top of page

Finally!! Exam AZ-700 Designing and Implementing Microsoft Azure Networking Solutions


A few months back we just mentioned that the Azure Network Engineer Associate is offering new certification which is AZ-700 Designing and Implementing Microsoft Azure Networking Solutions and during that time it is still a beta exam. Finally, it is here! You may also view the AZ-700T00: Designing And Implementing Microsoft Azure Networking Solutions course that we are providing too.


Are you preparing for the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions exam? Here are the details:



Exam

In 150 minutes, you will have to answer 59 objective type questions. You will be given 40+ objective-based questions to answer, followed by 2 to 3 case studies. After each case study, you will not be able to go back and review. There will be a requirement section, an architectural section, and a VNET implementation portion in the case study. Before reading the questions, go over the architecture and requirements.


Skill Measure for AZ-700

  1. Design, Implement and Manage Hybrid Networking (10% to 15%)

  2. Design and Implement Core Networking Infrastructure (20% to 25%)

  3. Design and Implement Routing (25% to 30%)

  4. Secure and Monitor Networks (15% to 20%)

  5. Design and Implement Private Access to Azure Services (10% to 15%)


Design, Implement and Manage Hybrid Networking (10% to 15%)

This section contains 3 sub-divisions.


Design, Implement, manage a Site to Site connection
  • design a site-to-site VPN connection for high availability

  • select an appropriate virtual network (VNet) gateway SKU

  • identify when to use policy-based VPN versus route-based VPN

  • create and configure a local network gateway

  • create and configure an IPsec/IKE policy

  • create and configure a virtual network gateway

  • diagnose and resolve VPN gateway connectivity issues


Design, Implement, manage a point to Site connection
  • select an appropriate virtual network gateway SKU

  • plan and configure RADIUS authentication

  • plan and configure certificate-based authentication

  • plan and configure OpenVPN authentication

  • plan and configure Azure Active Directory (Azure AD) authentication

  • implement a VPN client configuration file

  • diagnose and resolve client-side and authentication issues


Design, Implement, manage an Express Route
  • choose between provider and direct model (ExpressRoute Direct)

  • design and implement Azure cross-region connectivity between multiple ExpressRoute

  • locations

  • select an appropriate ExpressRoute SKU and tier

  • design and implement ExpressRoute Global Reach

  • design and implement ExpressRoute FastPath

  • choose between private peering only, Microsoft peering only, or both

  • configure private peering

  • configure Microsoft peering

  • create and configure an ExpressRoute gateway

  • connect a virtual network to an ExpressRoute circuit

  • recommend a route advertisement configuration

  • configure encryption over ExpressRoute

  • implement Bidirectional Forwarding Detection

  • diagnose and resolve ExpressRoute connection issues


You must concentrate on the design element of this portion, for which you must know the SKU details of VPN, Express route gateways, and also the SKU data of the Circuit. When it comes to Point to Site, make sure you're prepared for the various protocols and authentication methods that are accessible. It's a good idea to read through the Point to Site troubleshooting guide. Also, look into the multi-site VPN setups and P2S routing when it comes to Windows vs. other users.


Design and Implement Core Networking Infrastructure (20% to 25%)

This section has 4 sub-divisions.


Design and implement private IP addressing for VNets
  • create a VNet

  • plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, and VNet-integrated platform services

  • plan and configure subnet delegation


Design and implement name resolution
  • design public DNS zones

  • design private DNS zones

  • design name resolution inside a VNet

  • configure a public or private DNS zone

  • link a private DNS zone to a VNet


Design and implement cross-VNet connectivity
  • design service chaining, including gateway transit

  • design VPN connectivity between VNets

  • implement VNet peering


Design and implement an Azure Virtual WAN architecture
  • design an Azure Virtual WAN architecture, including selecting SKUs and services

  • connect a VNet gateway to Azure Virtual WAN

  • create a hub in Virtual WAN

  • create a network virtual appliance (NVA) in a virtual hub

  • configure virtual hub routing

  • create a connection unit


Understanding VNET services such as Service endpoints, VNET integrated platforms, DNS – private and public, VNET peering, and ultimately reading through the vWAN SKUs and services will help you pass this section. Make sure you understand the VNET linking and auto-registration feature when it comes to DNS.


Design and Implement Routing (25–30%)

This section has 6 sub-divisions.


Design, implement and manage VNet routing
  • design and implement user-defined routes (UDRs)

  • associate a route table with a subnet

  • configure forced tunneling

  • diagnose and resolve routing issues

Design and implement an Azure Load Balancer
  • choose an Azure Load Balancer SKU (Basic versus Standard)

  • choose between public and internal

  • create and configure an Azure Load Balancer (including cross-region)

  • implement a load balancing rule

  • create and configure inbound NAT rules

  • create explicit outbound rules for a load balancer


Design and implement Azure Application Gateway
  • recommend Azure Application Gateway deployment options

  • choose between manual and autoscale

  • create a back-end pool

  • configure health probes

  • configure listeners

  • configure routing rules

  • configure HTTP settings

  • configure Transport Layer Security (TLS)

  • configure rewrite policies


Implement Azure Front Door
  • choose an Azure Front Door SKU

  • configure health probes, including customization of HTTP response codes

  • configure SSL termination and end-to-end SSL encryption

  • configure multisite listeners

  • configure back-end targets

  • configure routing rules, including redirection rules


Implement an Azure Traffic Manager profile
  • configure a routing method (mode)

  • configure endpoints

  • create HTTP settings


Design and implement an Azure Virtual Network NAT
  • choose when to use a Virtual Network NAT

  • allocate public IP or public IP prefixes for a NAT gateway

  • associate a Virtual Network NAT with a subnet


This portion is crucial because it accounts for up to 30% of your exam questions. Understanding routing preferences such as UDR, System routes, BGP, VPN routes, Express Route routes, and so on, and determining which route takes priority. Learn about the several types of load balancer SKUs, as well as the components and uses of a load balancer. Components of Azure Front Door, custom domain validations, and lastly traffic manager routing algorithms. Read about the benefits of adopting Virtual Network Nat and how it can help you avoid SNAT port depletion.


Secure and Monitor Networks (15–20%)

This section has 4 sub-divisions.


Design, implement and manage an Azure Firewall deployment
  • design an Azure Firewall deployment

  • create and implement an Azure Firewall deployment

  • configure Azure Firewall rules

  • create and implement Azure Firewall Manager policies

  • create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

  • integrate an Azure Virtual WAN hub with a third-party NVA


Implement and manage network security groups (NSGs)
  • create an NSG

  • associate an NSG to a resource

  • create an application security group (ASG)

  • associate an ASG to a NIC

  • create and configure NSG rules

  • interpret NSG flow logs

  • validate NSG flow rules

  • verify IP flow


Implement a Web Application Firewall (WAF) deployment
  • configure detection or prevention mode

  • configure rule sets for Azure Front Door, including Microsoft managed and user defined

  • configure rule sets for Application Gateway, including Microsoft managed and user

  • defined

  • implement a WAF policy

  • associate a WAF policy


Monitor networks
  • configure network health alerts and logging by using Azure Monitor

  • create and configure a Connection Monitor instance

  • configure and use Traffic Analytics

  • configure NSG flow logs

  • enable and configure diagnostic logging

  • configure Azure Network Watcher


Azure Firewall is a security device in Azure, and you must understand how to deploy it, as well as how to set the DNAT, Network rule, and Application rule in the Firewall, as well as how to transport traffic from a VM to the Firewall using the Route table. The Network Security Rules part is the next crucial section. You'll encounter questions about Network Security Groups in the case study, which you'll need to match to the requirement and answer. You must understand how to design a WAF policy and implement rules while using the Web Application Firewall. What is the difference between managed and custom rules?


Design and Implement Private Access to Azure Services (10–15%)

In this section we have 3 sub-divisions:


Design and implement Azure Private Link service and Azure Private Endpoint
  • create a Private Link service

  • plan private endpoints

  • create private endpoints

  • configure access to private endpoints

  • integrate Private Link with DNS

  • integrate a Private Link service with on-premises clients


Design and implement service endpoints
  • create service endpoints

  • configure service endpoint policies

  • configure service tags

  • configure access to service endpoints


Configure VNet integration for a dedicated platform as a service (PaaS) services
  • configure App Service for regional VNet integration

  • configure Azure Kubernetes Service (AKS) for regional VNet integration

  • configure clients to access App Service Environment

In this section, you'll learn about Web App VNET integration — there are two methods, one using a gateway and the other using Service Endpoints. Learn about the installation and constraints of Private Endpoints and Service Endpoints. It's worth noting that Service Endpoints can be used to connect to PAAS from a VNET in the same region.



 

Besides, if you wish to check out any other Azure courses that we are providing, you may head to our Microsoft Azure page or email us at enquiry@gemrain.net

Comments


bottom of page