9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft

Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Study guide for Exam AZ-700: Designing and Implementing

Microsoft Azure Networking Solutions
Article • 05/30/2024

Purpose of this document

This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional
resources. The information and materials in this document should help you focus your studies as you prepare for the exam.

ﾉ Expand table

Useful links Description

Review the skills measured as of July 26, 2024 This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date.

Review the skills measured prior to July 26, Study this list of skills if you take your exam PRIOR to the date provided.
2024

Change log You can go directly to the change log if you want to see the changes that will be made on the date provided.

How to earn the certification Some certifications only require passing one exam, while others require passing multiple exams.

Certification renewal Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft
Learn.

Your Microsoft Learn profile Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates.

Exam scoring and score reports A score of 700 or greater is required to pass.

Exam sandbox You can explore the exam environment by visiting our exam sandbox.

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 1/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Useful links Description

Request accommodations If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an
accommodation.

Take a free Practice Assessment Test your skills with practice questions to help you prepare for the exam.

Updates to the exam

Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on
when you are taking the exam.

We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks
after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an
exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in
your preferred language, you can request an additional 30 minutes to complete the exam.

Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.

Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Skills measured as of July 26, 2024

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 2/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Audience profile
As a candidate for this exam, you should have subject matter expertise in planning, implementing, and managing Azure networking solutions, including:

Core network infrastructure

Hybrid connectivity

Application delivery services

Private access to Azure services

Network security

As an Azure network engineer your responsibilities include optimizing performance, resiliency, scale, and security of Azure networking solutions. You proactively
monitor network environments to identify issues and minimize risk. You also identify and resolve connectivity issues.

To deliver Azure solutions, you work with:

Solution architects

Cloud administrators

Security engineers

Application developers

DevOps engineers

As a candidate for this exam, you should have experience creating and managing compute, storage, and networking resources in Azure. You should understand
networking fundamentals, such as:

Name resolution

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 3/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Network protocols

Network address management

Skills at a glance
Design and implement core networking infrastructure (25–30%)

Design, implement, and manage connectivity services (20–25%)

Design and implement application delivery services (15–20%)

Design and implement private access to Azure services (10–15%)

Design and implement Azure network security services (15–20%)

Design and implement core networking infrastructure (25–30%)

Design and implement IP addressing for Azure resources

Plan and implement network segmentation and address spaces

Create a virtual network (VNet)

Plan and configure subnetting for services, including VNet gateways, private endpoints, service endpoints, firewalls, application gateways, VNet-integrated
platform services, and Azure Bastion

Plan and configure subnet delegation

Plan and configure shared or dedicated subnets

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 4/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Create a prefix for public IP addresses

Choose when to use a public IP address prefix

Plan and implement a custom public IP address prefix (bring your own IP)

Create a public IP address

Associate public IP addresses to resources

Upgrade IP address SKU

Design and implement name resolution

Design name resolution inside a VNet

Configure DNS settings for a VNet

Design public DNS zones

Design private DNS zones

Configure public and private DNS zones

Link a private DNS zone to a VNet

Design and implement Azure DNS Private Resolver

Design and implement VNet connectivity and routing

Design service chaining, including gateway transit

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 5/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Implement VNet peering

Implement and manage virtual networks by using Azure Virtual Network Manager

Design and implement user-defined routes (UDRs)

Associate a route table with a subnet

Configure forced tunneling

Diagnose and resolve routing issues

Design and implement Azure Route Server

Identify appropriate use cases for a network address translation (NAT) gateway

Implement a NAT gateway

Monitor networks
Configure monitoring, network diagnostics, and logs in Azure Network Watcher

Monitor and troubleshoot network health by using Azure Network Watcher

Monitor and troubleshoot networks by using Azure Monitor Network Insights

Activate and monitor distributed denial-of-service (DDoS) protection

Evaluate network security recommendations identified by Microsoft Defender for Cloud Secure Score

Evaluate network security recommendations identified by Microsoft Defender For Cloud Attack Path Analysis

Identify network resources by using Microsoft Defender for Cloud Security Explorer

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 6/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Design, implement, and manage connectivity services (20–25%)

Design, implement, and manage a site-to-site VPN connection

Design a site-to-site VPN connection, including for high availability

Select an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements

Implement a site-to-site VPN connection

Identify when to use a policy-based VPN versus a route-based VPN connection

Create and configure a local network gateway

Create and configure an IPsec/Internet Key Exchange (IKE) policy

Create and configure a virtual network gateway

Diagnose and resolve virtual network gateway connectivity issues

Implement Azure Extended Network

Design, implement, and manage a point-to-site VPN connection

Select an appropriate virtual network gateway SKU for point-to-site VPN requirements

Select and configure a tunnel type

Select an appropriate authentication method

Configure RADIUS authentication

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 7/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure authentication by using Microsoft Entra ID

Implement a VPN client configuration file

Diagnose and resolve client-side and authentication issues

Specify Azure requirements for Always On VPN

Specify Azure requirements for Azure Network Adapter

Design, implement, and manage Azure ExpressRoute

Select an ExpressRoute connectivity model

Select an appropriate ExpressRoute SKU and tier

Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery

Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct

Choose between Azure private peering only, Microsoft peering only, or both

Configure Azure private peering

Configure Microsoft peering

Create and configure an ExpressRoute gateway

Connect a virtual network to an ExpressRoute circuit

Recommend a route advertisement configuration

Configure encryption over ExpressRoute

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 8/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Implement Bidirectional Forwarding Detection

Diagnose and resolve ExpressRoute connection issues

Design and implement an Azure Virtual WAN architecture

Select a Virtual WAN SKU

Design a Virtual WAN architecture, including selecting types and services

Create a hub in Virtual WAN

Choose an appropriate scale unit for each gateway type

Deploy a gateway into a Virtual WAN hub

Configure virtual hub routing

Integrate a Virtual WAN hub with a third-party NVA for cloud connectivity

Design and implement application delivery services (15–20%)

Design and implement Azure Load Balancer and Azure Traffic Manager
Map requirements to features and capabilities of Azure Load Balancer

Identify appropriate use cases for Azure Load Balancer

Choose an Azure Load Balancer SKU and tier

Choose between public and internal load balancers

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 9/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Choose between regional and global load balancers

Create and configure an Azure Load Balancer

Implement Azure Traffic Manager

Implement a gateway load balancer

Implement a load balancing rule

Create and configure inbound NAT rules

Create and configure explicit outbound rules, including source network address translation (SNAT)

Design and implement Azure Application Gateway

Map requirements to features and capabilities of Azure Application Gateway

Identify appropriate use cases for Azure Application Gateway

Choose between manual and autoscale

Create a back-end pool

Configure health probes

Configure listeners

Configure routing rules

Configure HTTP settings

Configure Transport Layer Security (TLS)

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 10/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure rewrite sets

Design and implement Azure Front Door

Map requirements to features and capabilities of Azure Front Door

Identify appropriate use cases for Azure Front Door

Choose an appropriate tier

Configure an Azure Front Door, including routing, origins, and endpoints

Configure SSL termination and end-to-end SSL encryption

Configure caching

Configure traffic acceleration

Implement rules, URL rewrite, and URL redirect

Secure an origin by using Azure Private Link in Azure Front Door

Design and implement private access to Azure services (10–15%)

Design and implement Azure Private Link service and Azure private endpoints
Plan private endpoints

Create private endpoints

Configure access to private endpoints

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 11/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Create a Private Link service

Integrate Private Link and Private Endpoint with DNS

Integrate a Private Link service with on-premises clients

Design and implement service endpoints

Choose when to use a service endpoint

Create service endpoints

Configure service endpoint policies

Configure access to service endpoints

Design and implement Azure network security services (15–20%)

Implement and manage network security groups

Create a network security group (NSG)

Associate a NSG to a resource

Create an application security group (ASG)

Associate an ASG to a network interface card (NIC)

Create and configure NSG rules

Interpret NSG flow logs

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 12/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Validate NSG flow rules

Verify IP flow

Configure an NSG for remote server administration, including Azure Bastion

Design and implement Azure Firewall and Azure Firewall Manager

Map requirements to features and capabilities of Azure Firewall

Select an appropriate Azure Firewall SKU

Design an Azure Firewall deployment

Create and implement an Azure Firewall deployment

Configure Azure Firewall rules

Create and implement Azure Firewall Manager policies

Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

Design and implement a Web Application Firewall (WAF) deployment

Map requirements to features and capabilities of WAF

Design a WAF deployment

Configure detection or prevention mode

Configure rule sets for WAF on Azure Front Door

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 13/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure rule sets for WAF on Application Gateway

Implement a WAF policy

Associate a WAF policy

Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to
documentation, community sites, and videos.

ﾉ Expand table

Study resources Links to learning and documentation

Get trained Choose from self-paced learning paths and modules or take an instructor-led course

Find documentation Azure documentation

Virtual Private Networking (VPN)
Microsoft Entra ID documentation
RADIUS authentication with Azure Active Directory
Azure ExpressRoute Overview
Create virtual network (VNet)
DNS Zones and Records overview - Azure DNS
Azure Virtual WAN Overview
Azure Route Server documentation
Load Balancer
Azure Application Gateway documentation
Azure Front Door and CDN documentation
Azure Traffic Manager
Azure NAT Gateway documentation
Azure Firewall documentation
Web Application Firewall documentation
https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 14/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Study resources Links to learning and documentation

Azure Monitor documentation

What is Azure Private Link?
Manage Azure Private Endpoints

Ask a question Microsoft Q&A | Microsoft Docs

Get community support Azure Community Support

Follow Microsoft Learn Microsoft Learn - Microsoft Tech Community

Find a video Exam Readiness Zone

Azure Fridays
Browse other Microsoft Learn shows

Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a
comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.

ﾉ Expand table

Skill area prior to July 26, 2024 Skill area as of July 26, 2024 Change

Audience profile No change

Design and implement core networking infrastructure Design and implement core networking infrastructure No change

Design and implement IP addressing for Azure resources Design and implement IP addressing for Azure resources Minor

Design and implement name resolution Design and implement name resolution No change

Design and implement VNet connectivity and routing Design and implement VNet connectivity and routing No change

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 15/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Skill area prior to July 26, 2024 Skill area as of July 26, 2024 Change

Monitor networks Monitor networks No change

Design, implement, and manage connectivity services Design, implement, and manage connectivity services No change

Design, implement, and manage a site-to-site VPN connection Design, implement, and manage a site-to-site VPN connection No change

Design, implement, and manage a point-to-site VPN connection Design, implement, and manage a point-to-site VPN connection No change

Design, implement, and manage Azure ExpressRoute Design, implement, and manage Azure ExpressRoute No change

Design and implement an Azure Virtual WAN architecture Design and implement an Azure Virtual WAN architecture No change

Design and implement application delivery services Design and implement application delivery services No change

Design and implement Azure Load Balancer and Azure Traffic Manager Design and implement Azure Load Balancer and Azure Traffic Manager No change

Design and implement Azure Application Gateway Design and implement Azure Application Gateway No change

Design and implement Azure Front Door Design and implement Azure Front Door No change

Design and implement private access to Azure services Design and implement private access to Azure services No change

Design and implement Azure Private Link service and Azure private endpoints Design and implement Azure Private Link service and Azure private endpoints No change

Design and implement service endpoints Design and implement service endpoints No change

Design and implement Azure network security services Design and implement Azure network security services No change

Implement and manage network security groups Implement and manage network security groups No change

Design and implement Azure Firewall and Azure Firewall Manager Design and implement Azure Firewall and Azure Firewall Manager No change

Design and implement a Web Application Firewall (WAF) deployment Design and implement a Web Application Firewall (WAF) deployment No change

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 16/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Skills measured prior to July 26, 2024

Audience profile
As a candidate for this exam, you should have subject matter expertise in planning, implementing, and managing Azure networking solutions, including:

Core network infrastructure

Hybrid connectivity

Application delivery services

Private access to Azure services

Network security

As an Azure network engineer your responsibilities include optimizing performance, resiliency, scale, and security of Azure networking solutions. You proactively
monitor network environments to identify issues and minimize risk. You also identify and resolve connectivity issues.

To deliver Azure solutions, you work with:

Solution architects

Cloud administrators

Security engineers

Application developers

DevOps engineers

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 17/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

As a candidate for this exam, you should have experience creating and managing compute, storage, and networking resources in Azure. You should understand
networking fundamentals, such as:

Name resolution

Network protocols

Network address management

Skills at a glance
Design and implement core networking infrastructure (25–30%)

Design, implement, and manage connectivity services (20–25%)

Design and implement application delivery services (15–20%)

Design and implement private access to Azure services (10–15%)

Design and implement Azure network security services (15–20%)

Design and implement core networking infrastructure (25–30%)

Design and implement IP addressing for Azure resources

Plan and implement network segmentation and address spaces

Create a virtual network (VNet)

Plan and configure subnetting for services, including VNet gateways, private endpoints, service endpoints, firewalls, application gateways, VNet-integrated
platform services, and Azure Bastion
https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 18/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Plan and configure subnet delegation

Plan and configure shared or dedicated subnets

Create a prefix for public IP addresses

Choose when to use a public IP address prefix

Plan and implement a custom public IP address prefix (bring your own IP)

Create a public IP address

Associate public IP addresses to resources

Design and implement name resolution

Design name resolution inside a VNet

Configure DNS settings for a VNet

Design public DNS zones

Design private DNS zones

Configure public and private DNS zones

Link a private DNS zone to a VNet

Design and implement Azure DNS Private Resolver

Design and implement VNet connectivity and routing

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 19/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Design service chaining, including gateway transit

Implement VNet peering

Implement and manage virtual networks by using Azure Virtual Network Manager

Design and implement user-defined routes (UDRs)

Associate a route table with a subnet

Configure forced tunneling

Diagnose and resolve routing issues

Design and implement Azure Route Server

Identify appropriate use cases for a network address translation (NAT) gateway

Implement a NAT gateway

Monitor networks
Configure monitoring, network diagnostics, and logs in Azure Network Watcher

Monitor and troubleshoot network health by using Azure Network Watcher

Monitor and troubleshoot networks by using Azure Monitor Network Insights

Activate and monitor distributed denial-of-service (DDoS) protection

Evaluate network security recommendations identified by Microsoft Defender for Cloud Secure Score

Evaluate network security recommendations identified by Microsoft Defender For Cloud Attack Path Analysis

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 20/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Identify network resources by using Microsoft Defender for Cloud Security Explorer

Design, implement, and manage connectivity services (20–25%)

Design, implement, and manage a site-to-site VPN connection

Design a site-to-site VPN connection, including for high availability

Select an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements

Implement a site-to-site VPN connection

Identify when to use a policy-based VPN versus a route-based VPN connection

Create and configure a local network gateway

Create and configure an IPsec/Internet Key Exchange (IKE) policy

Create and configure a virtual network gateway

Diagnose and resolve virtual network gateway connectivity issues

Implement Azure Extended Network

Design, implement, and manage a point-to-site VPN connection

Select an appropriate virtual network gateway SKU for point-to-site VPN requirements

Select and configure a tunnel type

Select an appropriate authentication method

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 21/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure RADIUS authentication

Configure authentication by using Microsoft Entra ID

Implement a VPN client configuration file

Diagnose and resolve client-side and authentication issues

Specify Azure requirements for Always On VPN

Specify Azure requirements for Azure Network Adapter

Design, implement, and manage Azure ExpressRoute

Select an ExpressRoute connectivity model

Select an appropriate ExpressRoute SKU and tier

Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery

Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct

Choose between Azure private peering only, Microsoft peering only, or both

Configure Azure private peering

Configure Microsoft peering

Create and configure an ExpressRoute gateway

Connect a virtual network to an ExpressRoute circuit

Recommend a route advertisement configuration

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 22/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure encryption over ExpressRoute

Implement Bidirectional Forwarding Detection

Diagnose and resolve ExpressRoute connection issues

Design and implement an Azure Virtual WAN architecture

Select a Virtual WAN SKU

Design a Virtual WAN architecture, including selecting types and services

Create a hub in Virtual WAN

Choose an appropriate scale unit for each gateway type

Deploy a gateway into a Virtual WAN hub

Configure virtual hub routing

Integrate a Virtual WAN hub with a third-party NVA for cloud connectivity

Design and implement application delivery services (15–20%)

Design and implement Azure Load Balancer and Azure Traffic Manager
Map requirements to features and capabilities of Azure Load Balancer

Identify appropriate use cases for Azure Load Balancer

Choose an Azure Load Balancer SKU and tier

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 23/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Choose between public and internal load balancers

Choose between regional and global load balancers

Create and configure an Azure Load Balancer

Implement Azure Traffic Manager

Implement a gateway load balancer

Implement a load balancing rule

Create and configure inbound NAT rules

Create and configure explicit outbound rules, including source network address translation (SNAT)

Design and implement Azure Application Gateway

Map requirements to features and capabilities of Azure Application Gateway

Identify appropriate use cases for Azure Application Gateway

Choose between manual and autoscale

Create a back-end pool

Configure health probes

Configure listeners

Configure routing rules

Configure HTTP settings

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 24/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure Transport Layer Security (TLS)

Configure rewrite sets

Design and implement Azure Front Door

Map requirements to features and capabilities of Azure Front Door

Identify appropriate use cases for Azure Front Door

Choose an appropriate tier

Configure an Azure Front Door, including routing, origins, and endpoints

Configure SSL termination and end-to-end SSL encryption

Configure caching

Configure traffic acceleration

Implement rules, URL rewrite, and URL redirect

Secure an origin by using Azure Private Link in Azure Front Door

Design and implement private access to Azure services (10–15%)

Design and implement Azure Private Link service and Azure private endpoints
Plan private endpoints

Create private endpoints

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 25/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure access to private endpoints

Create a Private Link service

Integrate Private Link and Private Endpoint with DNS

Integrate a Private Link service with on-premises clients

Design and implement service endpoints

Choose when to use a service endpoint

Create service endpoints

Configure service endpoint policies

Configure access to service endpoints

Design and implement Azure network security services (15–20%)

Implement and manage network security groups

Create a network security group (NSG)

Associate a NSG to a resource

Create an application security group (ASG)

Associate an ASG to a network interface card (NIC)

Create and configure NSG rules

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 26/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Interpret NSG flow logs

Validate NSG flow rules

Verify IP flow

Configure an NSG for remote server administration, including Azure Bastion

Design and implement Azure Firewall and Azure Firewall Manager

Map requirements to features and capabilities of Azure Firewall

Select an appropriate Azure Firewall SKU

Design an Azure Firewall deployment

Create and implement an Azure Firewall deployment

Configure Azure Firewall rules

Create and implement Azure Firewall Manager policies

Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

Design and implement a Web Application Firewall (WAF) deployment

Map requirements to features and capabilities of WAF

Design a WAF deployment

Configure detection or prevention mode

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 27/28
9/14/24, 12:58 PM Study guide for Exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions | Microsoft Learn

Configure rule sets for WAF on Azure Front Door

Configure rule sets for WAF on Application Gateway

Implement a WAF policy

Associate a WAF policy

https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-700 28/28