Free Practice Questions for Microsoft Azure Network Engineer Associate (AZ-700) Certification
Study with 689 exam-style practice questions designed to help you prepare for the Microsoft Azure Network Engineer Associate (AZ-700).
Start Practicing
All Domains
Practice with randomly mixed questions from all topics
Domain Mode
Practice questions from a specific topic area
Quiz History
Exam Details
Key information about Microsoft Azure Network Engineer Associate (AZ-700)
- Multiple choice
- Ordering
- Matching
- True/False
- Fill in the blank
Experience creating and managing compute, storage, and networking resources in Azure; understanding of networking fundamentals like name resolution, network protocols, and network address management
Azure network engineers responsible for optimizing performance, resiliency, scale, and security of Azure networking solutions
Exam Topics & Skills Assessed
Skills measured (from the official study guide)
Design and implement core networking infrastructure(25–30%%)
Design and implement IP addressing for Azure resources
- Plan and implement network segmentation and address spaces
- Create a virtual network (VNet)
- Plan and configure subnetting for services
- Plan and configure subnet delegation
- Plan and configure shared or dedicated subnets
- Create a Public IP Prefix
- Choose when to use a public IP address prefix
- Plan and implement a Custom IP address prefix (bring your own IP)
- Create a public IP address
- Associate public IP addresses to resources
Design and implement name resolution
- Design name resolution inside a VNet
- Configure DNS settings for a VNet
- Design public DNS zones
- Design private DNS zones
- Configure public and private DNS zones
- Link a private DNS zone to a VNet
- Design and implement Azure DNS Private Resolver
Design and implement VNet connectivity and routing
- Design service chaining, including gateway transit
- Implement VNet peering
- Implement and manage virtual network connectivity by using Azure Virtual Network Manager
- Design and implement user-defined routes (UDRs)
- Associate a route table with a subnet
- Configure forced tunneling
- Diagnose and resolve routing issues
- Design and implement Azure Route Server
- Identify appropriate use cases for Azure NAT Gateway
- Implement Azure NAT Gateway
Monitor networks
- Configure monitoring, network diagnostics, and logs in Azure Network Watcher
- Monitor and troubleshoot network health by using Azure Network Watcher
- Monitor and troubleshoot networks by using Azure Monitor for Networks
- Activate and monitor distributed denial-of-service (DDoS) protection
- Evaluate network security recommendations identified by Microsoft Defender for Cloud Secure Score
- Evaluate network security recommendations identified by Microsoft Defender for Cloud attack path analysis
- Identify network resources by using Cloud Security Explorer in Microsoft Defender for Cloud
Design, implement, and manage connectivity services(20–25%%)
Design, implement, and manage a site-to-site VPN connection
- Design a site-to-site VPN connection, including for high availability
- Select an appropriate virtual network gateway stock-keeping unit (SKU) for site-to-site VPN requirements
- Implement a site-to-site VPN connection
- Identify when to use a policy-based VPN versus a route-based VPN connection
- Create and configure a local network gateway
- Create and configure an IPsec/Internet Key Exchange (IKE) policy
- Create and configure a virtual network gateway
- Diagnose and resolve virtual network gateway connectivity issues
- Implement Azure Extended Network
Design, implement, and manage a point-to-site VPN connection
- Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
- Select and configure a tunnel type
- Select an appropriate authentication method
- Configure RADIUS authentication
- Configure authentication by using Microsoft Entra ID
- Implement a VPN client configuration file
- Diagnose and resolve client-side and authentication issues
- Specify Azure requirements for Always On VPN
- Specify Azure requirements for Azure Network Adapter
Design, implement, and manage Azure ExpressRoute
- Select an ExpressRoute connectivity model
- Select an appropriate ExpressRoute SKU and tier
- Design and implement ExpressRoute to meet requirements
- Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct
- Choose between Azure private peering only, Microsoft peering only, or both
- Configure Azure private peering
- Configure Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a virtual network to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection
- Diagnose and resolve ExpressRoute connection issues
Design and implement an Azure Virtual WAN architecture
- Select a Virtual WAN SKU
- Design a Virtual WAN architecture
- Create a virtual hub in Virtual WAN
- Choose an appropriate scale unit for each gateway type
- Deploy a gateway into a virtual hub
- Configure virtual hub routing
- Integrate a virtual hub with a third-party NVA for cloud connectivity
Design and implement application delivery services(15–20%%)
Design and implement Azure Load Balancer and Azure Traffic Manager
- Map requirements to features and capabilities of Azure Load Balancer
- Identify appropriate use cases for Azure Load Balancer
- Choose an Azure Load Balancer SKU and tier
- Choose between public and internal load balancers
- Choose between regional and cross-region load balancers
- Create and configure an Azure Load Balancer
- Implement Azure Traffic Manager
- Implement Gateway Load Balancer
- Implement a load balancing rule
- Create and configure inbound NAT rules
- Create and configure explicit outbound rules, including source network address translation (SNAT)
Design and implement Azure Application Gateway
- Map requirements to features and capabilities of Azure Application Gateway
- Identify appropriate use cases for Azure Application Gateway
- Choose between manual and autoscale
- Create a backend pool
- Configure health probes
- Configure listeners
- Configure routing rules
- Configure HTTP settings
- Configure Transport Layer Security (TLS)
- Configure rewrite rule sets
Design and implement Azure Front Door
- Map requirements to features and capabilities of Azure Front Door
- Identify appropriate use cases for Azure Front Door
- Choose an appropriate tier
- Configure an Azure Front Door, including routing, origins, and endpoints
- Configure TLS termination and end-to-end TLS encryption
- Configure caching
- Configure traffic acceleration
- Implement rules, URL rewrite, and URL redirect
- Secure an origin by using Azure Private Link in Azure Front Door
Design and implement private access to Azure services(10–15%%)
Design and implement Azure Private Link service and Azure private endpoints
- Plan private endpoints
- Create private endpoints
- Configure access to private endpoints
- Create a Private Link service
- Integrate Private Link and Private Endpoint with DNS
- Integrate a Private Link service with on-premises clients
Design and implement service endpoints
- Choose when to use a service endpoint
- Create service endpoints
- Configure service endpoint policies
- Configure access to service endpoints
Design and implement Azure network security services(15–20%%)
Implement and manage network security groups
- Create a network security group (NSG)
- Associate a NSG to a subnet or network interface
- Create an application security group (ASG)
- Associate an ASG to a network interface
- Create and configure NSG inbound and outbound security rules
- Implement virtual network flow logs
- Interpret virtual network flow logs
- Verify IP flow
- Configure an NSG for remote server administration, including Azure Bastion
- Implement and manage virtual network security by using Azure Virtual Network Manager
Design and implement Azure Firewall and Azure Firewall Manager
- Map requirements to features and capabilities of Azure Firewall
- Select an appropriate Azure Firewall SKU
- Design an Azure Firewall deployment
- Create and implement an Azure Firewall deployment
- Configure Azure Firewall rules
- Create and implement Azure Firewall Manager policies
- Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub
Design and implement a Web Application Firewall (WAF) deployment
- Map requirements to features and capabilities of WAF
- Design a WAF deployment
- Configure detection or prevention mode
- Configure rule sets for WAF on Azure Front Door
- Configure rule sets for WAF on Application Gateway
- Implement a WAF policy
- Associate a WAF policy
Techniques & products