The Azure Network Engineer exam is an associate-level exam in the Azure domain exams that is highly focused on the Networking aspect of Azure services. However, the exam outline covers many essential topics that you are expected to know in your day-to-day life regardless of everything.
In this article, you will find the resources and recommendations if you are preparing for the Azure Network Engineer exam soon. This post is super long, so use the Table of Content to find the appropriate section you are interested in and bookmark it for later use.
Check out the Study Guides for other exams that might be of interest to you.
Table of Content
- Certification Overview
- Exam Prerequisites
- Who is this AZ-700 Exam for?
- What to Expect in the Exam?
- Exam Preparation Recommendations
- Exam Day Tips
- Exam Outline: Microsoft Learn + Docs Reference Links
Azure Network Engineer (AZ-700) is an associate-level exam that validates the skills and expertise of subject matter experts working with networking, security, and infrastructure access controls in Azure Cloud.
The exam aims to validate that you understand how to manage and implement hybrid networking, core networking infrastructure, routing, monitoring, and secure service access to protect data and applications in the cloud and hybrid environments as part of end-to-end security enablement.
If you are planning to attempt the Azure Network Engineer exam, be sure to complete one of the following exams beforehand, as it will give you enough exposure to Azure services and offerings:
It's good to know the following concepts before going into the exam:
- Basic understanding of TCP/IP, DNS, Firewall, and Routing
- Understanding VPN types and their usage
- Understanding different types of networking such as hub-and-spoke to design cloud networking
Who is this AZ-700 Exam for?
On a high-level note, take the exam:
- If you are looking to learn more about Networking, Infrastructure, and Security in Azure cloud services.
- If you are working on Administration, Software development and looking for a chance to move into the Network Engineer role.
- If you are looking to build your network skills and learn to use multiple networking services in the cloud effectively.
What to Expect in the Exam?
The Network Engineer Exam is 150 minutes, including about 30 minutes for the surveys and the assessments, which gives you roughly 120 minutes for the exam. I did find it a little challenging to finish the exam within the time frame. You can expect around 50-60 questions in the exam.
The structure of the exam can vary and range between:
- Case study with multiple questions including two choices and drag-and-drop items.
- Single-choice questions which may not be skipped or reviewed. You only get to answer these questions ONCE.
- Single-choice questions (True/False or Yes/No)
- Multiple-choice questions
Since it's an associate-level exam, it is relatively challenging as it covers many different topics and best practices. Therefore, I recommend you have at least one year of hands-on experience with Azure Cloud Administration and Networking in general before you consider booking the exam.
Exam Preparation Recommendations
There's definitely a lot to cover in this exam, and giving you any list of services or things to learn would be unfair as the expectations for this exam are high. However, below are some topics to consider and focus attention on while preparing for the exam.
- VNet Peering with multiple virtual networks
- Azure Traffic Manager offering and capabilities in various SKUs
- Azure FrontDoor and WAF offering with basic knowledge of different SKU offerings
- Azure VPN including P2S, S2S, and Express Route choices and offer differences
- Azure DNS and usage with Azure Virtual Networks
- Azure Load Balancer and different SKU offerings
- Azure Private and Service endpoints offering and usage
Exam Day Tips
Below are some of my recommendations on the exam and some tips that might be helpful.
- Cover basic knowledge using AZ-104 and AZ-900 exams to familiarize with the Azure offerings' services and Azure offerings.
- Book the exam at least 60-90 days ahead of the time. Try to use the vouchers from a learning partner, or keep an eye for open Cloud Skill Challenges that are often offered via Microsoft.
- If it's your first time doing a Virtual Exam, be sure to read PearsonVUE's exam information to ensure your desk and workspace are clean before going into the exam.
- The time for when to schedule the exam is debatable. If you are a morning person, consider doing it early when your mind is not distracted from the day stuff. On the other hand, I've had challenges with wait time and schedule in the evenings or afternoon PST time zones.
- You have access to a whiteboard where you can brainstorm ideas about the exams. It has been the least used feature of the exam for me personally.
- Adjust the brightness of your screen or turn on Dark Mode before the exam starts. Constantly looking at a white screen with high brightness may affect your focus. Consider changing to dark mode from around the bottom left when you begin.
- Use the Exam Outline to note down your target dates for each module and section so that you keep yourself on track. For example, I usually pick a final date and work backward to calculate how much time I spend on each module and section.
Microsoft Learn Modules
Microsoft Learn offers a wide range of training and preparation material for most of the Azure exams. Below is a list of relevant modules to prepare for this exam:
- Design, Implement and Manage Hybrid Networking
- Design and Implement Core Networking Infrastructure
- Design and Implement Routing
- Secure and Monitor Networks
- Design and Implement Private Access to Azure Services
Cloud Academy AZ-700 Learning Path
The AZ-700 learning path is still under development at Cloud Academy. However, here are some links to the Network learning path and hands-on lab that will help you with some of the preparation:
Pluralsight AZ-700 Training
Watching the work of Tim Warner, he has created the AZ-700 prep course at Pluralsight. The course should get you started by checking a lot of boxes on the exam outline:
WhizLabs Exam Prep
If you are looking for exam prep questions for Azure Network Engineer exam, use the following to get free exam practice questions:
Visual Studio Dev Essentials
Signup for Visual Studio Dev Essentials. You get Free Azure Credit to use the cloud resources and access training platforms like LinkedIn Learning and Pluralsight with one month of access.
30 Days to Learn It
Microsoft offers a 50% discount on exam price if you complete one of the listed MS Learn modules in 30 days.
Exam Outline: Microsoft Learn + Docs Reference Links
I've gathered some of the reference URLs to articles on the internet that will help you cover most of the exam objectives. The headings link to Microsoft Learn modules, and the individual items in each category point to relevant reading articles or MS learn courses.
Be sure to print and have the exam outline with you while you are preparing for the exam. If you don't have the Exam Outline handle, download it here.
Design, Implement and Manage Hybrid Networking (10–15%)
Design, implement and manage a site-to-site VPN connection
- design a site-to-site VPN connection for high availability
- select an appropriate virtual network (VNet) gateway SKU
- identify when to use policy-based VPN versus route-based VPN
- create and configure a local network gateway
- create and configure an IPsec/IKE policy
- create and configure a virtual network gateway
- diagnose and resolve virtual network gateway connectivity issues
Design, implement and manage a point-to-site VPN connection
- select an appropriate virtual network gateway SKU
- plan and configure RADIUS authentication
- plan and configure certificate-based authentication
- plan and configure OpenVPN authentication
- plan and configure Azure Active Directory (Azure AD) authentication
- implement a VPN client configuration file
- diagnose and resolve client-side and authentication issues
Design, implement and manage Azure ExpressRoute
- choose between provider and direct model (ExpressRoute Direct)
- design and implement Azure cross-region connectivity between multiple ExpressRoute locations
- select an appropriate ExpressRoute SKU and tier
- design and implement ExpressRoute Global Reach
- design and implement ExpressRoute FastPath
- choose between private peering only, Microsoft peering only, or both
- configure private peering
- configure Microsoft peering
- create and configure an ExpressRoute gateway
- connect a virtual network to an ExpressRoute circuit
- recommend a route advertisement configuration
- configure encryption over ExpressRoute
- implement Bidirectional Forwarding Detection
- diagnose and resolve ExpressRoute connection issues
Design and Implement Core Networking Infrastructure (20–25%)
Design and implement private IP addressing for VNets
- create a VNet
- plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, and VNet-integrated platform services
- plan and configure subnet delegation
- plan and configure subnetting for Azure Route Server
Design and implement name resolution
- design public DNS zones
- design private DNS zones
- design name resolution inside a VNet
- configure a public or private DNS zone
- link a private DNS zone to a VNetDesign and implement cross-VNet connectivity
- design service chaining, including gateway transit
- design VPN connectivity between VNets
- implement VNet peering
Design and implement an Azure Virtual WAN architecture
- design an Azure Virtual WAN architecture, including selecting types and services
- connect a VNet gateway to Azure Virtual WAN
- create a hub in Virtual WAN
- create a network virtual appliance (NVA) in a virtual hub
- configure virtual hub routing
- create a connection unit
Design and Implement Routing (25–30%)
Design, implement and manage VNet routing
- design and implement user-defined routes (UDRs)
- associate a route table with a subnet
- configure forced tunneling
- diagnose and resolve routing issues
- design and implement Azure Route Server
Design and implement an Azure Load Balancer
- choose an Azure Load Balancer SKU (Basic versus Standard)
- choose between public and internal
- create and configure an Azure Load Balancer (including cross-region)
- implement a load balancing rule
- create and configure inbound NAT rules
- create explicit outbound rules for a load balancer
Design and implement Azure Application Gateway
- recommend Azure Application Gateway deployment options
- choose between manual and autoscale
- create a back-end pool
- configure health probes
- configure listeners
- configure routing rules
- configure HTTP settings
- configure Transport Layer Security (TLS)
- configure rewrite sets
Implement Azure Front Door
- choose an Azure Front Door SKU
- configure health probes, including customization of HTTP response codes
- configure SSL termination and end-to-end SSL encryption
- configure multisite listeners
- configure back-end targets
- configure routing rules, including redirection rules
Implement an Azure Traffic Manager profile
Design and implement an Azure Virtual Network NAT
- choose when to use a Virtual Network NAT
- allocate public IP or public IP prefixes for a NAT gateway
- associate a Virtual Network NAT with a subnet
Secure and Monitor Networks (15–20%)
Design, implement and manage an Azure Firewall deployment
- design an Azure Firewall deployment
- create and implement an Azure Firewall deployment
- configure Azure Firewall rules
- create and implement Azure Firewall Manager policies
- create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub
- integrate an Azure Virtual WAN hub with a third-party NVA
Implement and manage network security groups (NSGs)
- create an NSG
- associate an NSG to a resource
- create an application security group (ASG)
- associate an ASG to a NIC
- create and configure NSG rules
- interpret NSG flow logs
- validate NSG flow rules
- verify IP flow
Implement a Web Application Firewall (WAF) deployment
- configure detection or prevention mode
- configure rule sets for Azure Front Door, including Microsoft managed and user-defined
- configure rule sets for Application Gateway, including Microsoft managed and user defined
- implement a WAF policy
- associate a WAF policy
- configure network health alerts and logging by using Azure Monitor
- create and configure a Connection Monitor instance
- configure and use Traffic Analytics
- configure NSG flow logs
- enable and configure diagnostic logging
- configure Azure Network Watcher
Design and Implement Private Access to Azure Services (10–15%)
Design and implement Azure Private Link service and Azure Private Endpoint
- create a Private Link service
- plan private endpoints
- create private endpoints
- configure access to private endpoints
- integrate Private Link with DNS
- integrate a Private Link service with on-premises clients
Design and implement service endpoints
- create service endpoints
- configure service endpoint policies
- configure service tags
- configure access to service endpoints
Configure VNet integration for the dedicated platform as a service (PaaS) services
- configure App Service for regional VNet integration
- configure Azure Kubernetes Service (AKS) for regional VNet integration
- configure clients to access App Service Environment
I hope this article helps you get through the learning part of the AZ-700 exam and cover all the necessary topics that you need to know before you go into the exam hall. Feel free to reach out to me on Twitter or LinkedIn for any questions.
If you are looking for exam review on any other exam, check out the list below as I update it with the latest content: