AZ-700 Microsoft Designing and Implementing Microsoft Azure Networking Solutions Free Practice Exam Questions (2026 Updated)
Prepare effectively for your Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.
Your company has four branch offices and an Azure Subscription. The subscription contains an Azure VPN gateway named GW1.
The branch offices are configured as shown in the following table.
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that the y can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure Resources. The solution must meet the following requirements:
• Minimize downtime for all users.
• Minimize administrative effort.
What should you do first?
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics.
Which two reso urces should you create? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct answer selection is worth one point.
You have an on-premises network named Site1.
You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to control access to storage1 from Site1 by using network security groups (NSGs).
What should you do first?
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
You plan to deploy the resources shown in the following table.
You need to deploy two load balancers to manage the traffic for VMSS1, VM1. and VM2. The solution must meet the following requirements:
• Either VM1 or VM2 must inspect all the traffic from the internet to App1.
• All user connections from the internet to App1 must be load balanced.
• Costs must be minimized.
Which load balancer SKU should you include in the solution? To answer, drag the appropriate SKUs to the correct resources. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct soluti on, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure F ront Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a custom rule for WAF1.
Does this me et the goal?
Your company has offices in London, Tokyo, and New York.
The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.
In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testi What should you configure in Traffic Manager?
You have an Azure subscription.
You plan 10 implement an Azure application gateway named AGW1.
You need to implement an external TLS certificate store for AGW1. The solution must meet the following requirements:
• Keys must be stored by using the highest possible security.
• Administrative effort must be minimized.
Which type of certificate store should you use, and which type of identity should you use to access the store? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
Your company has offices in and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.
The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.
You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.
Which ExpressRoute option should you use?
You have an Azure subscription that contains the resources shown in the following table.
You purchase a cer tificate for app1.contoso.com from a public certification authority (CA) and install the certificate on appservice1.
You need to ensure that App1 can be accessed by using a URL of https://app1.contoso.com. The solution must ensure that all the traffic for App1 is routed via FD1.
Which type of DNS record should you create, and where should you store the certificate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
You have 50 on-premises networks. Each network contains a server that runs Windows Server.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a database server named DB1.
You plan to deploy an app named App1 that will be hosted on the on-premises servers and will connect to DB1 by using Azure Network Adapter.
What should you use to support the Azure Network Adapter connections to VNet1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Task 2
You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
Your company has an Azure subscription that contains a virtual network named VNet1 and an Azure VPN gateway named vGW1. The company has 50 users that have Windows 11 devices.
You need to ensure that the users can access the resources on VNet1. The solution must meet the following requirements:
• Ensure that the users can establish Point-to-Site (P2S) VPN connections to vGW1.
• Ensure that the users can authenticate by using only their Microsoft Entra credentials
Which type of tunnel should you configure, and which VPN client should you configure on the users ' devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution mus t meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Ite rule for the 
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to i mplement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
