AZ-700 Practice Test Free – 50 Questions to Test Your Knowledge
Are you preparing for the AZ-700 certification exam? If so, taking a AZ-700 practice test free is one of the best ways to assess your knowledge and improve your chances of passing. In this post, we provide 50 free AZ-700 practice questions designed to help you test your skills and identify areas for improvement.
By taking a free AZ-700 practice test, you can:
- Familiarize yourself with the exam format and question types
- Identify your strengths and weaknesses
- Gain confidence before the actual exam
50 Free AZ-700 Practice Questions
Below, you will find 50 free AZ-700 practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level.
DRAG DROP - You have an Azure virtual network named Vnet1 that connects to an on-premises network. You have an Azure Storage account named storageaccount1 that contains blob storage. You need to configure a private endpoint for the blob storage. The solution must meet the following requirements: ✑ Ensure that all on-premises users can access storageaccount1 through the private endpoint. ✑ Prevent access to storageaccount1 from being interrupted. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
HOTSPOT - You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You need to implement name resolution for the cloud.litwareinc.com. The solution must meet the networking requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that contains an Azure Front Door named FD1. You plan to deploy an app named App1 by using Azure App Service. Users will access App1 by using FD1. You need to provide FD1 with access to App1. The solution must meet the following requirements: • Ensure that users can only access App1 by using FD1. • Ensure that users cannot access App1 directly from the internet. What should you create for App1?
A. an access restriction
B. a private endpoint
C. a subnet delegation
D. a service endpoint
HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table.Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule: ✑ Priority: 100 ✑ Port: Any ✑ Protocol: Any ✑ Source: Any ✑ Destination: Storage ✑ Action: Deny You create a private endpoint that has the following settings: ✑ Name: Private1 ✑ Resource type: Microsoft.Storage/storageAccounts ✑ Resource: storage1 ✑ Target sub-resource: blob ✑ Virtual network: Vnet1 ✑ Subnet: Subnet1 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources: ✑ An Azure App Service app named App1 ✑ An Azure DNS zone named contoso.com ✑ An Azure private DNS zone named private.contoso.com ✑ A virtual network named Vnet1 You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS. You need to provide a developer with the name that is registered in Azure DNS for the private endpoint. What should you provide?
A. app1.contoso.onmicrosoft.com
B. app1.private.contoso.com
C. app1.privatelink.azurewebsites.net
D. app1.contoso.com
You need to configure GW1 to meet the network security requirements for the P2S VPN users. Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
A. IKEv2 and OpenVPN (SSL)
B. IKEv2
C. IKEv2 and SSTP (SSL)
D. OpenVPN (SSL)
E. SSTP (SSL)
You need to provide access to storage1. The solution must meet the PaaS networking requirements and the business requirements. What should you include in the solution?
A. a private endpoint
B. Azure Traffic Manager
C. Azure Front Door
D. a service endpoint
You have an Azure virtual network named VNet1 that contains the subnets shown in the following table.You need to deploy an Azure application gateway named AppGW1 to VNet1. To where can you deploy AppGW1?
A. GatewaySubnet only
B. Subnet2 only
C. Subnet1 or Subnet2 only
D. Subnet2 or GatewaySubnet only
E. Subnet1, Subnet2, and GatewaySubnet
HOTSPOT - Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
DRAG DROP - You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements. Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer. Select and Place:
HOTSPOT - You are implementing the virtual network requirements for VM-Analyze. What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements. What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
DRAG DROP - You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
HOTSPOT - You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements. What should you do? To answer, select the appropriate options in the answer area. Hot Area:
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements. What should you use to configure the default route?
A. route filters
B. BGP route exchange
C. a user-defined route assigned to GatewaySubnet in Vnet1
D. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3
HOTSPOT - You create NSG10 and NSG11 to meet the network security requirements. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
B. On FW1, create an outbound service tag rule for Azure Cloud.
C. Deploy a NAT gateway.
D. Deploy an application security group that allows outbound traffic to 1688.
You have an Azure subscription that contains the resources shown in the following table.You need to ensure that the apps hosted on VM1 can resolve the IP address of the private endpoint for azsql1.database.windows.net. What should you create first?
A. a public DNS zone named database.windows.net
B. a private DNS zone named database.windows.net
C. a public DNS zone named privatelink.database.windows.net
D. a private DNS zone named privatelink.database.windows.net
You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?
A. Azure DDoS Protection for virtual networks
B. private endpoints
C. Azure Virtual Network NAT
D. service endpoint policies
HOTSPOT - You have the Azure App Service app shown in the App Service exhibit.The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.
The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have the Azure resources shown in the following table.You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint. You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region. What should you do first?
A. Fail over storage1 to the paired Azure region.
B. Configure the firewall settings for storage1.
C. Create a virtual network in the paired Azure region.
D. Create another service endpoint.
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF). FD1 uses a frontend hast named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region. You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States. What should you include in the WAF policy?
A. a custom rule that uses a match rule
B. a frontend hast association
C. a custom rule that uses a rate limit rule
D. a managed rule set
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly. Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service. You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB. What should you include in the solution?
A. a service tag
B. a service endpoint policy
C. a subnet delegation
D. an application security group
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements. Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. On the peering from Vnet1, select Allow gateway transit.
B. On the peerings from Vnet2 and Vnet3, select Use remote gateways.
C. On the peerings from Vnet2 and Vnet3, select Allow gateway transit.
D. On the peering from Vnet1, select Use remote gateways.
E. On the peering from Vnet1, select Allow forwarded traffic.
HOTSPOT - You have two Azure subscriptions named Subscription1 and Subscription2. There are no connections between the virtual networks in the two subscriptions. You configure a private link service as shown in the privatelinkservice1 exhibit. (Click the privatelinkservice1 tab.)You create a load balancer name in Subscription1 and configure the backend pool shown in the lb1 exhibit. (Click the lb1 tab.)
You create a private endpoint in Subscription2 as shown in the privateendpoint4 exhibit. (Click the privateendpoint4 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements. Which connectivity method should you use?
A. a private endpoint
B. Azure Firewall
C. Azure Front Door
D. a service endpoint
SIMULATION -Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You need to ensure that the storage12345678 storage account will only accept connections from the hosts on VNET1. To complete this task, sign in to the Azure portal.
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe region. You deploy an Azure App Service app named App1 to the West Europe region. You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs. What should you do first?
A. Create a private link.
B. Create a new subnet.
C. Create a NAT gateway.
D. Create a gateway subnet and deploy a virtual network gateway.
SIMULATION -
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
A. a private endpoint
B. a routing table
C. a service endpoint
D. a private link service
E. a virtual network peering
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources: ✑ A virtual network named Vnet1 ✑ An App Service plan named ASP1 ✑ An Azure App Service named webapp1 An Azure private DNS zone named private.contoso.com✑ Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https://www.private.contoso.com. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Create a CNAME record that maps www.private.contoso.com to webapp1.contoso.onmicrosoft.com.
B. Create a CNAME record that maps www.private.contoso.com to webapp1.private.contoso.com.
C. Create a service endpoint for webapp1.
D. Register an enterprise application in Azure AD for webapp1.
E. Create a private endpoint for webapp1.
F. Create a CNAME record that maps www.private.contoso.com to webapp1.privatelink.azurewebsites.net.
DRAG DROP - You have two Azure subscriptions named Subscription1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2. You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You have an Azure Private Link service named PL1 that uses an Azure load balancer named LB1. You need to ensure that PL1 can support a higher volume of outbound traffic. What should you do?
A. Increase the number of frontend IP configurations for LB1.
B. Increase the number of NAT IP addresses assigned to PL1.
C. Deploy an Azure Application Gateway v2 instance to the source NAT subnet.
D. Redeploy LB1 with a different SKU.
HOTSPOT - You have the Azure environment shown in the Azure Environment exhibit.The settings for each subnet are shown in the following table.
The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that contains the resources shown in the following table.You need to ensure that VM1 and VM2 can connect only to storage1. The solution must meet the following requirements: • Prevent VM1 and VM2 from accessing any other storage accounts • Ensure that storage1 is accessible from the internet. What should you use?
A. a network security group (NSG)
B. a service endpoint policy
C. a private link
D. a private endpoint
SIMULATION -
You have Azure App Service apps in the West US Azure region as shown in the following table.You need to ensure that all the apps can access the resources in a virtual network named VNet1 without forwarding traffic through the internet. How many integration subnets should you create?
A. 0
B. 1
C. 3
D. 4
E. 6
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the following subnets: • AzureFirewallSubnet • GatewaySubnet • Subnet1 • Subnet2 • Subnet3 Subnet2 has a delegation to the Microsoft.Web/serverfarms service. The subscription contains the resources shown in the following table.You need to implement an Azure application gateway named AG1 that will be integrated with an Azure Web Application Firewall (WAF). AG1 will be used to publish VMSS1. To which subnet should you connect AG1?
A. GatewaySubnet
B. AzureFirewallSubnet
C. Subnet2
D. Subnet1
E. Subnet3
HOTSPOT - You have an Azure application gateway named AppGw1. You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from https://www.contoso.com/fashion/shirts to https://www.contoso.com/buy.aspx?category=fashion&product=shirts. How should you complete the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the following subnets: • AzureFirewallSubnet • GatewaySubnet • Subnet1 • Subnet2 • Subnet3 Subnet2 has a delegation to the Microsoft.Web/serverfarms service. The subscription contains the resources shown in the following table.
A. GatewaySubnet
B. AzureFirewallSubnet
C. Subnet2
D. Subnet1
E. Subnet3
You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics. Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one point.
A. an Azure Monitor workbook
B. a Log Analytics workspace
C. a storage account
D. an Azure Sentinel workspace
E. an Azure Monitor data collection rule
Your company has offices in Montreal, Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address. You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy1 that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal. You need to apply a rate limit of 100 requests for traffic that originates from each office. What should you do?
A. Modify the rate limit threshold of Rule1.
B. Create two additional associations.
C. Modify the conditions of Rule1.
D. Modify the rule type of Rule1.
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance. You need to configure the policy to meet the following requirements: ✑ Log all connections from Australia. ✑ Deny all connections from New Zealand. ✑ Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute. What is the minimum number of objects you should create?
A. three custom rules that each has one condition
B. one custom rule that has three conditions
C. one custom rule that has one condition
D. one rule that has two conditions and another rule that has one condition
You have an Azure subscription that contains four virtual machines. The virtual machines host an app named App1. You deploy an Azure Standard Load Balancer named LB1 to load balance incoming HTTPS requests to App1. You need to reduce how long it takes for LB1 to stop sending App1 traffic to failed servers. The solution must minimize administrative effort. What should you modify?
A. the Backend pools settings
B. the Diagnostic settings
C. the Load-balancing rules
D. the Health probes settings
You have an Azure subscription that contains the following resources: ✑ A virtual network named Vnet1 ✑ Two subnets named subnet1 and AzureFirewallSubnet ✑ A public Azure Firewall named FW1 ✑ A route table named RT1 that is associated to Subnet1 ✑ A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound service tag rule for AzureCloud.
B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
C. Deploy a NAT gateway.
D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
HOTSPOT - You have an Azure subscription that contains the resources shown in the following table.You purchase a certificate for app1.contoso.com from a public certification authority (CA) and install the certificate on appservice1. You need to ensure that App1 can be accessed by using a URL of https://app1.contoso.com. The solution must ensure that all the traffic for App1 is routed via FD1. Which type of DNS record should you create, and where should you store the certificate? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure virtual network that contains the subnets shown in the following table.You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall. You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com. What should you do?
A. In a firewall policy, create a DNAT rule.
B. Create a network security group (NSG) and associate the NSG to Subnet2.
C. In a firewall policy, create a network rule.
D. In a firewall policy, create an application rule.
Get More AZ-700 Practice Questions
If you’re looking for more AZ-700 practice test free questions, click here to access the full AZ-700 practice test.
We regularly update this page with new practice questions, so be sure to check back frequently.
Good luck with your AZ-700 certification journey!