)

    Official study guide

    View

    Question formats CertSafari offers
    • Multiple choice
    • Ordering
    • Matching
    • True/False
    • Fill in the blank
    prerequisites:

    Experience creating and managing compute, storage, and networking resources in Azure; understanding of networking fundamentals like name resolution, network protocols, and network address management

    target audience:

    Azure network engineers responsible for optimizing performance, resiliency, scale, and security of Azure networking solutions

    Exam Topics & Skills Assessed

    Skills measured (from the official study guide)

    Design and implement core networking infrastructure(25–30%%)

    Design and implement IP addressing for Azure resources

    • Plan and implement network segmentation and address spaces
    • Create a virtual network (VNet)
    • Plan and configure subnetting for services
    • Plan and configure subnet delegation
    • Plan and configure shared or dedicated subnets
    • Create a Public IP Prefix
    • Choose when to use a public IP address prefix
    • Plan and implement a Custom IP address prefix (bring your own IP)
    • Create a public IP address
    • Associate public IP addresses to resources

    Design and implement name resolution

    • Design name resolution inside a VNet
    • Configure DNS settings for a VNet
    • Design public DNS zones
    • Design private DNS zones
    • Configure public and private DNS zones
    • Link a private DNS zone to a VNet
    • Design and implement Azure DNS Private Resolver

    Design and implement VNet connectivity and routing

    • Design service chaining, including gateway transit
    • Implement VNet peering
    • Implement and manage virtual network connectivity by using Azure Virtual Network Manager
    • Design and implement user-defined routes (UDRs)
    • Associate a route table with a subnet
    • Configure forced tunneling
    • Diagnose and resolve routing issues
    • Design and implement Azure Route Server
    • Identify appropriate use cases for Azure NAT Gateway
    • Implement Azure NAT Gateway

    Monitor networks

    • Configure monitoring, network diagnostics, and logs in Azure Network Watcher
    • Monitor and troubleshoot network health by using Azure Network Watcher
    • Monitor and troubleshoot networks by using Azure Monitor for Networks
    • Activate and monitor distributed denial-of-service (DDoS) protection
    • Evaluate network security recommendations identified by Microsoft Defender for Cloud Secure Score
    • Evaluate network security recommendations identified by Microsoft Defender for Cloud attack path analysis
    • Identify network resources by using Cloud Security Explorer in Microsoft Defender for Cloud

    Design, implement, and manage connectivity services(20–25%%)

    Design, implement, and manage a site-to-site VPN connection

    • Design a site-to-site VPN connection, including for high availability
    • Select an appropriate virtual network gateway stock-keeping unit (SKU) for site-to-site VPN requirements
    • Implement a site-to-site VPN connection
    • Identify when to use a policy-based VPN versus a route-based VPN connection
    • Create and configure a local network gateway
    • Create and configure an IPsec/Internet Key Exchange (IKE) policy
    • Create and configure a virtual network gateway
    • Diagnose and resolve virtual network gateway connectivity issues
    • Implement Azure Extended Network

    Design, implement, and manage a point-to-site VPN connection

    • Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
    • Select and configure a tunnel type
    • Select an appropriate authentication method
    • Configure RADIUS authentication
    • Configure authentication by using Microsoft Entra ID
    • Implement a VPN client configuration file
    • Diagnose and resolve client-side and authentication issues
    • Specify Azure requirements for Always On VPN
    • Specify Azure requirements for Azure Network Adapter

    Design, implement, and manage Azure ExpressRoute

    • Select an ExpressRoute connectivity model
    • Select an appropriate ExpressRoute SKU and tier
    • Design and implement ExpressRoute to meet requirements
    • Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct
    • Choose between Azure private peering only, Microsoft peering only, or both
    • Configure Azure private peering
    • Configure Microsoft peering
    • Create and configure an ExpressRoute gateway
    • Connect a virtual network to an ExpressRoute circuit
    • Recommend a route advertisement configuration
    • Configure encryption over ExpressRoute
    • Implement Bidirectional Forwarding Detection
    • Diagnose and resolve ExpressRoute connection issues

    Design and implement an Azure Virtual WAN architecture

    • Select a Virtual WAN SKU
    • Design a Virtual WAN architecture
    • Create a virtual hub in Virtual WAN
    • Choose an appropriate scale unit for each gateway type
    • Deploy a gateway into a virtual hub
    • Configure virtual hub routing
    • Integrate a virtual hub with a third-party NVA for cloud connectivity

    Design and implement application delivery services(15–20%%)

    Design and implement Azure Load Balancer and Azure Traffic Manager

    • Map requirements to features and capabilities of Azure Load Balancer
    • Identify appropriate use cases for Azure Load Balancer
    • Choose an Azure Load Balancer SKU and tier
    • Choose between public and internal load balancers
    • Choose between regional and cross-region load balancers
    • Create and configure an Azure Load Balancer
    • Implement Azure Traffic Manager
    • Implement Gateway Load Balancer
    • Implement a load balancing rule
    • Create and configure inbound NAT rules
    • Create and configure explicit outbound rules, including source network address translation (SNAT)

    Design and implement Azure Application Gateway

    • Map requirements to features and capabilities of Azure Application Gateway
    • Identify appropriate use cases for Azure Application Gateway
    • Choose between manual and autoscale
    • Create a backend pool
    • Configure health probes
    • Configure listeners
    • Configure routing rules
    • Configure HTTP settings
    • Configure Transport Layer Security (TLS)
    • Configure rewrite rule sets

    Design and implement Azure Front Door

    • Map requirements to features and capabilities of Azure Front Door
    • Identify appropriate use cases for Azure Front Door
    • Choose an appropriate tier
    • Configure an Azure Front Door, including routing, origins, and endpoints
    • Configure TLS termination and end-to-end TLS encryption
    • Configure caching
    • Configure traffic acceleration
    • Implement rules, URL rewrite, and URL redirect
    • Secure an origin by using Azure Private Link in Azure Front Door

    Design and implement private access to Azure services(10–15%%)

    Design and implement Azure Private Link service and Azure private endpoints

    • Plan private endpoints
    • Create private endpoints
    • Configure access to private endpoints
    • Create a Private Link service
    • Integrate Private Link and Private Endpoint with DNS
    • Integrate a Private Link service with on-premises clients

    Design and implement service endpoints

    • Choose when to use a service endpoint
    • Create service endpoints
    • Configure service endpoint policies
    • Configure access to service endpoints

    Design and implement Azure network security services(15–20%%)

    Implement and manage network security groups

    • Create a network security group (NSG)
    • Associate a NSG to a subnet or network interface
    • Create an application security group (ASG)
    • Associate an ASG to a network interface
    • Create and configure NSG inbound and outbound security rules
    • Implement virtual network flow logs
    • Interpret virtual network flow logs
    • Verify IP flow
    • Configure an NSG for remote server administration, including Azure Bastion
    • Implement and manage virtual network security by using Azure Virtual Network Manager

    Design and implement Azure Firewall and Azure Firewall Manager

    • Map requirements to features and capabilities of Azure Firewall
    • Select an appropriate Azure Firewall SKU
    • Design an Azure Firewall deployment
    • Create and implement an Azure Firewall deployment
    • Configure Azure Firewall rules
    • Create and implement Azure Firewall Manager policies
    • Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

    Design and implement a Web Application Firewall (WAF) deployment

    • Map requirements to features and capabilities of WAF
    • Design a WAF deployment
    • Configure detection or prevention mode
    • Configure rule sets for WAF on Azure Front Door
    • Configure rule sets for WAF on Application Gateway
    • Implement a WAF policy
    • Associate a WAF policy

    Techniques & products

    Azure Virtual Network (VNet)
    IP addressing
    Network segmentation
    Subnetting
    Virtual network gateways
    Private endpoints
    Service endpoints
    Firewalls
    Application gateways
    VNet-integrated platform services
    Azure Bastion
    Public IP Prefix
    Custom IP address prefix
    Public IP address
    DNS settings
    Public DNS zones
    Private DNS zones
    Azure DNS Private Resolver
    Service chaining
    Gateway transit
    VNet peering
    Azure Virtual Network Manager
    User-defined routes (UDRs)
    Route table
    Forced tunneling
    Azure Route Server
    Azure NAT Gateway
    Azure Network Watcher
    Azure Monitor for Networks
    Distributed denial-of-service (DDoS) protection
    Microsoft Defender for Cloud Secure Score
    Microsoft Defender for Cloud attack path analysis
    Cloud Security Explorer
    Site-to-site VPN connection
    Virtual network gateway SKU
    Policy-based VPN
    Route-based VPN
    Local network gateway
    IPsec/Internet Key Exchange (IKE) policy
    Azure Extended Network
    Point-to-site VPN connection
    Tunnel type
    Authentication method
    RADIUS authentication
    Microsoft Entra ID
    VPN client configuration file
    Always On VPN
    Azure Network Adapter
    Azure ExpressRoute
    ExpressRoute connectivity model
    ExpressRoute SKU and tier
    Global Reach
    FastPath
    ExpressRoute Direct
    Azure private peering
    Microsoft peering
    ExpressRoute gateway
    Route advertisement configuration
    Encryption over ExpressRoute
    Bidirectional Forwarding Detection
    Azure Virtual WAN
    Virtual WAN SKU
    Virtual hub
    Gateway scale unit
    Virtual hub routing
    Third-party NVA
    Azure Load Balancer
    Azure Traffic Manager
    Load Balancer SKU and tier
    Public load balancers
    Internal load balancers
    Regional load balancers
    Cross-region load balancers
    Gateway Load Balancer
    Load balancing rule
    Inbound NAT rules
    Explicit outbound rules
    Source network address translation (SNAT)
    Azure Application Gateway
    Autoscale
    Backend pool
    Health probes
    Listeners
    Routing rules
    HTTP settings
    Transport Layer Security (TLS)
    Rewrite rule sets
    Azure Front Door
    Front Door tier
    Routing
    Origins
    Endpoints
    TLS termination
    End-to-end TLS encryption
    Caching
    Traffic acceleration
    Rules
    URL rewrite
    URL redirect
    Azure Private Link service
    Azure private endpoints
    Service endpoints
    Service endpoint policies
    Network security groups (NSG)
    Application security group (ASG)
    NSG security rules
    Virtual network flow logs
    IP flow
    Azure Firewall
    Azure Firewall Manager
    Azure Firewall SKU
    Azure Firewall deployment
    Azure Firewall rules
    Azure Firewall Manager policies
    Secure hub
    Web Application Firewall (WAF)
    WAF deployment
    Detection mode
    Prevention mode
    WAF rule sets
    WAF policy

    CertSafari is not affiliated with, endorsed by, or officially connected to Microsoft Corporation. Full disclaimer