Scribd
Upload
57 views

AZ-700 Official Course Study Guide

Uploaded by

Fagner
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views

AZ-700 Official Course Study Guide

Uploaded by

Fagner
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

A comprehensive study guide that will

provide you with great preparation tools


for the AZ-700: Designing and
Implementing Microsoft Azure
Networking Solutions exam

AZ-700
Official
Course Study
Guide

Jordi Koenderink 11/17/2022


Introduction
Welcome to the AZ-700 Study Guide. This guide will go over each topic of the skills outline, provided
by Microsoft for the AZ-700: Designing and Implementing Microsoft Azure Networking Solutions.

For this exam, Microsoft suggests candidates should have subject matter expertise in planning,
implementing, and maintaining Azure networking solutions, including hybrid networking,
connectivity, routing, security, and private access to Azure services.

Candidates for this exam should also have expert Azure administration skills, in addition to extensive
experience and knowledge of networking, hybrid connections, and network security.

About the exam

• Taking the exam will cost you $165 US dollars.


• Microsoft certification exams are scored out of 1000 points. You need 700 points or higher to
pass the AZ-700 exam and gain your Azure Administrator Badge.
• The AZ-700 exam will need to be renewed every year. Microsoft will, from time to time,
retire certifications, however, and you may also find exam numbers evolve when Microsoft
changes the curriculum substantially for the certification.
• The exam will have around 59 questions for which you have 120min to answer.
• As of this moment of writing, there’re no labs.

Books/e-books

Azure Networking Cookbook: Practical recipes


for secure network infrastructure, global
application delivery, and accessible
connectivity in Azure
Prepare for Microsoft Exam AZ-700–and help
demonstrate your real-world mastery of
implementing and deploying Microsoft Azure
Infrastructure as a Service (IaaS). Designed for
experienced cloud professionals ready to
advance their status, Exam Ref focuses on the
critical thinking and decision-making acumen
needed for success at the Microsoft Certified
Associate level.

• Amazon.com: Azure Networking


Cookbook: Practical recipes for secure
network infrastructure, global application
delivery, and accessible connectivity in
Azure, 2nd Edition: Toroman, Mustafa:
9781800563759: Amazon.com: Books
• Amazon NL: Azure Networking Cookbook:
Practical recipes for secure network
infrastructure, global application delivery,
and accessible connectivity in Azure :
Toroman, Mustafa: Amazon.nl: Boeken
• Amazon UK: Azure Networking Cookbook:
Practical recipes for secure network
Page | 1
infrastructure, global application delivery,
and accessible connectivity in Azure, 2nd
Edition: Amazon.co.uk: Toroman, Mustafa:
9781800563759: Books
• Amazon FR: Amazon.fr - Azure Networking
Cookbook: Practical recipes for secure
network infrastructure, global application
delivery, and accessible connectivity in
Azure, 2nd Edition - Toroman, Mustafa -
Livres
• Amazon DE: Azure Networking Cookbook:
Practical recipes for secure network
infrastructure, global application delivery,
and accessible connectivity in Azure, 2nd
Edition : Toroman, Mustafa: Amazon.de:
Boeken

Video training

This course goes through all of the skills needed to take


and pass the AZ-700 exam: Designing and Implementing
Microsoft Azure Networking Solutions. This course
teaches all of the requirements for the exam, one by
one. Each of the things that Microsoft tests will be
covered in this course.

AZ-700 Designing and Implementing Azure Networking


Exam 2021 | Udemy
This path is structured to mimic the organization of the
exam so you can more easily follow along during your
study preparation.

Designing and Implementing Microsoft Azure


Networking Solutions (AZ-700) Path | Pluralsight

Page | 2
To become an Azure Network Solution engineer, it’s
important to pass the Exam AZ-700 Designing and
Implementing Microsoft Azure Networking Solutions.
Before that, it is recommended to try out our updated
AZ-700 practice test questions which cover:

• 3 full-length AZ-700 practice exams with a total


of 130 unique AZ-700 practice questions to get
a complete idea of the Designing and
Implementing Microsoft Azure Networking
Solutions(AZ-700) exam.
• Learn and master how to plan, implement, and
maintain an Azure Networking Solutions
environment.
• Become an Azure Network Solution Engineer
and confidently pass the AZ-700 certification
exam in one go!
AZ-700 Practice Test for Microsoft Azure Networking
Exams (whizlabs.com)
Linkedin’s Microsoft Azure Exam AZ-700 Online Course
helps Professionals to prepare themselves for the actual
certification exam.

Azure for Architects: Design a Networking Strategy


(linkedin.com)

Microsoft Learn

Those tutorials/paths have been combined by Microsoft and published for free. They contain a
collection of text, videos, and exercises for the exam:

AZ-700: Introduction to Azure virtual networks


You'll learn how to design and implement
fundamental Azure Networking resources such
as virtual networks, public and private IPs, DNS,
virtual network peering, routing, and Azure
Virtual NAT.

Introduction to Azure Virtual Networks -


Training | Microsoft Learn
AZ-700: Design and implement hybrid
networking
You will learn how to design and implement
hybrid networking solutions such as Site-to-Site
VPN connections, Point-to-Site VPN
connections, Azure Virtual WAN, and Virtual
WAN hubs.

Design and implement hybrid networking -


Learn | Microsoft Docs
Page | 3
AZ-700: Design and implement Azure
ExpressRoute
You will learn how to design and implement
Azure ExpressRoute, ExpressRoute Global
Reach, ExpressRoute FastPath, and when to use
each service according to your environment’s
requirements.

Design and implement Azure ExpressRoute -


Learn | Microsoft Docs
AZ-700: Load balance non-HTTP(S) traffic in
Azure
You will learn the different load balancer
options in Azure and how to choose and
implement the right Azure solution for non-
HTTP(S) traffic.

Load balance non-HTTP(S) traffic in Azure -


Learn | Microsoft Docs
AZ-700: Load balance HTTP(S) traffic in Azure
You will learn how to design load balancer
solutions for HTTP(S) traffic and how to
implement Azure Application Gateway and
Azure Front Door.

Load balance HTTP(S) traffic in Azure - Learn |


Microsoft Docs
AZ-700: Design and implement network
security
You will learn to design and implement network
security solutions such as Azure DDoS, Network
Security Groups, Azure Firewall, and Web
Application Firewall.

Design and implement network security - Learn


| Microsoft Docs
AZ-700: Design and implement private access
to Azure Services
You will learn to design and implement private
access to Azure Services with Azure Private Link,
and virtual network service endpoints.

Design and implement private access to Azure


Services - Learn | Microsoft Docs

Page | 4
AZ-700: Design and implement network
monitoring
You will learn to design and implement network
monitoring solutions such as Azure Monitor and
Network watcher.

Design and implement network monitoring -


Learn | Microsoft Docs

Page | 5
This guide is divided up into the following sections and is also part of the exam:

• Design, Implement, and Manage Hybrid Networking (10% to 15%)


• Design and Implement Core Networking Infrastructure (20% to 25%)
• Design and Implement Routing (25% to 30%)
• Secure and Monitor Networks (15% to 20%)
• Design and Implement Private Access to Azure Services (10% to 15%)

Feel free to join our Facebook Azure Study Group, or check out the Azure courses on Udemy. Errors
and suggestions can also be reported in the Azure Group on Facebook.

Thank you,

Get Cloud Skills team


Jordi Koenderink

Page | 6
Contents
Introduction............................................................................................................................................. 1
About the exam ............................................................................................................................... 1
Books/e-books ................................................................................................................................. 1
Video training .................................................................................................................................. 2
Microsoft Learn ............................................................................................................................... 3
Design, Implement, and Manage Hybrid Networking (10–15%) ............................................................ 8
Design, implement, and manage a site-to-site VPN connection..................................................... 8
Design, implement, and manage a point-to-site VPN connection .................................................. 8
Design, implement, and manage Azure ExpressRoute.................................................................... 9
Design and Implement Core Networking Infrastructure (20–25%) ...................................................... 10
Design and implement private IP addressing for VNets................................................................ 10
Design and implement name resolution ....................................................................................... 11
Design and implement cross-VNet connectivity ........................................................................... 11
Design and implement an Azure Virtual WAN architecture.......................................................... 11
Design and Implement Routing (25–30%)............................................................................................. 12
Design, implement, and manage VNet routing ............................................................................. 12
Design and implement an Azure Load Balancer ............................................................................ 13
Design and implement Azure Application Gateway ...................................................................... 13
Implement Azure Front Door ........................................................................................................ 14
Implement an Azure Traffic Manager profile ................................................................................ 14
Design and implement an Azure Virtual Network NAT ................................................................. 15
Secure and Monitor Networks (15–20%) .............................................................................................. 15
Design, implement, and manage an Azure Firewall deployment ................................................. 15
Implement and manage network security groups (NSGs) ............................................................ 15
Implement a Web Application Firewall (WAF) deployment ......................................................... 16
Monitor networks.......................................................................................................................... 17
Design and Implement Private Access to Azure Services (10–15%) ..................................................... 17
Design and implement Azure Private Link service and Azure Private Endpoint ........................... 17
Design and implement service endpoints ..................................................................................... 18
Configure VNet integration for dedicated platform as a service (PaaS) services ......................... 18

Page | 7
Design, Implement, and Manage Hybrid Networking (10–15%)
Design, implement, and manage a site-to-site VPN connection
Design a site-to-site VPN connection for high availability

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-
rm-ps#about

Select an appropriate virtual network (vnet) gateway SKU

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku

Identify when to use policy-based VPN versus route-based VPN

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-
rm-ps#about

Create and configure a local network gateway

https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-
portal#LocalNetworkGateway

Create and configure an ipsec/IKE policy

https://docs.microsoft.com/en-us/azure/vpn-gateway/ipsec-ike-policy-howto

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell

Create and configure a virtual network gateway

https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal

Diagnose and resolve VPN gateway connectivity issues

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-
cannot-connect

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-diagnose-on-premises-
connectivity

Design, implement, and manage a point-to-site VPN connection


Select an appropriate virtual network gateway SKU

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku

Plan and configure RADIUS authentication

https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-radius-ps

Plan and configure certificate-based authentication

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-
manager-portal

Plan and configure OpenVPN authentication

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn

Page | 8
Plan and configure authentication by using Microsoft Azure Active Directory (Azure AD), part of

Microsoft Entra

https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Implement a VPN client configuration file

https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-radius

https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-
cert

Diagnose and resolve client-side and authentication issues

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-
connection-problems

https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-ad-vpn-client

Design, implement, and manage Azure ExpressRoute


Choose between provider and direct model (ExpressRoute Direct)

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about#expressroute-
using-a-service-provider-and-expressroute-direct

Design and implement Azure cross-region connectivity between multiple ExpressRoute

Locations

https://docs.microsoft.com/en-us/azure/expressroute/cross-network-connectivity

Select an appropriate ExpressRoute SKU and tier

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-
gateways#gwsku

Design and implement ExpressRoute Global Reach

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-global-reach

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-set-global-reach

Design and implement ExpressRoute FastPath

https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath

https://docs.microsoft.com/en-us/azure/expressroute/howto-linkvnet-cli#configure-expressroute-
fastpath

Choose between private peering only, Microsoft peering only, or both

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-
peerings#routingdomains

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-
peerings#peeringcompare

Page | 9
Configure private peering

https://docs.microsoft.com/en-us/azure/vpn-gateway/site-to-site-vpn-private-
peering?toc=/azure/expressroute/toc.json

Configure Microsoft peering

https://docs.microsoft.com/en-us/azure/expressroute/site-to-site-vpn-over-microsoft-peering

Create and configure an ExpressRoute gateway

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-
gateways

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-add-gateway-portal-
resource-manager

Connect a virtual network to an ExpressRoute circuit

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-portal-
resource-manager

Recommend a route advertisement configuration

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing#advertising-default-
routes

Configure encryption over ExpressRoute

https://docs.microsoft.com/en-us/azure/virtual-wan/vpn-over-expressroute

Implement Bidirectional Forwarding Detection

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-bfd

Diagnose and resolve ExpressRoute connection issues

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-network-
performance

Design and Implement Core Networking Infrastructure (20–25%)


Design and implement private IP addressing for VNets
Create a VNet

https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-portal

Plan and configure subnetting for services, including VNet gateways, private endpoints,

Firewalls, application gateways, and VNet-integrated platform services

https://techcommunity.microsoft.com/t5/itops-talk-blog/configuring-azure-virtual-network-subnets-
with-cidr-notation/ba-p/2047809

https://docs.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure

Page | 10
Plan and configure subnet delegation

https://docs.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview

https://docs.microsoft.com/en-us/azure/virtual-network/manage-subnet-delegation

Plan and configure subnetting for Azure Route Server

Quickstart: Create and configure Route Server using the Azure portal | Microsoft Learn

Design and implement name resolution


Design public DNS zones

https://docs.microsoft.com/en-us/azure/architecture/hybrid/hybrid-dns-infra

Design private DNS zones

https://docs.microsoft.com/en-us/azure/dns/private-dns-privatednszone

Design name resolution inside a VNet

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-
and-role-instances

Configure a public or private DNS zone

https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal

https://docs.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal

Link a private DNS zone to a VNet

https://docs.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal#link-the-virtual-network

Design and implement cross-VNet connectivity


Design service chaining, including gateway transit

https://ravikirans.com/coursera/vnet-service-chaining

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#service-
chaining

Design VPN connectivity between VNets

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-
manager-portal

Implement VNet peering

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

Design and implement an Azure Virtual WAN architecture


Design an Azure Virtual WAN architecture, including selecting types and services

https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about

https://docs.microsoft.com/en-us/azure/virtual-wan/migrate-from-hub-spoke-topology#architecture

Page | 11
Connect a VNet gateway to Azure Virtual WAN

https://docs.microsoft.com/en-us/azure/virtual-wan/connect-virtual-network-gateway-vwan

Create a hub in Virtual WAN

https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal#hub

Create a network virtual appliance (NVA) in a virtual hub

https://docs.microsoft.com/en-us/azure/virtual-wan/about-nva-hub

https://docs.microsoft.com/en-us/azure/virtual-wan/how-to-nva-hub

Configure virtual hub routing

https://docs.microsoft.com/en-us/azure/virtual-wan/about-virtual-hub-routing

https://docs.microsoft.com/en-us/azure/virtual-wan/how-to-virtual-hub-routing

Create a connection unit

https://docs.microsoft.com/en-us/azure/virtual-wan/pricing-concepts#connection-unit

Design and Implement Routing (25–30%)


Design, implement, and manage VNet routing
Design and implement user-defined routes (UDRs)

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#user-
defined

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal

Associate a route table with a subnet

https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#associate-a-route-
table-to-a-subnet

Configure forced tunneling

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm

Diagnose and resolve routing issues

https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-routing-problem-
powershell

https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem

Design and implement Azure Route Server

What is Azure Route Server? | Microsoft Learn

Quickstart: Create and configure Route Server using the Azure portal | Microsoft Learn

Page | 12
Design and implement an Azure Load Balancer
Choose an Azure Load Balancer SKU (Basic versus Standard)

https://docs.microsoft.com/en-us/azure/load-balancer/skus

Choose between public and internal

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Create and configure an Azure Load Balancer (including cross-region)

https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-
portal?tabs=option-1-create-load-balancer-standard

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-cross-region-portal

Implement a load balancing rule

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-load-balancer#create-a-
load-balancer-rule

Create and configure inbound NAT rules

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-
portal#create-an-inbound-nat-port-forwarding-rule

Create explicit outbound rules for a load balancer

https://docs.microsoft.com/en-us/azure/load-balancer/outbound-rules

https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-
portal?tabs=option-1-create-load-balancer-standard#create-outbound-rule-configuration

Design and implement Azure Application Gateway


Recommend Azure Application Gateway deployment options

https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal

Choose between manual and autoscale

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-
redundant#scaling-application-gateway-and-waf-v2

Create a back-end pool

https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal#backends-tab

Configure health probes

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-
portal#create-probe-for-application-gateway-v2-sku

Configure listeners

https://docs.microsoft.com/en-us/azure/application-gateway/configuration-listeners

Configure routing rules

https://docs.microsoft.com/en-us/azure/application-gateway/configuration-request-routing-rules
Page | 13
Configure HTTP settings

https://docs.microsoft.com/en-us/azure/application-gateway/configuration-http-settings

Configure Transport Layer Security (TLS)

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-
powershell

Configure rewrite sets

https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-url-portal

Implement Azure Front Door


Choose an Azure Front Door SKU

https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/tier-comparison

Configure health probes, including customization of HTTP response codes

https://docs.microsoft.com/en-us/azure/////frontdoor/front-door-health-probes

Configure SSL termination and end-to-end SSL encryption

https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-
custom-domain

Configure multisite listeners

https://docs.microsoft.com/en-us/azure/application-gateway/multiple-site-overview

Configure back-end targets

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool

Configure routing rules, including redirection rules

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-how-to-redirect-https

Implement an Azure Traffic Manager profile


Configure a routing method (mode)

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-configure-priority-routing-
method

Configure endpoints

https://docs.microsoft.com/en-us/azure/traffic-manager/quickstart-create-traffic-manager-
profile#add-traffic-manager-endpoints

Create HTTP settings

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring#configure-
endpoint-monitoring

Page | 14
Design and implement an Azure Virtual Network NAT
Choose when to use a Virtual Network NAT

https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview

Allocate public IP or public IP prefixes for a NAT gateway

https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway-resource

Associate a Virtual Network NAT with a subnet

https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview

Secure and Monitor Networks (15–20%)


Design, implement, and manage an Azure Firewall deployment
Design an Azure Firewall deployment

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

Create and implement an Azure Firewall deployment

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal-policy

Configure Azure Firewall rules

https://docs.microsoft.com/en-us/azure/firewall/rule-processing

Create and implement Azure Firewall Manager policies

https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview

Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

https://docs.microsoft.com/en-us/azure/virtual-wan/howto-firewall

https://docs.microsoft.com/en-us/azure/firewall-manager/secure-cloud-network

Integrate an Azure Virtual WAN hub with a third-party NVA

https://docs.microsoft.com/en-us/azure/virtual-wan/about-nva-hub

https://docs.microsoft.com/en-us/azure/virtual-wan/scenario-route-through-nva

Implement and manage network security groups (NSGs)


Create an NSG

https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group#create-a-
network-security-group

Associate an NSG to a resource

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-
interface#associate-or-dissociate-a-network-security-group

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#associate-
network-security-group-to-subnet

Create an application security group (ASG)


Page | 15
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#create-
application-security-groups

Associate an ASG to a NIC

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-
interface#associate-or-dissociate-a-network-security-group

Create and configure NSG rules

https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group#create-a-
security-rule

Interpret NSG flow logs

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-read-nsg-flow-logs

Validate NSG flow rules

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-
overview

Verify IP flow

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

https://channel9.msdn.com/Blogs/Azure-Help/Troubleshoot-NSG-configuration-using-IP-Flow-Verify

Implement a Web Application Firewall (WAF) deployment


Configure detection or prevention mode

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#waf-modes

https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-create-
portal#change-mode

Configure rule sets for Azure Front Door, including Microsoft managed and user defined

https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-create-
portal#default-rule-set-drs

https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-
drs?tabs=drs20

https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules

Configure rule sets for Application Gateway, including Microsoft managed and user Defined

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-
rulegroups-rules?tabs=owasp31

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/web-application-
firewall/ag/create-custom-waf-rules.md

Page | 16
Implement a WAF policy

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/create-waf-policy-ag

Associate a WAF policy

https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/associate-waf-policy-existing-
gateway

Monitor networks
Configure network health alerts and logging by using Azure Monitor

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/network-insights-
overview#networkhealth

Create and configure a Connection Monitor instance

https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor-create-using-portal

Configure and use Traffic Analytics

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

Configure NSG flow logs

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-azure-
resource-manager

Enable and configure diagnostic logging

https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=CMD

Configure Azure Network Watcher

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create

Design and Implement Private Access to Azure Services (10–15%)


Design and implement Azure Private Link service and Azure Private Endpoint
Create a Private Link service

https://docs.microsoft.com/en-us/azure/private-link/create-private-link-service-portal

Plan private endpoints

https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview

Create private endpoints

https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal

Configure access to private endpoints

https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

Integrate Private Link with DNS

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-
practices/private-link-and-dns-integration-at-scale
Page | 17
Integrate a Private Link service with on-premises clients

https://docs.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-sql-portal

Design and implement service endpoints


Create service endpoints

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-restrict-network-access-to-
resources

Configure service endpoint policies

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-
portal

Configure service tags

https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview

Configure access to service endpoints

https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-service-endpoints

Configure VNet integration for dedicated platform as a service (PaaS) services


Configure App Service for regional VNet integration

https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

Configure Azure Kubernetes Service (AKS) for regional VNet integration

https://docs.microsoft.com/en-us/azure/aks/private-clusters

Configure clients to access App Service Environment

https://docs.microsoft.com/en-us/azure/app-service/environment/using-an-ase#app-access

Page | 18

You might also like