+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

MCA Microsoft Certified Associate Azure Network Engineer Study Guide. Exam AZ-700. Edition No. 1. Sybex Study Guide

  • Book

  • 768 Pages
  • December 2022
  • John Wiley and Sons Ltd
  • ID: 5837980

Prepare to take the NEW Exam AZ-700 with confidence and launch your career as an Azure Network Engineer

Not only does MCA Microsoft Certified Associate Azure Network Engineer Study Guide: Exam AZ-700 help you prepare for your certification exam, it takes a deep dive into the role and responsibilities of an Azure Network Engineer, so you can learn what to expect in your new career. You’ll also have access to additional online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of important terms. Prepare smarter with Sybex's superior interactive online learning environment and test bank.

Exam AZ-700, Designing and Implementing Microsoft Azure Networking Solutions, measures your ability to design, implement, manage, secure, and monitor technical tasks such as hybrid networking; core networking infrastructure; routing; networks; and private access to Azure services. With this in-demand certification, you can qualify for jobs as an Azure Network Engineer, where you will work with solution architects, cloud administrators, security engineers, application developers, and DevOps engineers to deliver Azure solutions. This study guide covers 100% of the objectives and all key concepts, including:

  • Design, Implement, and Manage Hybrid Networking
  • Design and Implement Core Networking Infrastructure
  • Design and Implement Routing
  • Secure and Monitor Networks
  • Design and Implement Private Access to Azure Services

If you’re ready to become the go-to person for recommending, planning, and implementing Azure networking solutions, you’ll need certification with Exam AZ-700. This is your one-stop study guide to feel confident and prepared on test day. Trust the proven Sybex self-study approach to validate your skills and to help you achieve your career goals!

Table of Contents

Introduction xxv

Assessment Test xxxvii

Chapter 1 Getting Started with AZ-700 Certification for Azure Networking 1

Basics of Cloud Computing and Networking 2

The Need for Networking Infrastructure 3

The Need for the Cloud 3

Basics of Networking 6

Enterprise Cloud Networking 10

Microsoft Azure Overview 11

Azure Cloud Foundation 12

Azure Global Infrastructure 14

Azure Networking Terminology 20

Azure Networking Overview 21

Azure Networking Services 23

Azure Virtual Network 26

VNet Concepts and Best Practices 28

Deploying a Virtual Network with Azure PowerShell 35

Configure Public IP Services 37

Basic SKUs 38

Standard SKUs 39

Configure a Basic SKU Public IP 40

Configure a Standard SKU Public IP with Zones 40

Configuring Domain Name Services 40

Configure an Azure DNS Zone and Record Using Azure PowerShell 42

Configuring Cross-Virtual Network Connectivity with Peering 43

Configuring Peering between Two Virtual Networks in the Same Region 45

Configuring Virtual Network Traffic Routing 46

Using Forced Tunneling to Secure the VNet Route 52

Configuring Internet Access with Azure Virtual NAT 53

Deploy the NAT Gateway Using Azure PowerShell 54

Summary 56

Exam Essentials 56

Hands-On Lab: Design and Deploy a Virtual Network via the Azure Portal 57

Activity 1: Prepare the Network Schema 58

Activity 2: Build the Aviation Resource Group 60

Activity 3a: Build the CoreInfraVnet Virtual Network and Subnets 60

Activity 3b: Build the EngineeringVnet Virtual Network and Subnets 64

Activity 3c: Build the BranchofficeVnet Virtual Network and Subnets 66

Activity 4: Validate the Build of VNets and Subnets 68

Review Questions 70

Chapter 2 Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection 75

Overview of Azure VPN Gateway 76

Designing an Azure VPN Connection 79

Design Pattern 1 86

Design Pattern 2 87

Design Pattern 3 88

Choosing a Virtual Network Gateway SKU for Site-to-Site VPN 89

Using Policy-Based VPNs vs. Route-Based VPNs 92

Building and Configuring a Virtual Network Gateway 94

Building and Configuring a Local Network Gateway 97

Building and Configuring an IPsec/IKE Policy 101

Configuration Workflow 104

Diagnosing and Resolving VPN Gateway Connectivity Issues 109

Choosing a VNet Gateway SKU for Point-to-Site VPNs 112

Configuring RADIUS, Certificate-Based, and Azure AD Authentication 116

Configuration Workflow for Native Azure Certification Authentication 117

Configuration Workflow for Native Azure Active Directory 124

Configuration Workflow for Windows Active Directory 127

Diagnosing and Resolving Client-Side and Authentication Issues 133

Summary 136

Exam Essentials 136

Review Questions 140

Chapter 3 Design, Deploy, and Manage Azure ExpressRoute 145

Getting Started with Azure ExpressRoute 146

Key Use Case for ExpressRoute 151

ExpressRoute Deployment Model 151

Choosing Between the Network Service Provider and ExpressRoute Direct 153

Designing and Deploying Azure Cross-Region Connectivity between Multiple ExpressRoute Locations 156

Selecting ExpressRoute Circuit SKUs 156

Estimating Price Based on ExpressRoute SKU 156

Select a Peering Location 157

Select the Proper ExpressRoute Circuit 157

Select a Billing Model 159

Select a High Availability Design 159

Pick a Business Continuity and Disaster Recovery Design Pattern 162

Choosing an Appropriate ExpressRoute SKU and Tier 169

Designing and Deploying ExpressRoute Global Reach 171

Deploying ExpressRoute Global Reach 173

Use Case 1: Enabling Circuits in the Same Region 173

Use Case 2: Enabling Circuits in Different Regions 174

Designing and Deploying ExpressRoute FastPath 175

Evaluate Private Peering Only, Microsoft Peering Only, or Both 176

Setting Up Private Peering 178

Setting Up Microsoft Peering 181

Building and Configuring an ExpressRoute Gateway 182

Connect a Virtual Network to an ExpressRoute Circuit 186

Recommend a Route Advertisement Configuration 190

Configure Encryption over ExpressRoute 191

Deploy Bidirectional Forwarding Detection 192

Diagnose and Resolve ExpressRoute Connection Issues 193

Summary 196

Exam Essentials 196

Review Questions 199

Chapter 4 Design and Deploy Core Networking Infrastructure: Private IP and DNS 203

Designing Private IP Addressing for VNets 204

Deploying a VNet 210

Preparing Subnetting for Services 213

Subnetting Design Considerations 214

Example Case Study: Preparing Subnetting for Services 218

Configuring Subnetting for Services 220

Preparing and Configuring a Subnet Delegation 223

Configure Subnet Delegation 225

Planning and Configuring Subnetting for Azure Route Server 226

Designing and Configuring Public DNS Zones 231

Creating an Azure DNS Zone and Record Using PowerShell 233

Designing and Configuring Private DNS Zones 235

Creating a Private DNS Zone and Record Using PowerShell 238

Designing Name Resolution Inside a VNet 240

VMs and Role Instances 243

Web Apps 243

Linking a Private DNS Zone to a VNet 245

Summary 248

Exam Essentials 249

Review Questions 251

Chapter 5 Design and Deploy Core Networking Infrastructure and Virtual WANs 255

Overview of Virtual Network Peering, Service Chaining, and Gateway Transit 256

Configure VPN Gateway Transit for Virtual Network Peering 258

Design VPN Connectivity between VNets 263

Deploy VNet Peering 266

Deployment Model 1: Running in the Same Azure Subscription and Deployed Using Azure Resource Manager 267

Deployment Model 2: Running in Different Subscriptions and Deploying Using Resource Manager 270

Deployment Model 3: Running in the Same Subscription and Deploying One VNet Using Resource Manager and Another Using the Classic Model 273

Deployment Model 4: Running in Different Subscriptions and Deploying One VNet Using Resource Manager and Another Using the Classic Model 275

Design an Azure Virtual WAN Architecture 277

Choosing SKUs and Services for Virtual WANs 289

Connect a VNet Gateway to an Azure Virtual WAN and Build a Hub in a Virtual WAN 291

Build a Virtual Network Appliance (NVA) in a Virtual Hub 299

Set Up Virtual Hub Routing 304

Build a Connection Unit 306

Summary 309

Exam Essentials 310

Review Questions 312

Chapter 6 Design and Deploy VNet Routing and Azure Load Balancer 317

Design and Deploy User-Defined Routes 318

Basic Routing Concepts 318

Azure Routes 321

Associate a Route Table with a Subnet 328

Set Up Forced Tunneling 329

Diagnose and Resolve Routing Issues 334

Design and Deploy Azure Route Server 336

Route Server Design Pattern 1 338

Route Server Design Pattern 2 339

Choosing an Azure Load Balancer SKU 344

Choosing Between Public and Internal Load Balancers 349

Build and Configure an Azure Load Balancer (Including Cross-Region) 353

Build and Configure Cross-Region Load Balancer Resources 361

Deploy a Load Balancing Rule 366

Build and Configure Inbound NAT Rules 370

Build Explicit Outbound Rules for a Load Balancer 371

Summary 374

Exam Essentials 375

Review Questions 377

Chapter 7 Design and Deploy Azure application gateway, Azure front door, and Virtual NAT 381

Azure Application Gateway Overview 383

How Application Gateway Works 385

Scaling Options for Application Gateway and WAF 389

Overview of Application Gateway Deployment 390

Front-End Setup 390

Back-End Setup 390

Health Probes Setup 391

Configuring Listeners 393

Redirection Overview 394

Application Gateway Request Routing Rules 395

Redirection Setting 397

Application Gateway Rewrite Policies 397

Features and Capabilities of Azure Front Door SKUs 409

Health Probe Characteristics and Operation 411

Secure Front Door with SSL 412

Front Door for Web Applications with a High-Availability Design Pattern 413

SSL Termination and End-to-End SSL Encryption 421

Multisite Listeners 423

Back-Ends, Back-End Pools, Back-End Host Headers, and Back-End Health Probes 424

Routing and Routing Rules 426

URL Redirection and URL Rewriting in Front Door Standard and Premium 427

Design and Deploy Traffic Manager Profiles 429

How Traffic Manager Works 430

Traffic Manager Routing Methods 432

Priority-Based Traffic Routing 433

Weighted-Based Traffic Routing 433

Performance-Based Traffic Routing 435

Geographic-Based Traffic Routing 436

Multivalue-Based Traffic Routing 437

Subnet-Based Traffic Routing 437

Building a Traffic Manager Profile 438

Virtual Network NAT 442

Using a Virtual Network NAT 443

Allocate Public IP or Public IP Prefixes for a NAT Gateway 445

Associate a Virtual Network NAT with a Subnet 447

Summary 451

Exam Essentials 451

Review Questions 455

Chapter 8 Design, Deploy, and Manage Azure Firewall and Network Security Groups 459

Azure Firewall and Firewall Manager Features 460

How Azure Firewall Manager Works 467

How Azure Firewall and Firewall Manager Protect VNets 468

Build and Configure an Azure Firewall Deployment 476

Azure Firewall Policy 495

Build and Configure a Secure Hub within an Azure Virtual WAN Hub 501

Build and Configure a Secure Hub within an Azure Virtual WAN Hub Using Azure PowerShell 503

Integrate an Azure Virtual WAN Hub with a Third-Party Network Virtual Appliance 507

High-Level Use Case for Network Virtual Appliances 508

Create and Attach a Network Security Group to a Resource 509

Create an Application Security Group and Attach It to a NIC 519

Create and Configure NSG Rules and Read Network Security Group Flow Logs 524

Validate NSG Flow Rules 531

Verify IP Flow 534

Summary 536

Exam Essentials 536

Review Questions 539

Chapter 9 Design and Deploy Azure Web Application Firewall and Monitor Networks 543

Azure Web Application Firewall Functions and Features 544

WAF on Application Gateway 547

WAF on Front Door 549

WAF on Azure CDN from Microsoft 550

Set Up Detection or Prevention Mode 551

Azure Front Door WAF Policy Rule Sets 553

Managed Rule Sets 555

Custom Rule Sets 558

WAF Policies 560

Application Gateway WAF Policy Rule Sets 566

Per-Site WAF Policy 568

Per-URI Policy 568

Managed Rules 568

WAF Policies 572

Custom Rules 573

Deploy and Attach WAF Policies 580

Set Up Network Health Alerts and Logging Using Azure Monitor 582

Build and Configure Azure Network Watcher 591

Build and Configure a Connection Monitor Instance 595

Build, Configure, and Use Traffic Analytics 600

Build and Configure NSG Flow Logs 604

Enable and Set Up Diagnostic Logging 607

Enabling Diagnostic Logging 608

Summary 609

Exam Essentials 609

Review Questions 611

Chapter 10 Design and Deploy Private Access to Azure Services 615

Overview of Private Link Services and Private Endpoints 616

Key Benefits of Private Link 618

How Private Link Integrates into an Azure Virtual Network 619

How Azure Private Endpoint Works 619

Plan Private Endpoints 628

Configure Access to Private Endpoints 632

Azure Private Link RBAC Permissions 634

Integrate Private Link with DNS and Private Link Services with On-Premises Clients 634

Use Case 1: Workloads on Virtual Networks without a Custom DNS Server 635

Use Case 2: Workloads That Use a DNS Forwarder On-Premises 637

Use Case 3: Using a DNS Forwarder for Virtual Network Workloads and On-Premises Workloads 640

Set Up Service Endpoints and Configure Service Endpoint Policies 642

Overview of Service Tags and Access to Service Endpoints 646

Configure Access to Service Endpoints 651

Integrating App Services into Regional VNets 657

Azure Regional VNet Integration 658

How Azure Regional VNet Integration Works 659

Subnet Requirements 660

Access Management 661

Route Management 661

Application Route Management 662

Configure Azure Kubernetes Service (AKS) for Regional VNet Integration 665

Configure Clients to Access the App Service Environment 670

Summary 673

Exam Essentials 673

Review Questions 675

Appendix Answers to Review Questions 679

Chapter 1: Getting Started with AZ-700 Certification for Azure Networking 680

Chapter 2: Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection 681

Chapter 3: Design, Deploy, and Manage Azure ExpressRoute 683

Chapter 4: Design and Deploy Core Networking Infrastructure: Private IP and DNS 685

Chapter 5: Design and Deploy Core Networking Infrastructure and Virtual WANs 686

Chapter 6: Design and Deploy VNet Routing and Azure Load Balancer 688

Chapter 7: Design and Deploy Azure application gateway, Azure front door, and Virtual NAT 690

Chapter 8: Design, Deploy, and Manage Azure Firewall and Network Security Groups 691

Chapter 9: Design and Deploy Azure Web Application Firewall and Monitor Networks 693

Chapter 10: Design and Deploy Private Access to Azure Services 694

Index 697

Authors

Puthiyavan Udayakumar Kathiravan Udayakumar