AZ-700 Microsoft Designing and Implementing Microsoft Azure Networking Solutions Free Practice Exam Questions (2026 Updated)
Prepare effectively for your Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the following subnets.
• AzureFirewallSubnet
• GatewaySubnet
• Subnet 1
• Subnet2
• Subnet3
Subnet2 has a delegation to the Microsoft.Web/serverfarms service. The subscription co ntains the resources shown in the following table.
You need to implement an Azure application gateway named AG1 that will be integrated with an Azure Web Application Firewall (WAF). AG1 will be used to publish VMSS1.
To which subnet should you connect AG 1?
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion request headers that contain 137.135.10.24.
Does this meet the goat?
You have an Azure subscription. The subscription contains two virtual machine scale sets that host two apps named App1 and App2, an Azure Private Link service named PLS1. and an Azure load balancer named LB1. PLS1 uses LB1 and has TCP Proxy V2 disabled PLS1 provides access to App1 only.
You need to perform the following actions:
• Provide access to App1 and App2.
• Increase the number of supported private endpoint connections.
What should you modify to provide access to App2, and what should you modify to increase the number of supported connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
C:\Users\Waqas Shahid\Desktop\Mudassir\Untitled.jpgYou have an Azure subscription that contains the Azure app service web apps show in the following table:
You need to deploy Azure Traffic Manager. The solution must meet the following requirements:
• Traffic to https// www.fabrikam.com must be directed to App1eu.
• If App1eu becomes unresponsive, all the traffic to https://www.fabrikam.com must be directed to App1us. You need to implement Traffic Manager to meet the requirements.
Which two resources should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have 10 Azure App Service instances. Each instance hosts the same web app. Each instance is in a different Azure region.
You need to configure Azure T raffic Manager to direct users to the instance that has the lowest latency.
Which routing method should you use?
You have the Azure subscriptions shown in the following table.
Each virtual network contains 20 internet-accessible resources that are assigned public IP addresses.
You need to implement Azure DDoS Network Protection to protect the resources. The solution must minimize costs.
What is the minimum number of DDoS Network Protection plans you should deploy?
You have an Azure subscription that contains the resource groups shown in the following table.
You have the virtual networks shown in the following table.
Vne1l contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.
You have the Azure load balancers shown in the following table.
You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have two Azure subscriptions named Sub1 and Sub2 that contain the resources shown in the following table.
VNet1 and VNet2 are NOT connected.
You plan to create an Azure Private Link service named Link1 that will be used to connect VNet1 and VNet2. You need to ensure that Link1 meets the following requirements:
• Ensures that VM1 can connect only to a web app hosted on VM2
• Prevents VM1 from connecting to the other resources that are connected to VNet2
Which additional resources should you create for each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network and an on-premises datacenter that connect by using a Site-to-Site VPN tunnel.
You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter.
How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
Policy1 has the following settings:
• Service: Microsoft.Storage
• Allowed Resources: storage1
Subnet1 has the following settings:
• Name: Subnet1
• Subnet address range: 10.0.0.0/24
• NAT gateway: None
• Network security group: None
• Route table: None
• Service Endpoints
o Services: 0 selected
• Subnet Delegation
o Delegate subnet to a service: None
For each of the following statements, select yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an on-premises network.
You have an Azure subscription that contains a virtual network. You have an ExpressRoute service provider.
You plan to connect the Azure virtual network and the on-premises network by using an ExpressRoute circuit. You create a new ExpressRoute circuit. You need to provision the new circuit. Which information should you provide to the service provider?
Task 6
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
Task 11
You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.
The on-premises network has the following configurations:
• Internal address range: 10.10.0.0/ 16.
• Firewall 1 internal IP address: 10.10.1.1.
• Firewall1 public IP address: 131.107.50.60.
BGP is NOT used.
You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
Task 4
You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1. 1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
