A comprehensive study guide that will

provide you with great preparation tools

for the AZ-700: Designing and
Implementing Microsoft Azure
Networking Solutions exam

AZ-700
Official
Course Study
Guide

Jordi Koenderink 8/7/2021

Introduction
Welcome to the AZ-700 Study Guide. This guide will go over each topic of the skills outline, provided
by Microsoft for the AZ-700: Designing and Implementing Microsoft Azure Networking Solutions.

For this exam, Microsoft suggests candidates should have subject matter expertise in planning,
implementing, and maintaining Azure networking solutions, including hybrid networking,
connectivity, routing, security, and private access to Azure services.

Candidates for this exam should also have expert Azure administration skills, in addition to extensive
experience and knowledge of networking, hybrid connections, and network security.

About the exam:

• Taking the exam will cost you $165 US dollars.

• Microsoft certification exams are scored out of 1000 points. You need 700 points or higher to
pass the AZ-700 exam and gain your Azure Administrator Badge.
• The AZ-700 exam will need to be renewed every year. Microsoft will, from time to time,
retire certifications, however, and you may also find exam numbers evolve when Microsoft
changes the curriculum substantially for the certification.
• The exam will have around 59 questions for which you have 120min to answer.
• As of this moment of writing, there’re no labs.

Book/e-book:

Azure Networking Cookbook: Practical recipes

for secure network infrastructure, global
application delivery, and accessible
connectivity in Azure Prepare for Microsoft
Exam AZ-700–and help demonstrate your real-
world mastery of implementing and deploying
Microsoft Azure Infrastructure as a Service
(IaaS). Designed for experienced cloud
professionals ready to advance their status,
Exam Ref focuses on the critical thinking and
decision-making acumen needed for success at
the Microsoft Certified Associate level.

• [Link]: Azure Networking

Cookbook: Practical recipes for secure
network infrastructure, global application
delivery, and accessible connectivity in
Azure, 2nd Edition: Toroman, Mustafa:
9781800563759: [Link]: Books
• Amazon NL: Azure Networking Cookbook:
Practical recipes for secure network
infrastructure, global application delivery,
and accessible connectivity in Azure :
Toroman, Mustafa: [Link]: Boeken
• Amazon UK: Azure Networking Cookbook:
Practical recipes for secure network
infrastructure, global application delivery,
 and accessible connectivity in Azure, 2nd
Edition: [Link]: Toroman, Mustafa:
9781800563759: Books
• Amazon FR: [Link] - Azure Networking
Cookbook: Practical recipes for secure
network infrastructure, global application
delivery, and accessible connectivity in
Azure, 2nd Edition - Toroman, Mustafa -
Livres
• Amazon DE: Azure Networking Cookbook:
Practical recipes for secure network
infrastructure, global application delivery,
and accessible connectivity in Azure, 2nd
Edition : Toroman, Mustafa: [Link]:
Boeken

Video training:

This course goes through all of the skills needed to take

and pass the AZ-700 exam: Designing and Implementing
Microsoft Azure Networking Solutions. This course
teaches all of the requirements for the exam, one by
one. Each of the things that Microsoft tests will be
covered in this course.

AZ-700 Designing and Implementing Azure Networking

Exam 2021 | Udemy
This path is structured to mimic the organization of the
exam so you can more easily follow along during your
study preparation.

Designing and Implementing Microsoft Azure

Networking Solutions (AZ-700) Path | Pluralsight
Whizlabs’ Microsoft Azure Exam AZ-104 Online Course
helps Professionals to prepare themselves for the actual
certification exam.

[Link]
certification-az-104/online-course/
Linkedin’s Microsoft Azure Exam AZ-700 Online Course
helps Professionals to prepare themselves for the actual
certification exam.

Azure for Architects: Design a Networking Strategy

([Link])
Microsoft Learn:

Those tutorial/paths have been combined by Microsoft and published for free. They contain a
collection of text, videos, and exercises for the exam.

AZ-700: Introduction to Azure virtual networks

If you’re an IT Administrator that’s new to
Azure and need to prepare for Exam AZ-700:
Microsoft Azure Administrator, this path is the
place to start. Learn the basic Azure concepts
you’ll need to know as an Azure administrator.

Introduction to Azure virtual networks - Learn |

Microsoft Docs
AZ-700: Design and implement hybrid
networking
Learn how to manage Azure Active Directory
objects, role-based access control (RBAC),
subscriptions, and governance in Azure. This
learning path helps prepare you for Exam AZ-
700: Microsoft Azure Administrator.

Design and implement hybrid networking -

Learn | Microsoft Docs
AZ-700: Design and implement Azure
ExpressRoute
You will learn how to design and implement
Azure ExpressRoute, ExpressRoute Global
Reach, ExpressRoute FastPath, and when to use
each service according to your environments
requirements.

Design and implement Azure ExpressRoute -

Learn | Microsoft Docs
AZ-700: Load balance non-HTTP(S) traffic in
Azure
You will learn the different load balancer
options in Azure and how to choose and
implement the right Azure solution for non-
HTTP(S) traffic.

Load balance non-HTTP(S) traffic in Azure -

Learn | Microsoft Docs
AZ-700: Load balance HTTP(S) traffic in Azure
You will learn how to design load balancer
solutions for HTTP(S) traffic and how to
implement Azure Application Gateway and
Azure Front Door.

Load balance HTTP(S) traffic in Azure - Learn |

Microsoft Docs
AZ-700: Design and implement network
security
You will learn to design and implement network
security solutions such as Azure DDoS, Network
Security Groups, Azure Firewall, and Web
Application Firewall.

Design and implement network security - Learn

| Microsoft Docs
AZ-700: Design and implement private access
to Azure Services
You will learn to design and implement private
access to Azure Services with Azure Private Link,
and virtual network service endpoints.

Design and implement private access to Azure

Services - Learn | Microsoft Docs
AZ-700: Design and implement network
monitoring
You will learn to design and implement network
monitoring solutions such as Azure Monitor and
Network watcher.

Design and implement network monitoring -

Learn | Microsoft Docs
This guide is divided up into the following sections and is also part of the exam:

• Design, Implement, and Manage Hybrid Networking (10% to 15%)

• Design and Implement Core Networking Infrastructure (20% to 25%)
• Design and Implement Routing (25% to 30%)
• Secure and Monitor Networks (15% to 20%)
• Design and Implement Private Access to Azure Services (10% to 15%)

Feel free to join our Facebook Azure Study Group, or check out the Azure courses on Udemy. Errors
and suggestions can also be reported in the Azure Group on Facebook.

Thank you,

Get Cloud Skills team

Jordi Koenderink
Contents
Introduction............................................................................................................................................. 1
Contents .................................................................................................................................................. 6
Design, Implement, and Manage Hybrid Networking (10–15%) ............................................................ 7
Design, implement, and manage a site-to-site VPN connection..................................................... 7
Design, implement, and manage a point-to-site VPN connection .................................................. 7
Design, implement, and manage Azure ExpressRoute.................................................................... 8
Design and Implement Core Networking Infrastructure (20–25%) ........................................................ 9
Design and implement private IP addressing for VNets.................................................................. 9
Design and implement name resolution ....................................................................................... 10
Design and implement cross-VNet connectivity ........................................................................... 10
Design and implement an Azure Virtual WAN architecture.......................................................... 10
Design and Implement Routing (25–30%)............................................................................................. 11
Design, implement, and manage vnet routing .............................................................................. 11
Design and implement an Azure Load Balancer ............................................................................ 11
Design and implement Azure Application Gateway ...................................................................... 12
Implement Azure Front Door ........................................................................................................ 13
Implement an Azure Traffic Manager profile ................................................................................ 13
Design and implement an Azure Virtual Network NAT ................................................................. 13
Secure and Monitor Networks (15–20%) .............................................................................................. 14
Design, implement, and manage an Azure Firewall deployment ................................................. 14
Implement and manage network security groups (nsgs) .............................................................. 14
Implement a Web Application Firewall (WAF) deployment ......................................................... 15
Monitor networks.......................................................................................................................... 16
Design and Implement Private Access to Azure Services (10–15%) ..................................................... 16
Design and implement Azure Private Link service and Azure Private Endpoint ........................... 16
Design and implement service endpoints ..................................................................................... 17
Configure vnet integration for dedicated platform as a service (paas) services........................... 17
Design, Implement, and Manage Hybrid Networking (10–15%)
Design, implement, and manage a site-to-site VPN connection
Design a site-to-site VPN connection for high availability

[Link]
rm-ps#about

Select an appropriate virtual network (vnet) gateway SKU

[Link]

Identify when to use policy-based VPN versus route-based VPN

[Link]
rm-ps#about

Create and configure a local network gateway

[Link]
portal#LocalNetworkGateway

Create and configure an ipsec/IKE policy

[Link]

[Link]

Create and configure a virtual network gateway

[Link]

Diagnose and resolve VPN gateway connectivity issues

[Link]
cannot-connect

[Link]
connectivity

Design, implement, and manage a point-to-site VPN connection

Select an appropriate virtual network gateway SKU

[Link]

Plan and configure RADIUS authentication

[Link]

Plan and configure certificate-based authentication

[Link]
manager-portal

Plan and configure openvpn authentication

[Link]
Plan and configure Azure Active Directory (Azure AD) authentication

[Link]

Implement a VPN client configuration file

[Link]

[Link]
cert

Diagnose and resolve client-side and authentication issues

[Link]
connection-problems

[Link]

Design, implement, and manage Azure ExpressRoute

Choose between provider and direct model (expressroute Direct)

[Link]
using-a-service-provider-and-expressroute-direct

Design and implement Azure cross-region connectivity between multiple expressroute

Locations

[Link]

Select an appropriate expressroute SKU and tier

[Link]
gateways#gwsku

Design and implement expressroute Global Reach

[Link]

[Link]

Design and implement expressroute fastpath

[Link]

[Link]
fastpath

Choose between private peering only, Microsoft peering only, or both

[Link]
peerings#routingdomains

[Link]
peerings#peeringcompare
Configure private peering

[Link]
peering?toc=/azure/expressroute/[Link]

Configure Microsoft peering

[Link]

Create and configure an expressroute gateway

[Link]
gateways

[Link]
resource-manager

Connect a virtual network to an expressroute circuit

[Link]
resource-manager

Recommend a route advertisement configuration

[Link]
routes

Configure encryption over expressroute

[Link]

Implement Bidirectional Forwarding Detection

[Link]

Diagnose and resolve expressroute connection issues

[Link]
performance

Design and Implement Core Networking Infrastructure (20–25%)

Design and implement private IP addressing for VNets
Create a vnet

[Link]

Plan and configure subnetting for services, including vnet gateways, private endpoints,

Firewalls, application gateways, and vnet-integrated platform services

[Link]
with-cidr-notation/ba-p/2047809

[Link]
Plan and configure subnet delegation

[Link]

[Link]

Design and implement name resolution

Design public DNS zones

[Link]

Design private DNS zones

[Link]

Design name resolution inside a vnet

[Link]
and-role-instances

Configure a public or private DNS zone

[Link]

[Link]

Link a private DNS zone to a vnet

[Link]

Design and implement cross-VNet connectivity

Design service chaining, including gateway transit

[Link]

[Link]
chaining

Design vpn connectivity between vnets

[Link]
manager-portal

Implement vnet peering

[Link]

Design and implement an Azure Virtual WAN architecture

Design an Azure Virtual WAN architecture, including selecting skus and services

[Link]

[Link]

Connect a vnet gateway to Azure Virtual WAN

[Link]
Create a hub in Virtual WAN

[Link]

Create a network virtual appliance (NVA) in a virtual hub

[Link]

[Link]

Configure virtual hub routing

[Link]

[Link]

Create a connection unit

[Link]

Design and Implement Routing (25–30%)

Design, implement, and manage vnet routing
Design and implement user-defined routes (udrs)

[Link]
defined

[Link]

Associate a route table with a subnet

[Link]
table-to-a-subnet

Configure forced tunneling

[Link]

Diagnose and resolve routing issues

[Link]
powershell

[Link]

Design and implement an Azure Load Balancer

Choose an Azure Load Balancer SKU (Basic versus Standard)

[Link]

Choose between public and internal

[Link]
Create and configure an Azure Load Balancer (including cross-region)

[Link]
portal?tabs=option-1-create-load-balancer-standard

[Link]

Implement a load balancing rule

[Link]
load-balancer-rule

Create and configure inbound NAT rules

[Link]
portal#create-an-inbound-nat-port-forwarding-rule

Create explicit outbound rules for a load balancer

[Link]

[Link]
portal?tabs=option-1-create-load-balancer-standard#create-outbound-rule-configuration

Design and implement Azure Application Gateway

Recommend Azure Application Gateway deployment options

[Link]

Choose between manual and autoscale

[Link]
redundant#scaling-application-gateway-and-waf-v2

Create a back-end pool

[Link]

Configure health probes

[Link]
portal#create-probe-for-application-gateway-v2-sku

Configure listeners

[Link]

Configure routing rules

[Link]

Configure HTTP settings

[Link]

Configure Transport Layer Security (TLS)

[Link]
powershell
Configure rewrite policies

[Link]

Implement Azure Front Door

Choose an Azure Front Door SKU

[Link]

Configure health probes, including customization of HTTP response codes

[Link]

Configure SSL termination and end-to-end SSL encryption

[Link]
custom-domain

Configure multisite listeners

[Link]

Configure back-end targets

[Link]

Configure routing rules, including redirection rules

[Link]

[Link]

Implement an Azure Traffic Manager profile

Configure a routing method (mode)

[Link]

[Link]
method

Configure endpoints

[Link]
profile#add-traffic-manager-endpoints

Create HTTP settings

[Link]
endpoint-monitoring

Design and implement an Azure Virtual Network NAT

Choose when to use a Virtual Network NAT

[Link]

Allocate public IP or public IP prefixes for a NAT gateway

[Link]
Associate a Virtual Network NAT with a subnet

[Link]

Secure and Monitor Networks (15–20%)

Design, implement, and manage an Azure Firewall deployment
Design an Azure Firewall deployment

[Link]

Create and implement an Azure Firewall deployment

[Link]

Configure Azure Firewall rules

[Link]

Create and implement Azure Firewall Manager policies

[Link]

Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

[Link]

[Link]

Integrate an Azure Virtual WAN hub with a third-party NVA

[Link]

[Link]

Implement and manage network security groups (nsgs)

Create an NSG

[Link]
network-security-group

Associate an NSG to a resource

[Link]
interface#associate-or-dissociate-a-network-security-group

[Link]
network-security-group-to-subnet

Create an application security group (ASG)

[Link]
application-security-groups

Associate an ASG to a NIC

[Link]
interface#associate-or-dissociate-a-network-security-group
Create and configure NSG rules

[Link]
security-rule

Interpret NSG flow logs

[Link]

Validate NSG flow rules

[Link]
overview

Verify IP flow

[Link]

[Link]

Implement a Web Application Firewall (WAF) deployment

Configure detection or prevention mode

[Link]

[Link]
portal#change-mode

Configure rule sets for Azure Front Door, including Microsoft managed and user defined

[Link]
portal#default-rule-set-drs

[Link]
drs?tabs=drs20

[Link]

Configure rule sets for Application Gateway, including Microsoft managed and user Defined

[Link]
rulegroups-rules?tabs=owasp31

[Link]

[Link]
firewall/ag/[Link]

Implement a WAF policy

[Link]

Associate a WAF policy

[Link]
gateway
Monitor networks
Configure network health alerts and logging by using Azure Monitor

[Link]
overview#networkhealth

Create and configure a Connection Monitor instance

[Link]

Configure and use Traffic Analytics

[Link]

Configure NSG flow logs

[Link]
resource-manager

Enable and configure diagnostic logging

[Link]

Configure Azure Network Watcher

[Link]

Design and Implement Private Access to Azure Services (10–15%)

Design and implement Azure Private Link service and Azure Private Endpoint
Create a Private Link service

[Link]

Plan private endpoints

[Link]

Create private endpoints

[Link]

Configure access to private endpoints

[Link]

Integrate Private Link with DNS

[Link]
practices/private-link-and-dns-integration-at-scale

Integrate a Private Link service with on-premises clients

[Link]
Design and implement service endpoints
Create service endpoints

[Link]
resources

Configure service endpoint policies

[Link]
portal

Configure service tags

[Link]

Configure access to service endpoints

[Link]

Configure vnet integration for dedicated platform as a service (paas) services

Configure App Service for regional vnet integration

[Link]

Configure Azure Kubernetes Service (AKS) for regional vnet integration

[Link]

Configure clients to access App Service Environment

[Link]