The Azure Network Engineer exam is an associate-level exam in the Azure domain exams that is highly focused on the Networking aspect of Azure services. However, the exam outline covers many essential topics that you are expected to know in your day-to-day life regardless of everything.

In this article, you will find the resources and recommendations if you are preparing for the Azure Network Engineer exam soon. This post is super long, so use the Table of Content to find the appropriate section you are interested in and bookmark it for later use.

Check out the Study Guides for other exams that might be of interest to you.

Azure DevOps Exam Guide

Azure Developer Exam Guide

Azure Security Engineer Guide

Certification Overview

Azure Network Engineer (AZ-700) is an associate-level exam that validates the skills and expertise of subject matter experts working with networking, security, and infrastructure access controls in Azure Cloud.

The exam aims to validate that you understand how to manage and implement hybrid networking, core networking infrastructure, routing, monitoring, and secure service access to protect data and applications in the cloud and hybrid environments as part of end-to-end security enablement.

Exam Prerequisites

If you are planning to attempt the Azure Network Engineer exam, be sure to complete one of the following exams beforehand, as it will give you enough exposure to Azure services and offerings:

Azure Administrator Associate

Azure Developer Associate

Azure Security Engineer Guide

It’s good to know the following concepts before going into the exam:

Basic understanding of TCP/IP, DNS, Firewall, and Routing

Understanding VPN types and their usage

Understanding different types of networking such as hub-and-spoke to design cloud networking

Who is this AZ-700 Exam for?

On a high-level note, take the exam:

If you are looking to learn more about Networking, Infrastructure, and Security in Azure cloud services.

If you are working on Administration, Software development and looking for a chance to move into the Network Engineer role.

If you are looking to build your network skills and learn to use multiple networking services in the cloud effectively.

What to Expect in the Exam?

The Network Engineer Exam is 150 minutes, including about 30 minutes for the surveys and the assessments, which gives you roughly 120 minutes for the exam. I did find it a little challenging to finish the exam within the time frame. You can expect around 50-60 questions in the exam.

The structure of the exam can vary and range between:

Case study with multiple questions including two choices and drag-and-drop items.

Single-choice questions which may not be skipped or reviewed. You only get to answer these questions ONCE.

Single-choice questions (True/False or Yes/No)

Multiple-choice questions

Since it’s an associate-level exam, it is relatively challenging as it covers many different topics and best practices. Therefore, I recommend you have at least one year of hands-on experience with Azure Cloud Administration and Networking in general before you consider booking the exam.

Exam Preparation Recommendations

There’s definitely a lot to cover in this exam, and giving you any list of services or things to learn would be unfair as the expectations for this exam are high. However, below are some topics to consider and focus attention on while preparing for the exam.

VNet Peering with multiple virtual networks

Azure Traffic Manager offering and capabilities in various SKUs

Azure FrontDoor and WAF offering with basic knowledge of different SKU offerings

Azure VPN including P2S, S2S, and Express Route choices and offer differences

Azure DNS and usage with Azure Virtual Networks

Azure Load Balancer and different SKU offerings

Azure Private and Service endpoints offering and usage

Exam Day Tips

Below are some of my recommendations on the exam and some tips that might be helpful.

Cover basic knowledge using AZ-104 and AZ-900 exams to familiarize with the Azure offerings’ services and Azure offerings.

Book the exam at least 60-90 days ahead of the time. Try to use the vouchers from a learning partner, or keep an eye for open Cloud Skill Challenges that are often offered via Microsoft.

If it’s your first time doing a Virtual Exam, be sure to read PearsonVUE’s exam information to ensure your desk and workspace are clean before going into the exam.

The time for when to schedule the exam is debatable. If you are a morning person, consider doing it early when your mind is not distracted from the day stuff. On the other hand, I’ve had challenges with wait time and schedule in the evenings or afternoon PST time zones.

You have access to a whiteboard where you can brainstorm ideas about the exams. It has been the least used feature of the exam for me personally.

Adjust the brightness of your screen or turn on Dark Mode before the exam starts. Constantly looking at a white screen with high brightness may affect your focus. Consider changing to dark mode from around the bottom left when you begin.

Use the Exam Outline to note down your target dates for each module and section so that you keep yourself on track. For example, I usually pick a final date and work backward to calculate how much time I spend on each module and section.


Microsoft Learn Modules

Microsoft Learn offers a wide range of training and preparation material for most of the Azure exams. Below is a list of relevant modules to prepare for this exam:

Path: AZ-700 Designing and Implementing Microsoft Azure Networking Solutions

Design, Implement and Manage Hybrid Networking

Design and Implement Core Networking Infrastructure

Design and Implement Routing

Secure and Monitor Networks

Design and Implement Private Access to Azure Service

Cloud Academy AZ-700 Learning Path

The AZ-700 learning path is still under development at Cloud Academy. However, here are some links to the Network learning path and hands-on lab that will help you with some of the preparation:

Pluralsight AZ-700 Training

Watching the work of Tim Warner, he has created the AZ-700 prep course at Pluralsight. The course should get you started by checking a lot of boxes on the exam outline:


WhizLabs Exam Prep

If you are looking for exam prep questions for Azure Network Engineer exam, use the following to get free exam practice questions:

Visual Studio Dev Essentials

Signup for Visual Studio Dev Essentials. You get Free Azure Credit to use the cloud resources and access training platforms like LinkedIn Learning and Pluralsight with one month of access.


30 Days to Learn It

Microsoft offers a 50% discount on exam price if you complete one of the listed MS Learn modules in 30 days.


I’ve gathered some of the reference URLs to articles on the internet that will help you cover most of the exam objectives. The headings link to Microsoft Learn modules, and the individual items in each category point to relevant reading articles or MS learn courses.

Be sure to print and have the exam outline with you while you are preparing for the exam. If you don’t have the Exam Outline handle, download it here.

Design, Implement and Manage Hybrid Networking (10–15%)

Design, implement and manage a site-to-site VPN connection

design a site-to-site VPN connection for high availability

select an appropriate virtual network (VNet) gateway SKU

identify when to use policy-based VPN versus route-based VPN

create and configure a local network gateway

create and configure an IPsec/IKE policy

create and configure a virtual network gateway

diagnose and resolve virtual network gateway connectivity issues

Design, implement and manage a point-to-site VPN connection

select an appropriate virtual network gateway SKU

plan and configure RADIUS authentication

plan and configure certificate-based authentication

plan and configure OpenVPN authentication

plan and configure Azure Active Directory (Azure AD) authentication

implement a VPN client configuration file

diagnose and resolve client-side and authentication issues

Design, implement and manage Azure ExpressRoute

choose between provider and direct model (ExpressRoute Direct)

design and implement Azure cross-region connectivity between multiple ExpressRoute locations

select an appropriate ExpressRoute SKU and tier

design and implement ExpressRoute Global Reach

design and implement ExpressRoute FastPath

choose between private peering only, Microsoft peering only, or both

configure private peering

configure Microsoft peering

create and configure an ExpressRoute gateway

connect a virtual network to an ExpressRoute circuit

recommend a route advertisement configuration

configure encryption over ExpressRoute

implement Bidirectional Forwarding Detection

diagnose and resolve ExpressRoute connection issues

Design and Implement Core Networking Infrastructure (20–25%)

Design and implement private IP addressing for VNets

create a VNet

plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, and VNet-integrated platform services

plan and configure subnet delegation

plan and configure subnetting for Azure Route Server

Design and implement name resolution

design public DNS zones

design private DNS zones

design name resolution inside a VNet

configure a public or private DNS zone

link a private DNS zone to a VNetDesign and implement cross-VNet connectivity

design service chaining, including gateway transit

design VPN connectivity between VNets

implement VNet peering

Design and implement an Azure Virtual WAN architecture

design an Azure Virtual WAN architecture, including selecting types and services

connect a VNet gateway to Azure Virtual WAN

create a hub in Virtual WAN

create a network virtual appliance (NVA) in a virtual hub

configure virtual hub routing

create a connection unit

Design and Implement Routing (25–30%)

Design, implement and manage VNet routing

design and implement user-defined routes (UDRs)

associate a route table with a subnet

configure forced tunneling

diagnose and resolve routing issues

design and implement Azure Route Server

Design and implement an Azure Load Balancer

choose an Azure Load Balancer SKU (Basic versus Standard)

choose between public and internal

create and configure an Azure Load Balancer (including cross-region)

implement a load balancing rule

create and configure inbound NAT rules

create explicit outbound rules for a load balancer

Design and implement Azure Application Gateway

recommend Azure Application Gateway deployment options

choose between manual and autoscale

create a back-end pool

configure health probes

configure listeners

configure routing rules

configure HTTP settings

configure Transport Layer Security (TLS)

configure rewrite sets

Implement Azure Front Door

choose an Azure Front Door SKU

configure health probes, including customization of HTTP response codes

configure SSL termination and end-to-end SSL encryption

configure multisite listeners

configure back-end targets

configure routing rules, including redirection rules

Implement an Azure Traffic Manager profile

configure a routing method (mode)

configure endpoints

create HTTP settings

Design and implement an Azure Virtual Network NAT

choose when to use a Virtual Network NAT

allocate public IP or public IP prefixes for a NAT gateway

associate a Virtual Network NAT with a subnet

Secure and Monitor Networks (15–20%)

Design, implement and manage an Azure Firewall deployment

design an Azure Firewall deployment

create and implement an Azure Firewall deployment

configure Azure Firewall rules

create and implement Azure Firewall Manager policies

create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

integrate an Azure Virtual WAN hub with a third-party NVA

Implement and manage network security groups (NSGs)

create an NSG

associate an NSG to a resource

create an application security group (ASG)

associate an ASG to a NIC

create and configure NSG rules

interpret NSG flow logs

validate NSG flow rules

verify IP flow

Implement a Web Application Firewall (WAF) deployment

configure detection or prevention mode

configure rule sets for Azure Front Door, including Microsoft managed and user-defined

configure rule sets for Application Gateway, including Microsoft managed and user defined

implement a WAF policy

associate a WAF policy

Monitor networks

configure network health alerts and logging by using Azure Monitor

create and configure a Connection Monitor instance

configure and use Traffic Analytics

configure NSG flow logs

enable and configure diagnostic logging

configure Azure Network Watcher

Design and Implement Private Access to Azure Services (10–15%)

Design and implement Azure Private Link service and Azure Private Endpoint

create a Private Link service

plan private endpoints

create private endpoints

configure access to private endpoints

integrate Private Link with DNS

integrate a Private Link service with on-premises clients

Design and implement service endpoints

create service endpoints

configure service endpoint policies

configure service tags

configure access to service endpoints

Configure VNet integration for the dedicated platform as a service (PaaS) services

configure App Service for regional VNet integration

configure Azure Kubernetes Service (AKS) for regional VNet integration

configure clients to access App Service Environment


I hope this article helps you get through the learning part of the AZ-700 exam and cover all the necessary topics that you need to know before you go into the exam hall.

WordPress Appliance - Powered by TurnKey Linux