Prepare to take the NEW Exam AZ-700 with confidence and launch your career as an Azure Network Engineer
Not only does MCA Microsoft Certified Associate Azure Network Engineer Study Guide: Exam AZ-700 help you prepare for your certification exam, it takes a deep dive into the role and responsibilities of an Azure Network Engineer, so you can learn what to expect in your new career. You’ll also have access to additional online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of important terms. Prepare smarter with Sybex's superior interactive online learning environment and test bank.
Exam AZ-700, Designing and Implementing Microsoft Azure Networking Solutions, measures your ability to design, implement, manage, secure, and monitor technical tasks such as hybrid networking; core networking infrastructure; routing; networks; and private access to Azure services. With this in-demand certification, you can qualify for jobs as an Azure Network Engineer, where you will work with solution architects, cloud administrators, security engineers, application developers, and DevOps engineers to deliver Azure solutions. This study guide covers 100% of the objectives and all key concepts, including:
- Design, Implement, and Manage Hybrid Networking
- Design and Implement Core Networking Infrastructure
- Design and Implement Routing
- Secure and Monitor Networks
- Design and Implement Private Access to Azure Services
If you’re ready to become the go-to person for recommending, planning, and implementing Azure networking solutions, you’ll need certification with Exam AZ-700. This is your one-stop study guide to feel confident and prepared on test day. Trust the proven Sybex self-study approach to validate your skills and to help you achieve your career goals!
Table of Contents
Introduction xxv
Assessment Test xxxvii
Chapter 1 Getting Started with AZ-700 Certification for Azure Networking 1
Basics of Cloud Computing and Networking 2
The Need for Networking Infrastructure 3
The Need for the Cloud 3
Basics of Networking 6
Enterprise Cloud Networking 10
Microsoft Azure Overview 11
Azure Cloud Foundation 12
Azure Global Infrastructure 14
Azure Networking Terminology 20
Azure Networking Overview 21
Azure Networking Services 23
Azure Virtual Network 26
VNet Concepts and Best Practices 28
Deploying a Virtual Network with Azure PowerShell 35
Configure Public IP Services 37
Basic SKUs 38
Standard SKUs 39
Configure a Basic SKU Public IP 40
Configure a Standard SKU Public IP with Zones 40
Configuring Domain Name Services 40
Configure an Azure DNS Zone and Record Using Azure PowerShell 42
Configuring Cross-Virtual Network Connectivity with Peering 43
Configuring Peering between Two Virtual Networks in the Same Region 45
Configuring Virtual Network Traffic Routing 46
Using Forced Tunneling to Secure the VNet Route 52
Configuring Internet Access with Azure Virtual NAT 53
Deploy the NAT Gateway Using Azure PowerShell 54
Summary 56
Exam Essentials 56
Hands-On Lab: Design and Deploy a Virtual Network via the Azure Portal 57
Activity 1: Prepare the Network Schema 58
Activity 2: Build the Aviation Resource Group 60
Activity 3a: Build the CoreInfraVnet Virtual Network and Subnets 60
Activity 3b: Build the EngineeringVnet Virtual Network and Subnets 64
Activity 3c: Build the BranchofficeVnet Virtual Network and Subnets 66
Activity 4: Validate the Build of VNets and Subnets 68
Review Questions 70
Chapter 2 Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection 75
Overview of Azure VPN Gateway 76
Designing an Azure VPN Connection 79
Design Pattern 1 86
Design Pattern 2 87
Design Pattern 3 88
Choosing a Virtual Network Gateway SKU for Site-to-Site VPN 89
Using Policy-Based VPNs vs. Route-Based VPNs 92
Building and Configuring a Virtual Network Gateway 94
Building and Configuring a Local Network Gateway 97
Building and Configuring an IPsec/IKE Policy 101
Configuration Workflow 104
Diagnosing and Resolving VPN Gateway Connectivity Issues 109
Choosing a VNet Gateway SKU for Point-to-Site VPNs 112
Configuring RADIUS, Certificate-Based, and Azure AD Authentication 116
Configuration Workflow for Native Azure Certification Authentication 117
Configuration Workflow for Native Azure Active Directory 124
Configuration Workflow for Windows Active Directory 127
Diagnosing and Resolving Client-Side and Authentication Issues 133
Summary 136
Exam Essentials 136
Review Questions 140
Chapter 3 Design, Deploy, and Manage Azure ExpressRoute 145
Getting Started with Azure ExpressRoute 146
Key Use Case for ExpressRoute 151
ExpressRoute Deployment Model 151
Choosing Between the Network Service Provider and ExpressRoute Direct 153
Designing and Deploying Azure Cross-Region Connectivity between Multiple ExpressRoute Locations 156
Selecting ExpressRoute Circuit SKUs 156
Estimating Price Based on ExpressRoute SKU 156
Select a Peering Location 157
Select the Proper ExpressRoute Circuit 157
Select a Billing Model 159
Select a High Availability Design 159
Pick a Business Continuity and Disaster Recovery Design Pattern 162
Choosing an Appropriate ExpressRoute SKU and Tier 169
Designing and Deploying ExpressRoute Global Reach 171
Deploying ExpressRoute Global Reach 173
Use Case 1: Enabling Circuits in the Same Region 173
Use Case 2: Enabling Circuits in Different Regions 174
Designing and Deploying ExpressRoute FastPath 175
Evaluate Private Peering Only, Microsoft Peering Only, or Both 176
Setting Up Private Peering 178
Setting Up Microsoft Peering 181
Building and Configuring an ExpressRoute Gateway 182
Connect a Virtual Network to an ExpressRoute Circuit 186
Recommend a Route Advertisement Configuration 190
Configure Encryption over ExpressRoute 191
Deploy Bidirectional Forwarding Detection 192
Diagnose and Resolve ExpressRoute Connection Issues 193
Summary 196
Exam Essentials 196
Review Questions 199
Chapter 4 Design and Deploy Core Networking Infrastructure: Private IP and DNS 203
Designing Private IP Addressing for VNets 204
Deploying a VNet 210
Preparing Subnetting for Services 213
Subnetting Design Considerations 214
Example Case Study: Preparing Subnetting for Services 218
Configuring Subnetting for Services 220
Preparing and Configuring a Subnet Delegation 223
Configure Subnet Delegation 225
Planning and Configuring Subnetting for Azure Route Server 226
Designing and Configuring Public DNS Zones 231
Creating an Azure DNS Zone and Record Using PowerShell 233
Designing and Configuring Private DNS Zones 235
Creating a Private DNS Zone and Record Using PowerShell 238
Designing Name Resolution Inside a VNet 240
VMs and Role Instances 243
Web Apps 243
Linking a Private DNS Zone to a VNet 245
Summary 248
Exam Essentials 249
Review Questions 251
Chapter 5 Design and Deploy Core Networking Infrastructure and Virtual WANs 255
Overview of Virtual Network Peering, Service Chaining, and Gateway Transit 256
Configure VPN Gateway Transit for Virtual Network Peering 258
Design VPN Connectivity between VNets 263
Deploy VNet Peering 266
Deployment Model 1: Running in the Same Azure Subscription and Deployed Using Azure Resource Manager 267
Deployment Model 2: Running in Different Subscriptions and Deploying Using Resource Manager 270
Deployment Model 3: Running in the Same Subscription and Deploying One VNet Using Resource Manager and Another Using the Classic Model 273
Deployment Model 4: Running in Different Subscriptions and Deploying One VNet Using Resource Manager and Another Using the Classic Model 275
Design an Azure Virtual WAN Architecture 277
Choosing SKUs and Services for Virtual WANs 289
Connect a VNet Gateway to an Azure Virtual WAN and Build a Hub in a Virtual WAN 291
Build a Virtual Network Appliance (NVA) in a Virtual Hub 299
Set Up Virtual Hub Routing 304
Build a Connection Unit 306
Summary 309
Exam Essentials 310
Review Questions 312
Chapter 6 Design and Deploy VNet Routing and Azure Load Balancer 317
Design and Deploy User-Defined Routes 318
Basic Routing Concepts 318
Azure Routes 321
Associate a Route Table with a Subnet 328
Set Up Forced Tunneling 329
Diagnose and Resolve Routing Issues 334
Design and Deploy Azure Route Server 336
Route Server Design Pattern 1 338
Route Server Design Pattern 2 339
Choosing an Azure Load Balancer SKU 344
Choosing Between Public and Internal Load Balancers 349
Build and Configure an Azure Load Balancer (Including Cross-Region) 353
Build and Configure Cross-Region Load Balancer Resources 361
Deploy a Load Balancing Rule 366
Build and Configure Inbound NAT Rules 370
Build Explicit Outbound Rules for a Load Balancer 371
Summary 374
Exam Essentials 375
Review Questions 377
Chapter 7 Design and Deploy Azure application gateway, Azure front door, and Virtual NAT 381
Azure Application Gateway Overview 383
How Application Gateway Works 385
Scaling Options for Application Gateway and WAF 389
Overview of Application Gateway Deployment 390
Front-End Setup 390
Back-End Setup 390
Health Probes Setup 391
Configuring Listeners 393
Redirection Overview 394
Application Gateway Request Routing Rules 395
Redirection Setting 397
Application Gateway Rewrite Policies 397
Features and Capabilities of Azure Front Door SKUs 409
Health Probe Characteristics and Operation 411
Secure Front Door with SSL 412
Front Door for Web Applications with a High-Availability Design Pattern 413
SSL Termination and End-to-End SSL Encryption 421
Multisite Listeners 423
Back-Ends, Back-End Pools, Back-End Host Headers, and Back-End Health Probes 424
Routing and Routing Rules 426
URL Redirection and URL Rewriting in Front Door Standard and Premium 427
Design and Deploy Traffic Manager Profiles 429
How Traffic Manager Works 430
Traffic Manager Routing Methods 432
Priority-Based Traffic Routing 433
Weighted-Based Traffic Routing 433
Performance-Based Traffic Routing 435
Geographic-Based Traffic Routing 436
Multivalue-Based Traffic Routing 437
Subnet-Based Traffic Routing 437
Building a Traffic Manager Profile 438
Virtual Network NAT 442
Using a Virtual Network NAT 443
Allocate Public IP or Public IP Prefixes for a NAT Gateway 445
Associate a Virtual Network NAT with a Subnet 447
Summary 451
Exam Essentials 451
Review Questions 455
Chapter 8 Design, Deploy, and Manage Azure Firewall and Network Security Groups 459
Azure Firewall and Firewall Manager Features 460
How Azure Firewall Manager Works 467
How Azure Firewall and Firewall Manager Protect VNets 468
Build and Configure an Azure Firewall Deployment 476
Azure Firewall Policy 495
Build and Configure a Secure Hub within an Azure Virtual WAN Hub 501
Build and Configure a Secure Hub within an Azure Virtual WAN Hub Using Azure PowerShell 503
Integrate an Azure Virtual WAN Hub with a Third-Party Network Virtual Appliance 507
High-Level Use Case for Network Virtual Appliances 508
Create and Attach a Network Security Group to a Resource 509
Create an Application Security Group and Attach It to a NIC 519
Create and Configure NSG Rules and Read Network Security Group Flow Logs 524
Validate NSG Flow Rules 531
Verify IP Flow 534
Summary 536
Exam Essentials 536
Review Questions 539
Chapter 9 Design and Deploy Azure Web Application Firewall and Monitor Networks 543
Azure Web Application Firewall Functions and Features 544
WAF on Application Gateway 547
WAF on Front Door 549
WAF on Azure CDN from Microsoft 550
Set Up Detection or Prevention Mode 551
Azure Front Door WAF Policy Rule Sets 553
Managed Rule Sets 555
Custom Rule Sets 558
WAF Policies 560
Application Gateway WAF Policy Rule Sets 566
Per-Site WAF Policy 568
Per-URI Policy 568
Managed Rules 568
WAF Policies 572
Custom Rules 573
Deploy and Attach WAF Policies 580
Set Up Network Health Alerts and Logging Using Azure Monitor 582
Build and Configure Azure Network Watcher 591
Build and Configure a Connection Monitor Instance 595
Build, Configure, and Use Traffic Analytics 600
Build and Configure NSG Flow Logs 604
Enable and Set Up Diagnostic Logging 607
Enabling Diagnostic Logging 608
Summary 609
Exam Essentials 609
Review Questions 611
Chapter 10 Design and Deploy Private Access to Azure Services 615
Overview of Private Link Services and Private Endpoints 616
Key Benefits of Private Link 618
How Private Link Integrates into an Azure Virtual Network 619
How Azure Private Endpoint Works 619
Plan Private Endpoints 628
Configure Access to Private Endpoints 632
Azure Private Link RBAC Permissions 634
Integrate Private Link with DNS and Private Link Services with On-Premises Clients 634
Use Case 1: Workloads on Virtual Networks without a Custom DNS Server 635
Use Case 2: Workloads That Use a DNS Forwarder On-Premises 637
Use Case 3: Using a DNS Forwarder for Virtual Network Workloads and On-Premises Workloads 640
Set Up Service Endpoints and Configure Service Endpoint Policies 642
Overview of Service Tags and Access to Service Endpoints 646
Configure Access to Service Endpoints 651
Integrating App Services into Regional VNets 657
Azure Regional VNet Integration 658
How Azure Regional VNet Integration Works 659
Subnet Requirements 660
Access Management 661
Route Management 661
Application Route Management 662
Configure Azure Kubernetes Service (AKS) for Regional VNet Integration 665
Configure Clients to Access the App Service Environment 670
Summary 673
Exam Essentials 673
Review Questions 675
Appendix Answers to Review Questions 679
Chapter 1: Getting Started with AZ-700 Certification for Azure Networking 680
Chapter 2: Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection 681
Chapter 3: Design, Deploy, and Manage Azure ExpressRoute 683
Chapter 4: Design and Deploy Core Networking Infrastructure: Private IP and DNS 685
Chapter 5: Design and Deploy Core Networking Infrastructure and Virtual WANs 686
Chapter 6: Design and Deploy VNet Routing and Azure Load Balancer 688
Chapter 7: Design and Deploy Azure application gateway, Azure front door, and Virtual NAT 690
Chapter 8: Design, Deploy, and Manage Azure Firewall and Network Security Groups 691
Chapter 9: Design and Deploy Azure Web Application Firewall and Monitor Networks 693
Chapter 10: Design and Deploy Private Access to Azure Services 694
Index 697
