AZ-700 Exam Prep Free – 50 Practice Questions to Get You Ready for Exam Day
Getting ready for the AZ-700 certification? Our AZ-700 Exam Prep Free resource includes 50 exam-style questions designed to help you practice effectively and feel confident on test day
Effective AZ-700 exam prep free is the key to success. With our free practice questions, you can:
- Get familiar with exam format and question style
- Identify which topics you’ve mastered—and which need more review
- Boost your confidence and reduce exam anxiety
Below, you will find 50 realistic AZ-700 Exam Prep Free questions that cover key exam topics. These questions are designed to reflect the structure and challenge level of the actual exam, making them perfect for your study routine.
DRAG DROP - You register a DNS domain with a third-party registrar. You need to host the DNS zone on Azure. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
SIMULATION -Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You need to ensure that connections to the storage12345678 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage12345678.privatelink.blob.core.windows.net. To complete this task, sign in to the Azure portal.
HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone. Vnet1 connects to an on-premises datacenter by using ExpressRoute. You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Modify the DNS server settings of Vnet1.
B. For FW1, configure custom DNS server.
C. For FW1, enable DNS proxy.
D. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
E. On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.
You have an on-premises datacenter and an Azure subscription. You plan to implement ExpressRoute FastPath. You need to create an ExpressRoute gateway. The solution must minimize downtime if a single Azure datacenter fails. Which SKU should you use?
A. ErGw1AZ
B. High performance
C. Ultra performance
D. ErGw3AZ
E. ErGw2AZ
DRAG DROP - You have an Azure Front Door instance named FrontDoor1. You deploy two instances of an Azure web app to different Azure regions. You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com. You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
HOTSPOT - You have an Azure subscription that contains an app named App1. App1 is deployed to the Azure App Service apps shown in the following table.You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances. What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe region. You deploy an Azure App Service app named App1 to the West Europe region. You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs. What should you do first?
A. Create a private link.
B. Create a new subnet.
C. Create a NAT gateway.
D. Create a gateway subnet and deploy a virtual network gateway.
You have an Azure subscription that contains a virtual network named VNet1 and the virtual machines shown in the following table.All the virtual machines are connected to Vnet1. You need to ensure that the applications hosted on the virtual machines can be accessed from the internet. The solution must ensure that the virtual machines share a single public IP address. What should you use?
A. an internal load balancer
B. Azure Application Gateway
C. a NAT gateway
D. a public load balancer
HOTSPOT - You have the hybrid network shown in the Network Diagram exhibit.You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering-Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - Your on-premises network contains a VPN device. You have an Azure subscription that contains a virtual network and a virtual network gateway. You need to create a Site-to-Site VPN connection that has a custom cryptographic policy. How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.Users on HP1 connect to App1 by using a URL of https://app1.contoso.com. You need to ensure that the IDPS on FW1 can identify security threats in the connections from HP1 to Server1. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Enable TLS inspection for FW1.
B. Import a server certificate to KV1.
C. Enable threat intelligence for FW1.
D. Add an application group to HP1.
E. Add a secured virtual network to FW1.
HOTSPOT - Your company has 40 branch offices across North America and Europe. You have an Azure subscription that contains the following virtual networks: • Two networks in the East US Azure region • Three networks in the West Europe Azure region You need to implement Azure Virtual WAN. The solution must meet the following requirements: • Each branch office in North America must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the East US region. • Each branch office in Europe must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the West Europe region. • Transitive connections must be supported between all the branch offices and all the virtual networks. • Costs must be minimized. What is the minimum number of Virtual WAN resources required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines. You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements: • The virtual machines and the load balancer must be accessible only from the virtual network. • Costs must be minimized. What should you include in the recommendation?
A. Basic Azure Load Balancer
B. Azure Application Gateway v1
C. Azure Standard Load Balancer
D. Azure Application Gateway v2
You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
B. On FW1, create an outbound service tag rule for Azure Cloud.
C. Deploy a NAT gateway.
D. On FW1, configure a DNAT rule for port 1688.
HOTSPOT - You have the Azure environment shown in the exhibit.You have virtual network peering between Vnet1 and Vnet2. You have virtual network peering between Vnet4 and Vnet5. The virtual network peering is configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Hot Area:
You have an Azure virtual network named Vnet1 and an on-premises network. The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based. You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?
A. Set Connection Mode to ResponderOnly.
B. Set BGP to Enabled.
C. Set Use Azure Private IP Address to Enabled.
D. Set IPsec / IKE policy to Custom.
You have 10 Azure App Service instances. Each instance hosts the same web app. Each instance is in a different Azure region. You need to configure Azure Traffic Manager to direct users to the instance that has the lowest latency. Which routing method should you use?
A. geographic
B. weighted
C. priority
D. performance
SIMULATION -Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You plan to deploy a VPN gateway and an ExpressRoute gateway to VNET2. You need to prepare VNET2 to ensure that you can deploy the gateways. To complete this task, sign in to the Azure portal.
HOTSPOT - You have on-premises datacenters in New York and Seattle. You have an Azure subscription that contains the ExpressRoute circuits shown in the following table.You need to ensure that all the data sent between the datacenters is routed via the ExpressRoute circuits. The solution must minimize costs. How should you configure the network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources: ✑ A virtual network named Vnet1 ✑ An App Service plan named ASP1 ✑ An Azure App Service named webapp1 An Azure private DNS zone named private.contoso.com✑ Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https://www.private.contoso.com. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Create a CNAME record that maps www.private.contoso.com to webapp1.contoso.onmicrosoft.com.
B. Create a CNAME record that maps www.private.contoso.com to webapp1.private.contoso.com.
C. Create a service endpoint for webapp1.
D. Register an enterprise application in Azure AD for webapp1.
E. Create a private endpoint for webapp1.
F. Create a CNAME record that maps www.private.contoso.com to webapp1.privatelink.azurewebsites.net.
DRAG DROP - You have an Azure subscription. You plan to deploy Azure Front Door with Azure Web Application Firewall (WAF). You plan to implement custom rules and managed rules that meet the following requirements: • Block malicious bots. • Throttle client IP addresses that exceed 100 connections per minute. You need to identify which Front Door SKU to configure, and which type of rule to configure for each requirement. The solution must minimize administrative effort and costs. What should you identify? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
HOTSPOT - You plan to deploy Azure Virtual WAN. You need to deploy a virtual WAN hub that meets the following requirements: ✑ Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection ✑ Supports 8 Gbps of ExpressRoute traffic ✑ Minimizes costs What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
SIMULATION -
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1. You need to configure a rate limit for incoming requests to AFD1. Solution: You modify the policy settings of WAF1. Does this meet the goal?
A. Yes
B. No
HOTSPOT - You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure virtual machine named VM1. You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?
A. blob storage only
B. blob storage, a file path on VM1, and a premium storage account
C. a file path on VM1 only
D. blob storage and a file path on VM1 only
E. blob storage and a premium storage account only
F. a premium storage account only
HOTSPOT - You have an Azure virtual network and an on-premises datacenter that connect by using a Site-to-Site VPN tunnel. You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter. How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure. You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine. What should you use?
A. Azure Monitor
B. IP flow verify
C. Connection Monitor
D. Azure Internet Analyzer
DRAG DROP - You have an on-premises network. You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway. You need to connect VNet1 to the on-premises network by using an ExpressRoute circuit. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?
A. internal load balancers
B. storage account
C. Azure Virtual Networks NAT
D. service endpoint policies
HOTSPOT - You have the Azure App Service app shown in the App Service exhibit.The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.
The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an on-premises network. You have an Azure subscription that includes a virtual network named VNet1 and a private Azure Kubernetes Service (AKS) cluster named AKS1. VNet1 is connected to your on-premises environment via an Azure ExpressRoute circuit. AKS1 is connected to VNet1. You need to implement an off-cluster ingress controller for AKS1. The solution must provide connectivity from the on-premises environment to containerized workloads hosted on AKS1. Which Azure service should you use?
A. Azure Application Gateway
B. Azure Front Door
C. Azure Traffic Manager
D. Azure Load Balancer
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1. You need to configure a rate limit for incoming requests to AFD1. Solution: You add a rule to the rule set of AFD1. Does this meet the goal?
A. Yes
B. No
You have an Azure virtual network named Vnet1. You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources. Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. a deny rule that has a source of VirtualNetwork and a destination of Sql
B. an allow rule that has the IP address range of Vnet1 as the source and destination of Sql.EastUS
C. a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
D. a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
DRAG DROP - Your company, named Contoso, Ltd., has an Azure subscription that contains the resources shown in the following table.You plan to deploy Azure Front Door. The solution must meet the following requirements: • Requests to a URL of https://contoso.azurefd.net/uk must be routed to App1uk. • Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us. • Requests to a URL of https://contoso.azurefd.net/images must be routed to the storage account closest to the user. What is the minimum number of backend pools and routing rules you should create? To answer, drag the appropriate number to the correct components. Each number may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
SIMULATION -
You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?
A. Azure DDoS Protection for virtual networks
B. private endpoints
C. Azure Virtual Network NAT
D. service endpoint policies
SIMULATION -
HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table.Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule: ✑ Priority: 100 ✑ Port: Any ✑ Protocol: Any ✑ Source: Any ✑ Destination: Storage ✑ Action: Deny You create a private endpoint that has the following settings: ✑ Name: Private1 ✑ Resource type: Microsoft.Storage/storageAccounts ✑ Resource: storage1 ✑ Target sub-resource: blob ✑ Virtual network: Vnet1 ✑ Subnet: Subnet1 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network. You need to troubleshoot what prevents you from establishing the IPsec tunnel. Which diagnostic log should you review?
A. IKEDiagnosticLog
B. RouteDiagnosticLog
C. GatewayDiagnosticLog
D. TunnelDiagnosticLog
You have the Azure load balancer shown in the Load Balancer exhibit.LB2 has the backend pools shown in the Backend Pools exhibit.
You need to ensure that LB2 distributes traffic to all the members of VMSS1. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Add a network interface to VMSS1.
B. Add a load balancing rule.
C. Configure a health probe.
D. Add a public IP address to each member of VMSS1.
You plan to publish a website that will use an FQDN of www.contoso.com. The website will be hosted by using the Azure App Service apps shown in the following table.You plan to use Azure Traffic Manager to manage the routing of traffic for www.contoso.com between AS1 and AS2. You create a Traffic Manager profile named TMprofile1. TMprofile1 uses the weighted traffic-routing method. You need to ensure that Traffic Manager routes traffic for www.contoso.com. Which DNS record should you create?
A. two A records that map www.contoso.com to 131.107.100.1 and 131.107.200.1
B. a CNAME record that maps www.contoso.com to TMprofile1.azurefd.net
C. a CNAME record that maps www.contoso.com to TMprofile1.trafficmanager.net
D. a TXT record that contains a string of as1.contoso.com and as2.contoso.com in the details
You have an Azure subscription that contains the resources shown in the following table.Subnet1 contains three virtual machines that host an app named App1. App1 is accessed by using the SFTP protocol. From NSG1, you configure an inbound security rule named Rule2 that allows inbound SFTP connections to ASG1. You need to ensure that the inbound SFTP connections are managed by using ASG1. The solution must minimize administrative effort. What should you do?
A. From NSG1, modify the priority of Rule2.
B. From each virtual machine, associate the network interface to ASG1.
C. From Subnet1, create a subnet delegation.
D. From ASG1, modify the role assignments.
DRAG DROP - Your on-premises network contains an Active Directory Domain Services (AD DS) domain named contoso.com that has an internal certification authority (CA). You have an Azure subscription. You deploy an Azure application gateway named AppGwy1 and perform the following actions: • Configure an HTTP listener • Associate a routing rule with the listener You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT - You have two Azure virtual networks named VNet1 and VNet2 in an Azure region that has three availability zones. You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in VNet1 host an app named App1. The virtual machines in VNet2 host an app named App2. You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2. You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements: ✑ A failure of two zones must NOT affect the availability of either App1 or App2. ✑ A failure of two zones must NOT affect the outbound connectivity of either App1 or App2. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
DRAG DROP - You have an Azure subscription that contains the resources shown in the following table.You discover that users connect directly to App1. You need to meet the following requirements: • Administrators must only access App1 by using a private endpoint. • All user connections to App1 must be routed through FD1. • The downtime of connections to App1 must be minimized. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT - You have the Azure environment shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:
You have two Azure virtual networks in the East US Azure region as shown in the following table.The virtual networks are peered to one another. Each virtual network contains four subnets. You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks. What is the minimum number of IP addresses that you must assign to VM1?
A. 1
B. 2
C. 4
D. 8
You are planning an Azure deployment that will contain three virtual networks in the East US Azure region as shown in the following table.A Site-to-Site VPN will connect Vnet1 to your company’s on-premises network. You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network. The solution must minimize costs. What should you recommend for Vnet2 and Vnet3?
A. VNet-to-VNet VPN connections
B. peering
C. service endpoints
D. route tables
Access Full AZ-700 Exam Prep Free
Want to go beyond these 50 questions? Click here to unlock a full set of AZ-700 exam prep free questions covering every domain tested on the exam.
We continuously update our content to ensure you have the most current and effective prep materials.
Good luck with your AZ-700 certification journey!