AZ-700T00: Designing and Implementing Microsoft Azure Networking Solutions

• Design and implement core networking infrastructure (20–25%)

• Design, implement, and manage connectivity services (20–25%)

• Design and implement application delivery services (20–25%)

• Design and implement private access to Azure services (5–10%)

• Secure network connectivity to Azure resources (15–20%)

• Plan and implement network segmentation and address spaces

• Create a virtual network (VNet)

• Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion

• Plan and configure subnet delegation

• Create a prefix for public IP addresses

• Choose when to use a public IP address prefix

• Plan and implement a custom public IP address prefix (bring your own IP)

• Create a new public IP address

• Associate public IP addresses to resources

• Design name resolution inside a VNet

• Configure DNS settings for a VNet

• Design public DNS zones

• Design private DNS zones

• Configure a public or private DNS zone

• Link a private DNS zone to a VNet

• Design service chaining, including gateway transit

• Design virtual private network (VPN) connectivity between VNets

• Implement VNet peering

• Design and implement user-defined routes (UDRs)

• Associate a route table with a subnet

• Configure forced tunneling

• Diagnose and resolve routing issues

• Design and implement Azure Route Server

• Identify appropriate use cases for a Virtual Network NAT gateway

• Implement a NAT gateway

• Configure monitoring, network diagnostics, and logs in Azure Network Watcher

• Monitor and repair network health by using Azure Network Watcher

• Activate and monitor distributed denial-of-service (DDoS) protection

• Activate and monitor Microsoft Defender for DNS

• Design a site-to-site VPN connection, including for high availability

• Select an appropriate VNet gateway SKU for site-to-site VPN requirements

• Implement a site-to-site VPN connection

• Identify when to use a policy-based VPN versus a route-based VPN connection

• Create and configure an IPsec/IKE policy

• Diagnose and resolve virtual network gateway connectivity issues

• Implement Azure Extended Network

• Select an appropriate virtual network gateway SKU for point-to-site VPN requirements

• Select and configure a tunnel type

• Select an appropriate authentication method

• Configure RADIUS authentication

• Configure certificate-based authentication

• Configure authentication by using Azure Active Directory (Azure AD), part of Microsoft Entra

• Implement a VPN client configuration file

• Diagnose and resolve client-side and authentication issues

• Specify Azure requirements for Always On authentication

• Specify Azure requirements for Azure Network Adapter

• Select an ExpressRoute connectivity model

• Select an appropriate ExpressRoute SKU and tier

• Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery

• Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct

• Choose between private peering only, Microsoft peering only, or both

• Configure private peering

• Configure Microsoft peering

• Create and configure an ExpressRoute gateway

• Connect a virtual network to an ExpressRoute circuit

• Recommend a route advertisement configuration

• Configure encryption over ExpressRoute

• Implement Bidirectional Forwarding Detection

• Diagnose and resolve ExpressRoute connection issues

• Select a Virtual WAN SKU

• Design a Virtual WAN architecture, including selecting types and services

• Create a hub in Virtual WAN

• Choose an appropriate scale unit for each gateway type

• Deploy a gateway into a Virtual WAN hub

• Configure virtual hub routing

• Create a network virtual appliance (NVA) in a virtual hub

• Integrate a Virtual WAN hub with a third-party NVA

• Map requirements to features and capabilities of Azure Load Balancer

• Identify appropriate use cases for Azure Load Balancer

• Choose an Azure Load Balancer SKU and tier

• Choose between public and internal

• Create and configure an Azure Load Balancer

• Implement a load balancing rule

• Create and configure inbound NAT rules

• Create and configure explicit outbound rules, including SNAT

• Map requirements to features and capabilities of Azure Application Gateway

• Identify appropriate use cases for Azure Application Gateway

• Create a back-end pool

• Configure health probes

• Configure listeners

• Configure routing rules

• Configure HTTP settings

• Configure Transport Layer Security (TLS)

• Configure rewrite sets

• Map requirements to features and capabilities of Azure Front Door

• Identify appropriate use cases for Azure Front Door

• Choose an appropriate tier

• Configure an Azure Front Door, including routing, origins, and endpoints

• Configure SSL termination and end-to-end SSL encryption

• Configure caching

• Configure traffic acceleration

• Implement rules, URL rewrite, and URL redirect

• Secure an origin by using Azure Private Link in Azure Front Door

• Identify appropriate use cases for Azure Traffic Manager

• Configure a routing method

• Configure endpoints

• Plan an Azure Private Link service

• Create a Private Link service

• Integrate a Private Link service with DNS

• Plan private endpoints

• Create private endpoints

• Configure access to Azure resources by using private endpoints

• Connect on-premises clients to a private endpoint

• Integrate a private endpoint with DNS

• Choose when to use a service endpoint

• Create service endpoints

• Configure service endpoint policies

• Configure access to service endpoints

• Create a network security group (NSG)

• Associate an NSG to a resource

• Create an application security group (ASG)

• Associate an ASG to a network interface card (NIC)

• Create and configure NSG rules

• Interpret NSG flow logs

• Validate NSG flow rules

• Verify IP flow

• Configure an NSG for remote server administration, including Azure Bastion

• Map requirements to features and capabilities of Azure Firewall

• Select an appropriate Azure Firewall SKU

• Design an Azure Firewall deployment

• Create and implement an Azure Firewall deployment

• Configure Azure Firewall rules

• Create and implement Azure Firewall Manager policies

• Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

• Map requirements to features and capabilities of WAF

• Design a WAF deployment

• Configure detection or prevention mode

• Configure rule sets for WAF on Azure Front Door

• Configure rule sets for WAF on Application Gateway

• Implement a WAF policy

• Associate a WAF policy

Successful Azure Network Engineers start this role with experience in enterprise networking, on-premises or cloud infrastructure and network security.

• Understanding of on-premises virtualization technologies, including: VMs, virtual networking, and virtual hard disks.

• Understanding of network configurations, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies.

• Understanding of software defined networking.

• Understanding hybrid network connectivity methods, such as VPN.

• Understanding resilience and disaster recovery, including high availability and restore operations.