Microsoft AZ-700 Online Practice
Questions and Exam Preparation
AZ-700 Exam Details
Exam Code
:AZ-700
Exam Name
:Designing and Implementing Microsoft Azure Networking Solutions
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:452 Q&As
Last Updated
:Jul 08, 2026
Microsoft AZ-700 Online Questions &
Answers
Question 31:
You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.
You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.
You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.
What should you include in the solution?
A. An Azure Virtual WAN ExpressRoute gateway B. A Network Virtual Appliance (NVA) C. A Site to site gateway (VPN gateway) D. A Point to site gateway (User VPN gateway)
Your on-premises network uses an IP address range of 10.1.0.0 to 10.1.255.255.
You plan to deploy a new Azure virtual network solution that will include the following elements:
1. A virtual network named VNet1
2. A Site-to-Site (S2S) VPN connection between VNet1 and the on-premises network
3. GatewaySubnet in VNet1, which will be used as a route-based virtual network gateway
You need to recommend which subnet masks to assign to VNet1 and GatewaySubnet. The solution must meet the following requirements:
Maximize the number of available IP addresses on VNet1.
Minimize the number of available IP addresses on GatewaySubnet.
Which address spaces should you assign to VNet1 and GatewaySubnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: 10.0.0.0/24
Maximize the number of available IP addresses on VNet1.
Box 2: 10.0.0.0/27
Minimize the number of available IP addresses on GatewaySubnet.
Create a gateway subnet
The virtual network gateway requires a specific subnet named GatewaySubnet. The gateway subnet is part of IP address range for your virtual network and contains the IP addresses that the virtual network gateway resources and services use.
When you create the gateway subnet, you specify the number of IP addresses that the subnet contains.
The number of IP addresses needed depends on the VPN gateway configuration that you want to create.
Some configurations require more IP addresses than others. It's best to specify /27 or larger (/26,/25 etc.) for your gateway subnet.
You plan to deploy the following types of resources in a single Azure region:
1. Virtual machine
2. Azure App Service
3. Virtual Network gateway
4. Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks. You need to identify how many virtual networks and subnets are required for the solution.
The solution must minimize costs to transfer data between virtual networks.
What should you identify?
A. Virtual Networks: 1 B. Virtual Networks: 2 C. Virtual Networks: 3 D. Virtual Networks: 4 E. Subnets: 1 F. Subnets: 2 G. Subnets: 3 H. Subnets: 4
A. Virtual Networks: 1 H. Subnets: 4
Explanation
None of these resources has a requirement for dedicated virtual network. So, you can deploy all these resources in a single virtual network.
Azure virtual machine must be deployed to a subnet. So, you need at least one subnet for virtual machine.
Azure app service is delegate to create resources in the virtual network. So you need configure vNet integration for Azure app service. An integration subnet is required to integrate Azure App service with virtual network.
You need a dedicated subnet called as gateway subnet for virtual network gateway.
SQL Managed Instance is placed inside the Azure virtual network and the subnet that's dedicated to managed instances.
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 2: One NSG
The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules.
Box 1: Two custom rules
With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443.
The default rules in the NSG will allow all other traffic to VMScaleSet2.
Question 35:
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion request headers that contain 137.135.10.24.
Does this meet the goat?
A. Yes B. No
B. No
Question 36:
HOTSPOT
You have an Azure subscription.
You plan to deploy an app named App1 that will be accessed by using Azure Application Gateway.
You need to deploy the application gateway for App1. The solution must meet the following requirements:
Support autoscaling to 100 capacity units. Minimize costs.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: Standard V2 tier Configure an Application Gateway with the:
The Azure Application Gateway Standard_v2 and WAF_v2 tiers support autoscaling and can scale up to 125 capacity units. Each capacity unit can handle a certain number of persistent connections, and additional capacity units are added as limits are reached. The Azure Application Gateway Standard_v2 tier is generally the cheaper option compared to the WAF_v2 tier. While both tiers have a base cost per hour, the WAF_v2 tier includes additional features for web application firewalling, which is reflected in its higher hourly cost.
Box 2: 10 Set the maximum instance count to:
You must specify a minimum and optionally maximum instance count. Minimum capacity ensures that Application Gateway and WAF v2 don't fall below the minimum instance count specified, even without traffic. The minimum instance count can range from 0 to 100. Each instance is roughly equivalent to 10 more reserved Capacity Units.
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
A. route filters B. BGP route exchange C. a user-defined route assigned to GatewaySubnet in Vnet1 D. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3
B. BGP route exchange
Explanation
You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes
You have an on-premises datacenter named DC1. DC1 hosts services that use public IPv4 and IPv6 address ranges that you own.
You plan to migrate the services to Azure.
You purchase a new Azure subscription.
You need to provision the existing public IP addresses in the subscription.
What is the smallest IP address prefix that you can use for each IP address range? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: /24 IPv4
For migrating your own public IP addresses to Azure using the Bring Your Own IP (BYOIP) feature-formally known as Custom IP Prefixes-the smallest supported prefix sizes are: IPv4 address range: The smallest prefix is /24. This limit exists because most Internet Service Providers (ISPs) do not accept BGP advertisements for ranges smaller than a /24. Depending on the deployment model, regional (child) IPv4 prefixes derived from a global range can be as small as /26, but the parent range validated and advertised to the internet must be at least a /24.
Box 2: /64 IPv6
Public IPv6 prefixes must be derived from the regional ranges. Only the first 2048 IPv6 addresses of each regional /64 custom IP prefix can be utilized as valid IPv6 space. Attempting to create public IPv6 prefixes that span beyond this range results in an error.
Custom IPv6 prefixes use a parent/child model. In this model, the Microsoft Wide Area Network (WAN) advertises the global (parent) range, and the respective Azure regions advertise the regional (child) ranges. Global ranges must be /48 in size, while regional ranges must always be /64 size. You can have multiple /64 ranges per region.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your AZ-700 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.