Browse Certification Practice Tests by Exam Family

Microsoft AZ-700 Network Engineer Practice Test

Try 12 Microsoft Azure Network Engineer Associate (AZ-700) sample questions and practice-test preview prompts on Azure networking, hybrid connectivity, routing, load balancing, private access, security, and network troubleshooting scope.

AZ-700 is Microsoft Certified: Azure Network Engineer Associate. It focuses on planning, implementing, managing, securing, and troubleshooting Azure networking solutions.

IT Mastery coverage for AZ-700 is under review. Use this page to try 12 original sample questions, review the exam snapshot, route fit, and closest live Azure practice paths.

Practice option: Sample questions available

AZ-700: Designing and Implementing Microsoft Azure Networking Solutions practice update

Start with the 12 sample questions on this page. Dedicated practice for AZ-700: Designing and Implementing Microsoft Azure Networking Solutions is not currently included as a full web-app practice page; enter your email to get updates when full practice becomes available or expands for this exam.

Need live practice now? See currently available IT Mastery exam pages.

Occasional practice updates. Unsubscribe anytime. We only publish independently written practice questions, not real, leaked, copied, or recalled exam questions.

Who AZ-700 is for

  • network engineers designing and operating Azure networking infrastructure
  • candidates working with hybrid connectivity, routing, load balancing, private access, DNS, and network security
  • learners moving beyond AZ-104 administration into network-specialist decisions

AZ-700 exam snapshot

  • Issuer: Microsoft
  • Platform: Microsoft Azure
  • Official certification name: Microsoft Certified: Azure Network Engineer Associate
  • Exam code: AZ-700
  • Passing score: 700 scaled
  • Assessment style: scenario-based Azure networking design, implementation, and troubleshooting decisions

Topic coverage for AZ-700

AreaWhat to review
Core networkingvirtual networks, subnets, addressing, routing, DNS, and name resolution
ConnectivityVPN, ExpressRoute, peering, hybrid connectivity, and connectivity troubleshooting
Application deliveryload balancing, gateways, front doors, traffic management, and routing choices
Private accessprivate endpoints, service endpoints, and secure access to Azure services
Network securityfirewalls, NSGs, network security controls, and monitoring signals

Practice options

  • Current status: Sample questions
  • IT Mastery coverage for this assessment: under review
  • Best use right now: try the 12 sample questions, confirm the Azure networking lane, then practise AZ-104 networking and operations scenarios while coverage expands
  • Update form: use the Notify me form near the top of this page if AZ-700 is your actual target exam
  • Quick review: open the AZ-700 cheat sheet if you need a compact Azure networking checklist before the sample questions.

Sample Exam Questions

Try these 12 original sample questions for Microsoft AZ-700. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: subnet design

A workload needs separate tiers for web, application, and database resources with distinct security rules. What should the network engineer design?

  • A. Multiple subnets with appropriate NSGs, routes, and address planning.
  • B. One flat subnet with no controls.
  • C. A storage lifecycle rule only.
  • D. A Microsoft Teams policy.

Best answer: A

Explanation: Subnet segmentation supports tiered security and routing. NSGs and routes should align with communication requirements.

What this tests: Designing Azure virtual network segmentation.

Question 2

Topic: hybrid connectivity

A company needs private connectivity from on-premises to Azure with predictable performance for critical apps. What should be evaluated?

  • A. Public internet only for every connection.
  • B. ExpressRoute or VPN options with redundancy and routing design.
  • C. Browser bookmarks.
  • D. Azure Blob immutability only.

Best answer: B

Explanation: Hybrid networking requires choosing the right connectivity service and designing routing, redundancy, and security.

What this tests: Selecting hybrid connectivity patterns.

Question 3

Topic: private endpoints

An app must access Azure Storage privately without exposing the storage account to public network access. Which feature is relevant?

  • A. Azure Virtual Desktop host pools.
  • B. Public anonymous containers.
  • C. Private Endpoint with private DNS configuration.
  • D. A DevOps work item tag.

Best answer: C

Explanation: Private Endpoints provide private connectivity to Azure PaaS services. DNS configuration is often required for correct name resolution.

What this tests: Securing PaaS access with private connectivity.

Question 4

Topic: load balancing

A public web app needs global entry point, TLS termination, and routing to regional backends. Which service category should be compared?

  • A. Local-only hosts file.
  • B. VM disk snapshots.
  • C. Azure Files backup.
  • D. Azure Front Door or an appropriate global application delivery service.

Best answer: D

Explanation: Global application delivery services handle front-end routing, TLS, acceleration, and regional backend routing.

What this tests: Choosing application delivery and load-balancing services.

Question 5

Topic: DNS resolution

A private endpoint is created, but the app still resolves the public service address. What should be checked?

  • A. Private DNS zone linkage and name-resolution path.
  • B. The number of VM disks.
  • C. Whether all logs are deleted.
  • D. The title of the resource group.

Best answer: A

Explanation: Private Endpoint scenarios often fail because DNS still resolves to public endpoints. Private DNS zones and links must be correct.

What this tests: Troubleshooting private DNS for Azure networking.

Question 6

Topic: network security

A subnet should allow only required inbound traffic from an application gateway. What should be configured?

  • A. Broad public access from any source.
  • B. NSG rules and routing that enforce the intended traffic path.
  • C. A larger VM size only.
  • D. No diagnostic logs.

Best answer: B

Explanation: Network security rules should enforce required flows and block unnecessary access. Routing and inspection points matter.

What this tests: Applying NSGs and routing controls.

Question 7

Topic: routing

Traffic from a spoke VNet must pass through a central firewall before reaching the internet. What is needed?

  • A. No user-defined routes.
  • B. Public IPs on every VM.
  • C. Route tables that direct default traffic to the firewall and correct peering settings.
  • D. A local text file of routes.

Best answer: C

Explanation: Forced tunneling through a firewall requires route tables and peering behavior that allow the traffic path.

What this tests: Designing routed traffic through a network virtual appliance.

Question 8

Topic: troubleshooting connectivity

A VM cannot connect to a database in another subnet. What should be checked first?

  • A. Only the VM name.
  • B. The user’s browser history.
  • C. Whether the team has enough meetings.
  • D. NSGs, routes, DNS, firewall rules, and service health along the path.

Best answer: D

Explanation: Connectivity troubleshooting should inspect the full path. Security rules, routes, DNS, and service status can all block traffic.

What this tests: Systematic network troubleshooting.

Question 9

Topic: network monitoring

Which monitoring data is most useful for Azure network operations?

  • A. Flow logs, connection metrics, gateway health, latency, dropped traffic, and diagnostics.
  • B. Local wallpaper settings.
  • C. Random subscription display names.
  • D. The count of browser tabs.

Best answer: A

Explanation: Network monitoring should expose connectivity, performance, and blocked traffic. These signals support troubleshooting and design validation.

What this tests: Selecting network observability signals.

Question 10

Topic: application gateway

A web workload needs path-based routing and web application firewall capability. Which service is a common fit?

  • A. Azure Cost Management only.
  • B. Azure Application Gateway with WAF where requirements match.
  • C. Azure DevTest Labs only.
  • D. Azure Table Storage as a firewall.

Best answer: B

Explanation: Application Gateway supports layer 7 routing and WAF features. It is a common regional application delivery option.

What this tests: Matching layer 7 routing and WAF requirements.

Question 11

Topic: peering

Two VNets must communicate privately in Azure without traversing the public internet. What should be considered?

  • A. Deleting all subnets.
  • B. Public anonymous endpoints only.
  • C. VNet peering or another private connectivity option with route and DNS planning.
  • D. A code repository setting.

Best answer: C

Explanation: VNet peering enables private communication between virtual networks. Routing and DNS still need to be understood.

What this tests: Connecting VNets privately.

Question 12

Topic: route fit

A candidate wants broad Azure administrator practice before specializing in networking. Which route should they use first?

  • A. MB-800 Business Central.
  • B. DP-750 Azure Databricks.
  • C. PL-300 Power BI analyst.
  • D. AZ-104 Azure Administrator.

Best answer: D

Explanation: AZ-104 includes foundational Azure networking and operations. It is a natural base before AZ-700 specialization.

What this tests: Choosing the right Azure networking study path.

AZ-700 network design map

Use this map to connect the sample questions to the decision pattern Microsoft usually tests for this route.

    flowchart LR
	  S1["Connectivity requirement"] --> S2
	  S2["Choose topology"] --> S3
	  S3["Design routing and DNS"] --> S4
	  S4["Apply security controls"] --> S5
	  S5["Add load balancing"] --> S6
	  S6["Monitor and troubleshoot"]

Quick Cheat Sheet

CueWhat to remember
TopologyCompare hub-spoke, virtual WAN, peering, and hybrid connectivity based on scale and control.
RoutingUnderstand system routes, user-defined routes, gateways, and route propagation.
SecurityUse NSGs, Azure Firewall, private endpoints, segmentation, and inspection where appropriate.
Load balancingPick Front Door, Application Gateway, Load Balancer, or Traffic Manager based on layer and scenario.
TroubleshootingUse flow logs, connection tests, effective routes, metrics, and packet-level evidence.

Mini Glossary

  • Application Gateway: Layer 7 load balancer and web application delivery service.
  • ExpressRoute: Private connectivity option between on-premises networks and Microsoft cloud.
  • NSG: Network security group used to filter traffic to subnets or network interfaces.
  • Private endpoint: Private network interface for accessing supported Azure services without public exposure.
  • UDR: User-defined route that changes traffic forwarding behavior.

Microsoft AZ-700 practice update

Use this page to review AZ-700 sample questions and use the Notify me form for updates. The related pages below help you compare adjacent IT Mastery Azure networking practice options before choosing what to study next.

Use these pages now

  • AZ-104 for live Azure administrator and networking practice
  • AZ-900 for Azure platform foundations
  • AZ-305 if your target is architecture design rather than network implementation
  • Network+ for broader networking fundamentals

Official sources

In this section

  • Microsoft AZ-700 Cheat Sheet: Azure Networking
    Review the Microsoft Azure Network Engineer (AZ-700) scope, virtual networks, routing, DNS, hybrid connectivity, private access, load balancing, security, and troubleshooting traps before practicing.
Revised on Monday, May 25, 2026
AZ-600
AZ-720