AZ-700 Practice Exam Free – 50 Questions to Simulate the Real Exam
Are you getting ready for the AZ-700 certification? Take your preparation to the next level with our AZ-700 Practice Exam Free – a carefully designed set of 50 realistic exam-style questions to help you evaluate your knowledge and boost your confidence.
Using a AZ-700 practice exam free is one of the best ways to:
- Experience the format and difficulty of the real exam
- Identify your strengths and focus on weak areas
- Improve your test-taking speed and accuracy
Below, you will find 50 realistic AZ-700 practice exam free questions covering key exam topics. Each question reflects the structure and challenge of the actual exam.
HOTSPOT - You have an Azure subscription. You plan to use Azure Virtual WAN. You need to deploy a virtual WAN hub that meets the following requirements: • Supports 4 Gbps of Site-to-Site (S2S) VPN traffic • Supports 8 Gbps of ExpressRoute traffic • Minimizes costs How many scale units should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure load balancer that has the following configurations: • Name: LB1 • Location: East US 2 • SKU: Standard • Private IP address: 10.3.0.7 • Load balancing rule: rule1 (Tcp/80) • Health probe: probe1 (Http:80) • NAT rules: 0 inbound The backend pool of LB1 has the following configurations: • Name: backend1 • Virtual network: Vnet2 • Backend pool configuration: NIC • IP version: IPv4 • Virtual machines: VM1, VM2, VM3 You have an Azure virtual machine named VM4 that has the following network configurations: • Network interface: vm4981 • Virtual network/subnet: Vnet3/Subnet3 • NIC private IP address: 10.4.0.4 • Accelerated networking: Enabled For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table.VNet1 and VNet2 are NOT connected to each other. You need to block traffic from SQL Server 2019 to IIS by using application security groups. The solution must minimize administrative effort. How should you configure the application security groups? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Your company has offices in London, Tokyo, and New York. The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testing. What should you configure in Traffic Manager?
A. two profiles and five endpoints
B. two profiles and four endpoints
C. three profiles and four endpoints
D. one profile and five endpoints
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.You plan to create a load balancer named LB1 that will have the following settings: ✑ Name: LB1 ✑ Location: West US ✑ Type: Public ✑ SKU: Standard Which public IPv4 addresses can be used by LB1?
A. IP1, IP3, IP4, and IP5 only
B. IP3 only
C. IP1 and IP3 only
D. IP2 only
E. IP1, IP2, IP3, IP4, and IP5
F. IP3 and IP5 only
SIMULATION -Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You need to ensure that subnet 4-3 can accommodate 507 hosts. To complete this task, sign in to the Azure portal.
HOTSPOT - You have an Azure subscription that contains multiple virtual machine scale sets and multiple Azure load balancers. The load balancers balance traffic across the scale sets. You plan to deploy Azure Front Door to load balance traffic across the load balancers. You need to identify which Front Door SKU to configure, and what to use to route the traffic to the load balancers. The solution must minimize costs. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table.Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule: ✑ Priority: 100 ✑ Port: Any ✑ Protocol: Any ✑ Source: Any ✑ Destination: Storage ✑ Action: Deny You create a private endpoint that has the following settings: ✑ Name: Private1 ✑ Resource type: Microsoft.Storage/storageAccounts ✑ Resource: storage1 ✑ Target sub-resource: blob ✑ Virtual network: Vnet1 ✑ Subnet: Subnet1 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have two Azure virtual networks in the East US Azure region as shown in the following table.The virtual networks are peered to one another. Each virtual network contains four subnets. You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks. What is the minimum number of IP addresses that you must assign to VM1?
A. 1
B. 2
C. 4
D. 8
DRAG DROP - You have an on-premises network. You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway. You need to connect VNet1 to the on-premises network by using an ExpressRoute circuit. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
DRAG DROP - You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
SIMULATION -
You have an Azure subscription that contains the following resources: ✑ A virtual network named Vnet1 ✑ Two subnets named subnet1 and AzureFirewallSubnet ✑ A public Azure Firewall named FW1 ✑ A route table named RT1 that is associated to Subnet1 ✑ A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound service tag rule for AzureCloud.
B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
C. Deploy a NAT gateway.
D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the following subnets: • AzureFirewallSubnet • GatewaySubnet • Subnet1 • Subnet2 • Subnet3 Subnet2 has a delegation to the Microsoft.Web/serverfarms service. The subscription contains the resources shown in the following table.You need to implement an Azure application gateway named AG1 that will be integrated with an Azure Web Application Firewall (WAF). AG1 will be used to publish VMSS1. To which subnet should you connect AG1?
A. GatewaySubnet
B. AzureFirewallSubnet
C. Subnet2
D. Subnet1
E. Subnet3
DRAG DROP - You have an Azure subscription that contains the resources shown in the following table.The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1. Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF). FD1 uses a frontend hast named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region. You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States. What should you include in the WAF policy?
A. a custom rule that uses a match rule
B. a frontend hast association
C. a custom rule that uses a rate limit rule
D. a managed rule set
HOTSPOT - You have an Azure subscription that contains the resources shown in the following table.The virtual network topology is shown in the following exhibit.
Firewall1 is configured as shown in following exhibit.
FirewallPolicy1 contains the following rules: • Allow outbound traffic from Vnet1 and Vnet2 to the internet. • Allow any traffic between Vnet1 and Vnet2. No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT - Your on-premises network contains a VPN device. You have an Azure subscription that contains a virtual network and a virtual network gateway. You need to create a Site-to-Site VPN connection that has a custom cryptographic policy. How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP - Your company, named Contoso, Ltd., has an Azure subscription that contains the resources shown in the following table.You plan to deploy Azure Front Door. The solution must meet the following requirements: • Requests to a URL of https://contoso.azurefd.net/uk must be routed to App1uk. • Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us. • Requests to a URL of https://contoso.azurefd.net/images must be routed to the storage account closest to the user. What is the minimum number of backend pools and routing rules you should create? To answer, drag the appropriate number to the correct components. Each number may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
SIMULATION -Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You plan to deploy an appliance to subnet3-2. The appliance will perform packet inspection and will have an IP address of 10.3.2.100. You need to ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance for inspection. To complete this task, sign in to the Azure portal.
HOTSPOT - You are planning an Azure solution that will contain the following types of resources in a single Azure region: ✑ Virtual machine ✑ Azure App Service ✑ Virtual Network gateway ✑ Azure SQL Managed Instance App Service and SQL Managed Instance will be delegated to create resources in virtual networks. You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Your company has an office in New York. The company has an Azure subscription that contains the virtual networks shown in the following table.You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements: • The connection must have up to 1 Gbps of bandwidth. • The office must have access to all the virtual networks. • Costs must be minimized. How many ExpressRoute circuits should be provisioned, and which ExpressRoute SKU should you enable?
A. one ExpressRoute Premium circuit
B. two ExpressRoute Premium circuits
C. four ExpressRoute Standard circuits
D. one ExpressRoute Standard circuit
HOTSPOT - You plan to deploy Azure Virtual WAN. You need to deploy a virtual WAN hub that meets the following requirements: ✑ Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection ✑ Supports 8 Gbps of ExpressRoute traffic ✑ Minimizes costs What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1. Hub1 has a security status of Unsecured. You need to ensure that the security status of Hub1 is marked as Secured. Solution: You implement an Azure Front Door profile. Does this meet the requirement?
A. Yes
B. No
You have three on-premises networks. You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WAN contains a single virtual hub and a virtual network gateway that is limited to a throughput of 1 Gbps. The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPN connections. You need to increase the throughput of the virtual WAN to 3 Gbps. The solution must minimize administrative effort. What should you do?
A. Upgrade the virtual WAN to the Standard SKU.
B. Add an additional VPN gateway to the Azure subscription.
C. Create an additional virtual hub.
D. Increase the number of gateway scale units.
HOTSPOT - You have an Azure subscription. You have the on-premises sites shown the following table.You plan to deploy Azure Virtual WAN. You are evaluating Virtual WAN Basic and Virtual WAN Standard. Which type of Virtual WAN can you use for each site? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure application gateway named AppGw1. You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from https://www.contoso.com/fashion/shirts to https://www.contoso.com/buy.aspx?category=fashion&product=shirts. How should you complete the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure application gateway. You need to create a rewrite rule that will remove the origin port from the HTTP header of incoming requests that are being forwarded to the backend pool. How should you configure each setting? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual networks shown in the following table.You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region. To which virtual networks can you deploy AF1?
A. Vnet1 and Vnet4 only
B. Vnet1, Vnet2, Vnet3, and Vnet4
C. Vnet1 only
D. Vnet1 and Vnet2 only
E. Vnet1, Vnet2, and Vnet4 only
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption. You configure the listener for HTTPS by uploading an enterprise-signed certificate. You need to ensure that the application gateway can provide end-to-end encryption for App1. What should you do?
A. Increase the Unhealthy threshold setting in the custom probe.
B. Enable the SSL profile to the listener.
C. Set Listener type to Multi site.
D. Upload the public key certificate to the HTTP settings.
SIMULATION -
You have an Azure virtual machine named VM1. You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?
A. blob storage only
B. blob storage, a file path on VM1, and a premium storage account
C. a file path on VM1 only
D. blob storage and a file path on VM1 only
E. blob storage and a premium storage account only
F. a premium storage account only
You have an Azure subscription that contains a virtual network named VNet1. You deploy several web apps and configure the apps to use private endpoints on VNet1. You need to identify which DNS records the web apps registered automatically. Where will the records be created?
A. an Azure DNS zone named privatelink.azurewebsites.net
B. an Azure Private DNS zone named azurewebsites.net
C. an Azure Private DNS zone named privatelink.azurewebsites.net
D. an Azure DNS zone named azurewebsites.net
HOTSPOT - You have an Azure subscription that contains an app named App1. App1 is deployed to the Azure App Service apps shown in the following table.You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances. What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SIMULATION -Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You are planning security for Azure Front Door. You need to create a rule that can be applied to Front Door hosts. The rule must prevent hosts in Japan from making more than 50 requests per minute. You do NOT need to associate the rule to a Front Door instance to complete this task. To complete this task, sign in to the Azure portal.
HOTSPOT - You have the Azure environment shown in the exhibit.You have virtual network peering between Vnet1 and Vnet2. You have virtual network peering between Vnet4 and Vnet5. The virtual network peering is configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Hot Area:
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1. RG1 contains an Azure Network Watcher instance named NW1. You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege. Which role should you assign to Admin1?
A. User Access Administrator
B. Resource Policy Contributor
C. Network Contributor
D. Monitoring Contributor
You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound service tag rule for AzureCloud.
B. Add an internet route to RT1 for the Azure Key Management Service (KMS).
C. On FW1, configure a DNAT rule for port 1688.
D. Deploy an Azure Standard Load Balancer that has an outbound NAT rule.
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly. Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service. You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB. What should you include in the solution?
A. a service tag
B. a service endpoint policy
C. a subnet delegation
D. an application security group
You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
B. On FW1, create an outbound service tag rule for Azure Cloud.
C. Deploy a NAT gateway.
D. Deploy an application security group that allows outbound traffic to 1688.
HOTSPOT - You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3. TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.
TM3 uses priority traffic-routing method and has the endpoints shown in the following table.
The App2, App4, and App6 endpoints have a degraded monitoring status. To which endpoint is traffic directed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point Hot Area:
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app. You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.com and a different URL path for each web app, for example: https://www.contoso.com/app1. You need to control the flow of traffic based on the URL path. What should you configure?
A. HTTP settings
B. listeners
C. rules
D. rewrites
You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks. You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub. You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution. What should you include in the solution?
A. An Azure Virtual WAN ExpressRoute gateway
B. A Network Virtual Appliance (NVA)
C. A Site to site gateway (VPN gateway)
D. A Point to site gateway (User VPN gateway)
DRAG DROP - You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1. You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2. You need to provide VM1 with access to SQL1 by using an Azure Private Link service. What should you implement on each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You are configuring two network virtual appliances (NVAs) in an Azure virtual network. The NVAs will be used to inspect all the traffic within the virtual network. You need to provide high availability for the NVAs. The solution must minimize administrative effort. What should you include in the solution?
A. Azure Standard Load Balancer
B. Azure Application Gateway
C. Azure Traffic Manager
D. Azure Front Door
HOTSPOT - You have the Azure environment shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure subscription that contains the resources shown in the following table.You establish BGP peering between NVA1 and Hub1. You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an on-premises network. You have an Azure subscription that contains the resources shown in the following table.You need to implement an ExpressRoute circuit to access the resources in the subscription. The solution must ensure that the on-premises network connects to the Azure resources by using the ExpressRoute circuit. Which type of peering should you use for each connection? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources: ✑ A virtual network named Vnet1 ✑ An App Service plan named ASP1 ✑ An Azure App Service named webapp1 An Azure private DNS zone named private.contoso.com✑ Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https://www.private.contoso.com. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Create a CNAME record that maps www.private.contoso.com to webapp1.contoso.onmicrosoft.com.
B. Create a CNAME record that maps www.private.contoso.com to webapp1.private.contoso.com.
C. Create a service endpoint for webapp1.
D. Register an enterprise application in Azure AD for webapp1.
E. Create a private endpoint for webapp1.
F. Create a CNAME record that maps www.private.contoso.com to webapp1.privatelink.azurewebsites.net.
You have an Azure application gateway named AppGW1 that balances requests to a web app named App1. You need to modify the server variables in the response header of App1. What should you configure on AppGW1?
A. HTTP settings
B. rewrites
C. rules
D. listeners
Free Access Full AZ-700 Practice Exam Free
Looking for additional practice? Click here to access a full set of AZ-700 practice exam free questions and continue building your skills across all exam domains.
Our question sets are updated regularly to ensure they stay aligned with the latest exam objectives—so be sure to visit often!
Good luck with your AZ-700 certification journey!