Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn’t available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of October 31, 2023
Audience profile
As a candidate for this exam, you should have subject matter expertise in planning, implementing, and managing Azure networking solutions, including:
Core network infrastructure
Hybrid connectivity
Application delivery services
Private access to Azure services
Network security
As an Azure network engineer your responsibilities include optimizing performance, resiliency, scale, and security of Azure networking solutions. You deploy the solutions by using the Azure portal, the command line, and templates. You proactively monitor network environments to identify issues and minimize risk.
To deliver Azure solutions, you work with:
Solution architects
Cloud administrators
Security engineers
Application developers
DevOps engineers
You also assist Azure support engineers in resolving connectivity issues reported by customers.
As a candidate for this exam, you should have experience creating and managing compute, storage, and networking resources in Azure. You should understand networking fundamentals, such as:
Name resolution
Network protocols
Network address management
Skills at a glance
Design and implement core networking infrastructure (20–25%)
Design, implement, and manage connectivity services (20–25%)
Design and implement application delivery services (20–25%)
Design and implement private access to Azure services (5–10%)
Secure network connectivity to Azure resources (15–20%)
Design and implement core networking infrastructure (20–25%)
Design and implement IP addressing for Azure resources
Plan and implement network segmentation and address spaces
Create a virtual network (VNet)
Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion
Plan and configure subnet delegation
Create a prefix for public IP addresses
Choose when to use a public IP address prefix
Plan and implement a custom public IP address prefix (bring your own IP)
Create a new public IP address
Associate public IP addresses to resources
Design and implement name resolution
Design name resolution inside a VNet
Configure DNS settings for a VNet
Design public DNS zones
Design private DNS zones
Configure a public or private DNS zone
Link a private DNS zone to a VNet
Design and implement DNS private resolver
Design and implement VNet connectivity and routing
Design service chaining, including gateway transit
Design virtual private network (VPN) connectivity between VNets
Implement VNet peering
Design and implement user-defined routes (UDRs)
Associate a route table with a subnet
Configure forced tunneling
Diagnose and resolve routing issues
Design and implement Azure Route Server
Identify appropriate use cases for a network address translation (NAT) gateway in the virtual network
Implement a NAT gateway
Monitor networks
Configure monitoring, network diagnostics, and logs in Azure Network Watcher
Monitor and repair network health by using Azure Network Watcher
Activate and monitor distributed denial-of-service (DDoS) protection
Activate and monitor Microsoft Defender for DNS
Design, implement, and manage connectivity services (20–25%)
Design, implement, and manage a site-to-site VPN connection
Design a site-to-site VPN connection, including for high availability
Select an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements
Implement a site-to-site VPN connection
Identify when to use a policy-based VPN versus a route-based VPN connection
Create and configure an IPsec/Internet Key Exchange (IKE) policy
Diagnose and resolve virtual network gateway connectivity issues
Implement Azure Extended Network
Design, implement, and manage a point-to-site VPN connection
Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
Select and configure a tunnel type
Select an appropriate authentication method
Configure RADIUS authentication
Configure certificate-based authentication
Configure authentication by using Microsoft Entra ID
Implement a VPN client configuration file
Diagnose and resolve client-side and authentication issues
Specify Azure requirements for Always On authentication
Specify Azure requirements for Azure Network Adapter
Design, implement, and manage Azure ExpressRoute
Select an ExpressRoute connectivity model
Select an appropriate ExpressRoute SKU and tier
Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery
Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct
Choose between private peering only, Microsoft peering only, or both
Configure private peering
Configure Microsoft peering
Create and configure an ExpressRoute gateway
Connect a virtual network to an ExpressRoute circuit
Recommend a route advertisement configuration
Configure encryption over ExpressRoute
Implement Bidirectional Forwarding Detection
Diagnose and resolve ExpressRoute connection issues
Design and implement an Azure Virtual WAN architecture
Select a Virtual WAN SKU
Design a Virtual WAN architecture, including selecting types and services
Create a hub in Virtual WAN
Choose an appropriate scale unit for each gateway type
Deploy a gateway into a Virtual WAN hub
Configure virtual hub routing
Create a network virtual appliance (NVA) in a virtual hub
Integrate a Virtual WAN hub with a third-party NVA
Examkingdom Oracle AZ-700 Exam pdf,
Best Microsoft AZ-700 downloads, Microsoft AZ-700 Dumps at Certkingdom.com
Design and implement application delivery services (20–25%)
Design and implement an Azure Load Balancer
Map requirements to features and capabilities of Azure Load Balancer
Identify appropriate use cases for Azure Load Balancer
Choose an Azure Load Balancer SKU and tier
Choose between public and internal
Choose between regional and global
Create and configure an Azure Load Balancer
Implement a load balancing rule
Create and configure inbound NAT rules
Create and configure explicit outbound rules, including source network address translation (SNAT)
Design and implement Azure Application Gateway
Map requirements to features and capabilities of Azure Application Gateway
Identify appropriate use cases for Azure Application Gateway
Choose between manual and autoscale
Create a back-end pool
Configure health probes
Configure listeners
Configure routing rules
Configure HTTP settings
Configure Transport Layer Security (TLS)
Configure rewrite sets
Design and implement Azure Front Door
Map requirements to features and capabilities of Azure Front Door
Identify appropriate use cases for Azure Front Door
Choose an appropriate tier
Configure an Azure Front Door, including routing, origins, and endpoints
Configure SSL termination and end-to-end SSL encryption
Configure caching
Configure traffic acceleration
Implement rules, URL rewrite, and URL redirect
Secure an origin by using Azure Private Link in Azure Front Door
Design and implement Azure Traffic Manager
Identify appropriate use cases for Azure Traffic Manager
Configure a routing method
Configure endpoints
Design and implement private access to Azure services (5–10%)
Design and implement Azure Private Link service and Azure private endpoints
Plan private endpoints
Create private endpoints
Configure access to private endpoints
Create a Private Link service
Integrate Private Link and Private Endpoint with DNS
Integrate a Private Link service with on-premises clients
Design and implement service endpoints
Choose when to use a service endpoint
Create service endpoints
Configure service endpoint policies
Configure access to service endpoints
Secure network connectivity to Azure resources (15–20%)
Implement and manage network security groups
Create a network security group (NSG)
Associate a NSG to a resource
Create an application security group (ASG)
Associate an ASG to a network interface card (NIC)
Create and configure NSG rules
Interpret NSG flow logs
Validate NSG flow rules
Verify IP flow
Configure an NSG for remote server administration, including Azure Bastion
Design and implement Azure Firewall and Azure Firewall Manager
Map requirements to features and capabilities of Azure Firewall
Select an appropriate Azure Firewall SKU
Design an Azure Firewall deployment
Create and implement an Azure Firewall deployment
Configure Azure Firewall rules
Create and implement Azure Firewall Manager policies
Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub
Design and implement a Web Application Firewall (WAF) deployment
Map requirements to features and capabilities of WAF
Design a WAF deployment
Configure detection or prevention mode
Configure rule sets for WAF on Azure Front Door
Configure rule sets for WAF on Application Gateway
Implement a WAF policy
Associate a WAF policy
Sample Question and Answers
Design, Implement and Manage Hybrid Networking
Testlet 1
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would
like to complete each case. However, there may be additional case studies and sections on this exam. You
must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information
such as business requirements, existing environment, and problem statements. When you are ready to answer
a question, click the Question button to return to the question.
Overview
Litware, Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the
United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment
Hybrid Environment
The on-premises network contains an Active Directory forest named litwareinc.com that syncs to an Azure
Active Directory (Azure AD) tenant named litwareinc.com by using Azure AD Connect.
All offices connect to a virtual network named Vnet1 by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1
contains resources in the East US Azure region as shown in the following table.
A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and
Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram
Requirements
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.
Ensure that the records in the cloud.litwareinc.com can be resolved from the on-premises locations.
Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
Minimize the size of the subnets allocated to platform-managed services.
Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely.
Connections must be authenticated by Azure AD.
Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.
The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath
connection.
Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
The storage1 account must be accessible from all on-premises locations without exposing the public
endpoint of storage1.
The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.
QUESTION 1
HOTSPOT
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The
solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Design, Implement and Manage Hybrid Networking
Testlet 2
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would
like to complete each case. However, there may be additional case studies and sections on this exam. You
must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information
such as business requirements, existing environment, and problem statements. When you are ready to answer
a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.
The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom
security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements
Virtual Network Requirements
Contoso has the following virtual network requirements:
Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
– Two container groups that connect to Vnet6
– Three virtual machines that connect to Vnet6
– Allow VPN connections to be established to Vnet6
– Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network.
The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound
network traffic from Subnet2 to the internet.
Network Security Requirements
Contoso has the following network security requirements:
Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
Enable NSG flow logs for NSG3 and NSG4.
Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound
security rules shown in the following table.
Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound
security rules shown in the following table.
QUESTION 2
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
A. IKEv2 and OpenVPN (SSL)
B. IKEv2
C. IKEv2 and SSTP (SSL)
D. OpenVPN (SSL)
E. SSTP (SSL)
Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference:
Design, Implement and Manage Hybrid Networking
Question Set 3
QUESTION 3
Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York.
The company only has Azure resources in the East US region.
You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited
data plans. The solution must minimize costs.
Which type of ExpressRoute circuits should you create?
A. ExpressRoute Local
B. ExpressRoute Direct
C. ExpressRoute Premium
D. ExpressRoute Standard
Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference:
QUESTION 4
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by an on-premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication?
A. an Azure key vault
B. a RADIUS server
C. a certification authority
D. Azure Active Directory (Azure AD) Application Proxy
Answer: B
QUESTION 5
You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.
Which two Azure resources should you configure? Each correct answer presents a part of the solution.
(Choose two.)
NOTE: Each correct selection is worth one point.
A. a virtual network gateway
B. Azure Application Gateway
C. Azure Firewall
D. a local network gateway
E. Azure Front Door
Answer: A,D
QUESTION 6
You fail to establish a Site-to-Site VPN connection between your company?s main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review?
A. IKEDiagnosticLog
B. RouteDiagnosticLog
C. GatewayDiagnosticLog
D. TunnelDiagnosticLog
Answer: A
QUESTION 7
You have an Azure virtual network and an on-premises datacenter.
You are planning a Site-to-Site VPN connection between the datacenter and the virtual network.
Which two resources should you include in your plan? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a user-defined route
B. a virtual network gateway
C. Azure Firewall
D. Azure Web Application Firewall (WAF)
E. an on-premises data gateway
F. an Azure application gateway
G. a local network gateway
Answer: BG
Students Reviews and Discussion
Zia Meer 1 year, 8 months ago Canada – Ontario
Passed easily the exam today
55 Questions: 41 multiple choice (5 new the rest form here) and the 2 Case Study present in this dump (5 question the first and 9 questions the second).
Surprisingly no question about Connected Field Service and very few about Workstreams and other new topics despite i was prepared for that.
Thanks!
upvoted 1 times
PEREIRA KRISNAMURTI 1 year, 9 months ago – São Paulo Brazil
Took test 2/1/22 passed with this dump.
upvoted 2 times
Omar Salgado 1 year, 9 months ago – Puerto Rico
I took on 2.6.2022. About 75% of the questions were on the exam. There were some field service questions embedded into the exam, which I didn’t remotely expect. I passed.
upvoted 2 times
Bin Bakkre 1 year, 10 months ago – Dhaka Bangladesh
I passed my exam on 10-Jan-22. Many questions from this practice set. Case study based questions (almost 15) were also from this set but those are accessible after I had contributor access. As you know the exam syllabus has changed in Oct-21 so there are ~10 questions where you will need depth knowledge of omnichannel, power virtual agents, analytics.
upvoted 3 times
djabour Nacer 1 year, 11 months ago – USA – Texas
Passed. About 5 questions were not in the Certkingdom.
Had case study with Lamna Healthcare Company but 2 new questions.
Thank you Certkingdom.
upvoted 3 times
GhoshVivek 1 year, 11 months ago – USA – California
I sat the exam today, I would estimate that 80% of questions were covered here.
upvoted 1 times
Nimesha Thilakarathna 1 years ago – Qatar
Passed my exam yesterday, 85% of the questions from Certkingdom. Few of new questions and new user stories.
upvoted 1 times