Certifications, Professional

AZ 700 Azure Network Engineer Study Guide

Introduction

The intent of this post is to provide my experience with obtaining the Azure Network Engineer Associate’s certification. This study guide will cover the methodology I used for studying and a high level overview on the types of questions I experience. This will not include exam questions.

I did take this exam via remote proctor. If you have never taken a remote proctor exam check out my blog post on Taking Remote Proctored Microsoft Exams. This should give you a good overview on what to expect.

Background

Professionally I have a limited networking experience. My background most recently has focused on Cloud Architecture, Infrastructure as Code (IaC), and DevOps practices. Prior to that I’ve had real world experience in Application and ETL Development. Thus this exam has always been something of a stretch for me.

For those interested in taking the exam Microsoft recommends that:

Candidates for this exam should have subject matter expertise in planning, implementing, and maintaining Azure networking solutions, including hybrid networking, connectivity, routing, security, and private access to Azure services.

Candidates for this exam should also have expert Azure administration skills, in addition to extensive experience and knowledge of networking, hybrid connections, and network security.

Microsoft Learn

So for my purposes this was just a challenge and motivation to learn more about Azure networking. It is my personal stance as more features are being added networking service around Private Link , Azure Front Door, and Private Endpoints this knowledge will become more valuable.

Preparation

Preparing for the AZ 700 Designing and Implementing Microsoft Azure Networking Solutions required myself to take a different approach. Traditionally I decide to take an exam after having to extensively deal with technologies in the scope of the exam. i.e. Taking the Azure Data Analyst exam after standing up a Power BI environment

Since I have never professionally done networking nor is creating/deploying an entire networking environment something that is regularly done this provided a challenge. To be fair I did have experience and deep confidence in the Azure Load Balancing section (Front Door, Azure Load Balancer, Traffic Manager, Application Gateway) and had experience with Network Security Groups (NSGs) from Azure Administration and Azure Architecture exams. In the end I settled on watching AND taking notes on John Savill’s Az-700 Study Playlist.

Topics

VPNs

  • Being able to troubleshoot Point to Site (P2S) and Site to Site (S2S) connections
  • Knowing when and why to use P2S, S2S, and Express Route
  • Understanding the cost implication of P2S, S2S, and Express Route

Network Traffic

  • NSGs
    • What they are
    • Priority of NSG routing rules
    • What they can be applied to an order of precedence
  • User Defined Routes
    • What they are
    • When you have to use them (Peering, Directing traffic to an appliance)

DNS

  • Private DNS
    • What it is
    • Priority compared to public DNS
    • Auto registration vs resolution
  • Private Endpoint URLs
    • What they are
    • How to resolve them across VNETs

Core Networking

  • Virtual Networks (VNETs)
    • Why you could want multiple
    • How to Peer
    • Configuring activities like RDP and Ping between VNETs
  • Subnets
    • What they are
    • What services require a dedicated subnet
    • Understanding Azure reserves some of the addresses
    • Configuring activities like RDP and Ping between Subnets

Traffic Routing

  • As a whole how to determine routing rules, priority?
    • Geo
    • Weighted
  • Application Gateway
    • What it is and why it would be used
    • Web Application Firewall (WAF) basics
    • Subnet requirements
    • Backend pools
    • Listener, Rule, Backend
    • Custom DNS
  • Traffic Manager
    • When to use it
  • Front Door
    • Az Verify domain
    • SSL Offloading
    • WAFs
    • Custom DNS
    • Content Delivery Network (CDN)
  • Azure Load Balancer
    • When to use it

Logging

  • NSG Flow Logs
    • How to turn on
    • How to retain
    • How to detect network latency/performance bottlenecks

Surprises

My biggest surprise on this exam was a lack of questions around network availability. This concept is something that there are numerous questions on when talking about Azure resources; however, I did not personally have any.

There were a number of scenario based questions. Most of these simply put was how to can we route network traffic from point A to point B via point C. Fill in the blanks as on prem, Azure, virtual appliance, or Another Azure service. This seems pretty straightforward until you think about peering, routing, and security requirements for the given scenarios.

Conclusion

The AZ 700 Azure Network Engineer exam was definitely a challenge and one that pushed me out of my comfort zone. I still do not consider myself a networking expert; however, feel I am in a better spot to have conversations around the networking topic.

I would not recommend taking this exam unless you have a deeper experience with networking. This was something I had some time and interest so invested the time in. All told I’d estimate I put in around 20-30 hours in studying material for the exam.