A few months back we just mentioned that the Azure Network Engineer Associate is offering new certification which is AZ-700 Designing and Implementing Microsoft Azure Networking Solutions and during that time it is still a beta exam. Finally, it is here! You may also view the AZ-700T00: Designing And Implementing Microsoft Azure Networking Solutions course that we are providing too.
Are you preparing for the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions exam? Here are the details:
Exam
In 150 minutes, you will have to answer 59 objective type questions. You will be given 40+ objective-based questions to answer, followed by 2 to 3 case studies. After each case study, you will not be able to go back and review. There will be a requirement section, an architectural section, and a VNET implementation portion in the case study. Before reading the questions, go over the architecture and requirements.
Skill Measure for AZ-700
Design, Implement and Manage Hybrid Networking (10% to 15%)
Design and Implement Core Networking Infrastructure (20% to 25%)
Design and Implement Routing (25% to 30%)
Secure and Monitor Networks (15% to 20%)
Design and Implement Private Access to Azure Services (10% to 15%)
Design, Implement and Manage Hybrid Networking (10% to 15%)
This section contains 3 sub-divisions.
Design, Implement, manage a Site to Site connection
design a site-to-site VPN connection for high availability
select an appropriate virtual network (VNet) gateway SKU
identify when to use policy-based VPN versus route-based VPN
create and configure a local network gateway
create and configure an IPsec/IKE policy
create and configure a virtual network gateway
diagnose and resolve VPN gateway connectivity issues
Design, Implement, manage a point to Site connection
select an appropriate virtual network gateway SKU
plan and configure RADIUS authentication
plan and configure certificate-based authentication
plan and configure OpenVPN authentication
plan and configure Azure Active Directory (Azure AD) authentication
implement a VPN client configuration file
diagnose and resolve client-side and authentication issues
Design, Implement, manage an Express Route
choose between provider and direct model (ExpressRoute Direct)
design and implement Azure cross-region connectivity between multiple ExpressRoute
locations
select an appropriate ExpressRoute SKU and tier
design and implement ExpressRoute Global Reach
design and implement ExpressRoute FastPath
choose between private peering only, Microsoft peering only, or both
configure private peering
configure Microsoft peering
create and configure an ExpressRoute gateway
connect a virtual network to an ExpressRoute circuit
recommend a route advertisement configuration
configure encryption over ExpressRoute
implement Bidirectional Forwarding Detection
diagnose and resolve ExpressRoute connection issues
You must concentrate on the design element of this portion, for which you must know the SKU details of VPN, Express route gateways, and also the SKU data of the Circuit. When it comes to Point to Site, make sure you're prepared for the various protocols and authentication methods that are accessible. It's a good idea to read through the Point to Site troubleshooting guide. Also, look into the multi-site VPN setups and P2S routing when it comes to Windows vs. other users.
Design and Implement Core Networking Infrastructure (20% to 25%)
This section has 4 sub-divisions.
Design and implement private IP addressing for VNets
create a VNet
plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, and VNet-integrated platform services
plan and configure subnet delegation
Design and implement name resolution
design public DNS zones
design private DNS zones
design name resolution inside a VNet
configure a public or private DNS zone
link a private DNS zone to a VNet
Design and implement cross-VNet connectivity
design service chaining, including gateway transit
design VPN connectivity between VNets
implement VNet peering
Design and implement an Azure Virtual WAN architecture
design an Azure Virtual WAN architecture, including selecting SKUs and services
connect a VNet gateway to Azure Virtual WAN
create a hub in Virtual WAN
create a network virtual appliance (NVA) in a virtual hub
configure virtual hub routing
create a connection unit
Understanding VNET services such as Service endpoints, VNET integrated platforms, DNS – private and public, VNET peering, and ultimately reading through the vWAN SKUs and services will help you pass this section. Make sure you understand the VNET linking and auto-registration feature when it comes to DNS.
Design and Implement Routing (25–30%)
This section has 6 sub-divisions.
Design, implement and manage VNet routing
design and implement user-defined routes (UDRs)
associate a route table with a subnet
configure forced tunneling
diagnose and resolve routing issues
Design and implement an Azure Load Balancer
choose an Azure Load Balancer SKU (Basic versus Standard)
choose between public and internal
create and configure an Azure Load Balancer (including cross-region)
implement a load balancing rule
create and configure inbound NAT rules
create explicit outbound rules for a load balancer
Design and implement Azure Application Gateway
recommend Azure Application Gateway deployment options
choose between manual and autoscale
create a back-end pool
configure health probes
configure listeners
configure routing rules
configure HTTP settings
configure Transport Layer Security (TLS)
configure rewrite policies
Implement Azure Front Door
choose an Azure Front Door SKU
configure health probes, including customization of HTTP response codes
configure SSL termination and end-to-end SSL encryption
configure multisite listeners
configure back-end targets
configure routing rules, including redirection rules
Implement an Azure Traffic Manager profile
configure a routing method (mode)
configure endpoints
create HTTP settings
Design and implement an Azure Virtual Network NAT
choose when to use a Virtual Network NAT
allocate public IP or public IP prefixes for a NAT gateway
associate a Virtual Network NAT with a subnet
This portion is crucial because it accounts for up to 30% of your exam questions. Understanding routing preferences such as UDR, System routes, BGP, VPN routes, Express Route routes, and so on, and determining which route takes priority. Learn about the several types of load balancer SKUs, as well as the components and uses of a load balancer. Components of Azure Front Door, custom domain validations, and lastly traffic manager routing algorithms. Read about the benefits of adopting Virtual Network Nat and how it can help you avoid SNAT port depletion.
Secure and Monitor Networks (15–20%)
This section has 4 sub-divisions.
Design, implement and manage an Azure Firewall deployment
design an Azure Firewall deployment
create and implement an Azure Firewall deployment
configure Azure Firewall rules
create and implement Azure Firewall Manager policies
create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub
integrate an Azure Virtual WAN hub with a third-party NVA
Implement and manage network security groups (NSGs)
create an NSG
associate an NSG to a resource
create an application security group (ASG)
associate an ASG to a NIC
create and configure NSG rules
interpret NSG flow logs
validate NSG flow rules
verify IP flow
Implement a Web Application Firewall (WAF) deployment
configure detection or prevention mode
configure rule sets for Azure Front Door, including Microsoft managed and user defined
configure rule sets for Application Gateway, including Microsoft managed and user
defined
implement a WAF policy
associate a WAF policy
Monitor networks
configure network health alerts and logging by using Azure Monitor
create and configure a Connection Monitor instance
configure and use Traffic Analytics
configure NSG flow logs
enable and configure diagnostic logging
configure Azure Network Watcher
Azure Firewall is a security device in Azure, and you must understand how to deploy it, as well as how to set the DNAT, Network rule, and Application rule in the Firewall, as well as how to transport traffic from a VM to the Firewall using the Route table. The Network Security Rules part is the next crucial section. You'll encounter questions about Network Security Groups in the case study, which you'll need to match to the requirement and answer. You must understand how to design a WAF policy and implement rules while using the Web Application Firewall. What is the difference between managed and custom rules?
Design and Implement Private Access to Azure Services (10–15%)
In this section we have 3 sub-divisions:
Design and implement Azure Private Link service and Azure Private Endpoint
create a Private Link service
plan private endpoints
create private endpoints
configure access to private endpoints
integrate Private Link with DNS
integrate a Private Link service with on-premises clients
Design and implement service endpoints
create service endpoints
configure service endpoint policies
configure service tags
configure access to service endpoints
Configure VNet integration for a dedicated platform as a service (PaaS) services
configure App Service for regional VNet integration
configure Azure Kubernetes Service (AKS) for regional VNet integration
configure clients to access App Service Environment
In this section, you'll learn about Web App VNET integration — there are two methods, one using a gateway and the other using Service Endpoints. Learn about the installation and constraints of Private Endpoints and Service Endpoints. It's worth noting that Service Endpoints can be used to connect to PAAS from a VNET in the same region.
Besides, if you wish to check out any other Azure courses that we are providing, you may head to our Microsoft Azure page or email us at enquiry@gemrain.net
Comments