Senior Acquisitions Editor: Kenyon Brown
Project Editor: Gary Schwartz
Copy Editor: Kezia Endsley
Editorial Manager: Pete Gaughan and Mary Beth Wakefield
Production Manager: Kathleen Wisor
Executive Editor: Jim Minatel
Book Designers: Judy Fung and Bill Gibson
Proofreader: Nancy Carrasco
Indexer: Johnna VanHoose Dinse
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: ©Jeremy Woodhouse/Getty Images, Inc.
Copyright © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Published by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-43983-7
ISBN: 978-1-119-43988-2 (ebk.)
ISBN: 978-1-119-43990-5 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750–8400, fax (978)
646–8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748–6011, fax (201) 748–6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762–2974, outside the U.S. at (317) 572–3993 or fax (317) 572–4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2017962409
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
To those who designed and built what we explain herein.
The authors would like to thank a few people who helped us develop and write this AWS Certified Advanced Networking – Specialty Official Study Guide.
First, thanks to all of our families for supporting us in our seemingly endless efforts to produce this book. We know the hours away from home were only possible because of you. The readers of this book owe you a debt of gratitude, as well.
A huge thanks to our colleagues, Dave Cuthbert and Dave Walker, who guest authored the chapters on automation and risk and compliance, respectively. Many thanks to James Hamilton for the Foreword and to Mark Ryland and Camil Samaha for their cover-to-cover contributions.
When we wrote this book, many of the features and services described were only on the drawing board. Thanks to the product and engineering teams for taking the time to provide us with insight into new and exciting capabilities. Our readers thank you, too!
Of course, we must thank all of the supporting team members who helped shepherd us to the finish line: Nathan Bower and Victoria Steidel, our thoughtful technical editors, who reviewed and edited all of the content; Mary Kay Sondecker, who answered our call for project help; and Sharon Saternus, our project manager, who had the task of herding cats – the authors.
Sidhartha Chauhan, Solutions Architect, Amazon Web Services
Sid works with enterprise customers to design highly-scalable cloud architectures. He has a special inclination toward computer networking technologies and holds a master’s degree in computer networking from North Carolina State University, along with various leading industry certifications. Before joining Amazon, Sid worked with a large telecommunications organization designing large-scale Local Area Network (LAN)/Wide Area Network (WAN) networks. In his free time, Sid plays guitar for an award-winning New York City-based Indian band called “Rhythm Tolee.” He also enjoys photography and fitness.
James Devine, Solutions Architect, Amazon Web Services
Using AWS to help design solutions for nonprofit customers who are making a difference in the world is what keeps James motivated. He holds a bachelor’s degree in computer science from Allegheny College and a master’s degree in computer science from the Stevens Institute of Technology. Prior to joining AWS, James was a senior infrastructure engineer at MITRE Corporation, a nonprofit government contractor, where he used his skills in infrastructure to help various government organizations solve some of their toughest problems and realize the value of cloud computing.
Alan Halachmi, Senior Manager, Solutions Architecture, Amazon Web Services
Alan leads a team of specialist solutions architects supporting public sector customers. These specialists provide deep expertise in domains such as Geospatial Information Systems (GIS), High Performance Computing (HPC), and machine learning. Alan supports public sector organizations across the globe in the areas of networking and security. He holds a Certified Information Systems Security Professional (CISSP®) certification as well as a half-dozen AWS certifications. He participated in the development of the Solutions Architect – Associate, Solutions Architect – Professional, and Advanced Networking – Specialty exams. Additionally, Alan has authored multiple AWS whitepapers that focus on the intersection of networking and security. Prior to joining Amazon, he worked in various leadership positions focused on homeland protection and identity systems at both established and startup companies in the private sector. Alan holds a bachelor’s degree in network communication and information security from Duke University. In his free time, Alan enjoys family and tinkering with new toys.
Matt Lehwess, Principal Solutions Architect, Amazon Web Services
Matt has spent many years working as a network engineer in the network service provider space, building large-scale WAN networks in the Asia Pacific region and North America, as well as deploying data center technologies and their related network infrastructure. As a result, he is most at home working with Amazon VPC, AWS Direct Connect, and Amazon’s other infrastructure-focused products and services. Matt is also a public speaker for AWS, and he enjoys spending time helping customers solve large-scale problems using the AWS Cloud platform. Outside of work, Matt is an avid rock climber, both indoor and outdoor, and a keen surfer. When he misses the waves of his hometown back in Australia, a trip to Santa Cruz, California from his home in San Francisco soon alleviates any homesick feelings.
Nick Matthews, Senior Solutions Architect, Amazon Web Services
Nick Matthews leads the networking segment of AWS partner support organization. He helps AWS partners create new networking solutions and make traditional networking products work on AWS. He enjoys assisting AWS customers to architect their networks for scalability and security. Nick also speaks at industry events on networking and security best practices. Before joining Amazon, Nick spent 10 years at Cisco working on Voice over IP (VoIP), Software-Defined Networking (SDN), and routing (Cisco Certified Internetwork Expert [CCIE] #23560). He founded the Network Programmability Users Group (npug.net) to help users with SDN and programming network equipment. In his free time, he enjoys eating, drinking, and playing beach volleyball.
Steve Morad, Senior Manager, Solutions Builders, Amazon Web Services
Steve Morad holds a BA in computer science from Wheaton College (IL), and an MBA from Virginia Tech. He started his career by graduating from college and running off to join the circus. Since then, he gained systems administration, development, and architecture experience in the entertainment, financial services, and technology industries. Steve spent five years as a principal solutions architect supporting customers of all sizes and maturity levels, with a sub-specialty in AWS networking and security. He helped develop the Solutions Architect Associate, Developer Associate, SysOps Associate, Solutions Architect Professional, DevOps Professional, and Network Specialty exams. Steve is also an AWS public speaker and has developed network-related technical articles, whitepapers, and reference implementations. Steve is currently a senior manager of solutions builders at AWS. Outside of work, Steve enjoys helping coach soccer goalies and watching his kids perform in various musical ensembles.
Steve Seymour, Principal Solutions Architect, Amazon Web Services
Steve is a principal solutions architect and networking specialist within the AWS team covering Europe, the Middle East, and Africa. He uses his networking expertise to help customers of all sizes—from fast growing startups to the world’s largest enterprises—use AWS networking technologies to meet and exceed their business requirements. Steve has more than 15 years of experience working with enterprise infrastructure, data center implementations, and migration projects with complex IP communications requirements. He is passionate about applying this experience to a broad range of industries to support customer success on AWS. Steve enjoys the outdoors, regularly coaches canoeing, and goes geocaching whenever traveling.
EXERCISE 1.1 Review Network Service Documentation
EXERCISE 2.1 Create a Custom VPC
EXERCISE 2.2 Create Two Subnets for Your Custom VPC
EXERCISE 2.3 Connect Your Custom VPC to the Internet and Establish Routing
EXERCISE 2.4 Launch a Public Amazon EC2 Instance and Test the Connection to the Internet
EXERCISE 2.5 Launch a Private Amazon EC2 Instance and Test the Connection to the Internet
EXERCISE 3.1 Create a Gateway VPC Endpoint for Amazon S3
EXERCISE 3.2 Create a VPC Endpoint Service
EXERCISE 3.3 Create VPC endpoint
EXERCISE 3.4 Working with Transitive Routing
EXERCISE 3.5 Add IPv4 CIDR Ranges to a VPC
EXERCISE 4.1 Create a VPN Connection Using the AWS-Managed VPN Option
EXERCISE 4.2 Create a VPN Connection Using an Amazon EC2 Instance as the VPN Termination Endpoint
EXERCISE 4.3 Connect Two Remote Networks Using a Detached VGW and VPN Connections Leveraging AWS VPN CloudHub
EXERCISE 4.4 Create a VPN Overlay to Allow Connections Between Two VPCs via a Transit Point
EXERCISE 5.1 Create a Public VIF
EXERCISE 5.2 Create a Private VIF
EXERCISE 5.3 Add IPv6 to a Private VIF
EXERCISE 5.4 Create a Private Hosted VIF
EXERCISE 5.5 Create a LAG
EXERCISE 6.1 Register a New Domain Name with Amazon Route 53
EXERCISE 6.2 Configuring Elastic Load Balancing
EXERCISE 6.3 Create an Alias A Record with a Simple Routing Policy
EXERCISE 6.4 Create a Weighted Routing Policy
EXERCISE 6.5 Deploy a Set of HAProxy Instances in an ELB Sandwich Configuration
EXERCISE 7.1 Create an Amazon CloudFront Web Distribution
EXERCISE 7.2 Create an Amazon CloudFront RTMP Distribution
EXERCISE 7.3 Add an Alternate Domain Name to Your Amazon CloudFront Distribution
EXERCISE 7.4 Configure Amazon CloudFront to Require HTTPS Between Viewers and Amazon CloudFront
EXERCISE 7.5 Delete a CloudFront Distribution
EXERCISE 8.1 Create a Static Amazon S3 Website
EXERCISE 8.2 Set Up an Amazon CloudFront Distribution
EXERCISE 8.3 Use an Amazon CloudFront Origin Access Identity
EXERCISE 8.4 Configure Amazon CloudFront to Block Requests
EXERCISE 8.5 Deploy AWS WAF to Block a Specific IP Address
EXERCISE 9.1 Test Performance Across Availability Zones
EXERCISE 9.2 Inside a Placement Group
EXERCISE 9.3 Jumbo Frames
EXERCISE 9.4 Performance Between Regions
EXERCISE 9.5 Use Amazon CloudWatch Metrics
EXERCISE 10.1 Create a Template
EXERCISE 10.2 Update a Stack
EXERCISE 10.3 Parameterize Templates
EXERCISE 10.4 Rollbacks
EXERCISE 10.5 Version Control
EXERCISE 10.6 Pipeline Integration
EXERCISE 10.7 Monitor Network Health
EXERCISE 11.1 Set Up Amazon WorkSpaces
EXERCISE 11.2 Set Up Amazon RDS
EXERCISE 11.3 Create an AWS Elastic Beanstalk Application
EXERCISE 11.4 Create an Amazon EMR Cluster
EXERCISE 11.5 Create an Amazon Redshift Cluster
EXERCISE 12.1 Set Up a Hybrid Three-Tier Web Application Using Network Load Balancer
EXERCISE 12.2 Access Amazon S3 over AWS Direct Connect
EXERCISE 12.3 Set Up Encryption over AWS Direct Connect
EXERCISE 12.4 Create a Transit VPC Global Infrastructure
EXERCISE 13.1 Set Up Flow Logs
EXERCISE 13.2 Test Instance-to-Instance Connectivity with ping
EXERCISE 13.3 Inspect Amazon VPC Flow Logs
EXERCISE 13.4 Using traceroute
EXERCISE 13.5 Use AWS Trusted Advisor to Troubleshoot Service Limits
EXERCISE 14.1 Create a Billing Alarm
EXERCISE 14.2 Configure a Budget
EXERCISE 14.3 Enable Cost and Usage Report
EXERCISE 15.1 Use Amazon Inspector
EXERCISE 15.2 Use AWS Artifact
EXERCISE 15.3 Use AWS Trusted Advisor
EXERCISE 15.4 Enable AWS CloudTrail Encryption and Log File Validation
EXERCISE 15.5 Enable AWS Config
EXERCISE 16.1 Enterprise Shared Services
EXERCISE 16.2 Network Security
Cloud computing is fundamentally disrupting most aspects of the information technology business. Users no longer buy hardware, storage, or databases. Instead, they rent what they need in a consumption-based model—by the gigabyte per day or hour for storage, by the hour, minute, or even millisecond for compute. For example, as of this writing, users of Amazon Web Service’s Lambda event-driven functional compute service pay $0.0000002 per request, and $0.000000208 per 100 milliseconds of compute time for functions when using 128 MB of RAM, but only after first using up one million requests and 3,200,000 compute-seconds that are provided free of charge each month.
A critical part of this disruption is the radical changes happening in the networking market. For years, networking was the last bastion of the mainframe computing model: vertically integrated, incredibly complex, very slow to evolve, and with ridiculously high margins. Networking has been completely different from the server world, where competition has emerged at every level: the component level, the finished server level, the operating system level, and of course the application stack, which has literally thousands of competitors. Networking has been like a step backwards in time, where one company produced everything from the core ASIC, to the finish router, through to the control software and protocol stack.
What’s changing in the networking world is that there is now a variety of competitors emerging for all components in a networking device, and cloud computing providers have the scale to be able to justify investing in a very well-staffed network engineering team. There now is another way and, consequently, networking costs are falling fast while bandwidth is escalating and latency is improving.
Building networks using custom-designed routers running custom control software and protocol stacks is a substantial undertaking, and only the largest operators have the scale to justify the investment. Those that can support the research and development effort of going to a fully-customized hardware and software networking stack are rewarded with far lower costs and much higher availability. The biggest availability improvements come from focusing the complexity on exactly what is needed to support a single homogeneous but massive world-wide networking plant rather than having to support simultaneously a hodge-podge of diverse networks implemented by generations of networking engineers over decades at enterprises throughout the world.
How does the rest of the world take advantage of this first level of disruption at the physical network level? Primarily at the next level. The second level of change and disruption is loosely described as “software defined networking” or SDN. At this level, a cooperating set of components (networking devices, Hypervisors, network coprocessors on hosts, and so forth) conspire to create networking constructs—CIDR ranges and subnets, IP addresses, LANs, routes, and so on—dynamically and under software control as exposed through APIs. In this area, Amazon Virtual Private Cloud technology is one of the largest and most mature SDN technologies in the industry, but there are many other interesting and important developments and initiatives in this area.
The third level of change and disruption is a further development of the first two, and it is just now beginning to show its presence in AWS. Let’s step back. If you want to define networking behavior in software and you’re dealing with cloud-scale systems, then you’re going to need to dynamically re-write packets in parallel flows at massive scale. Take something as apparently simple as outbound traffic from a private network to the Internet that flows through a network address translation/port address translation (NAT/PAT) gateway. Historically, the NAT/PAT use case was limited to a single networking device because there is a shared state (the port/address mapping table) that all flows need to access constantly. The only way to support large numbers of high-speed connections is to scale up the device, and then availability becomes a challenge—if that single device goes down, all connectivity is lost.
Suppose that we build a distributed state machine—hundreds of cooperating hosts that have a shared state table for NAT/PAT, but one that can operate on the multiple network flows in parallel. That’s exactly what AWS has done with its NAT Gateway service, as I discussed on my blog at the time. And, more recently, AWS launched the Network Load Balancing service, which is in many ways the mirror image of the NAT Gateway service. In those services and many more under development, we take advantage of the scale of the AWS cloud to build highly-available, massively-parallel networking engines on Amazon Elastic Compute Cloud (Amazon EC2) itself with customized hardware assist. These engines appear to both sides of the connection as a single IP address—like a giant switch or router. In between the “inner” and “outer” single IP addresses could be dozens or hundreds of powerful hosts pumping packets at their maximum per-host rate, potentially rewriting those packets at line rate, all the while participating in a distributed state machine that has the high availability and massive scalability of parallel and distributed cloud architecture.
Using these and a range of other new technologies, AWS is able to provide a set of powerful networking and security features, dynamically defined by software, supported by hardware assist and delivered very inexpensively. The beneficiaries are every kind of IT consumer, all the way from national governments and large enterprises, to start-ups, non-profits, and small businesses.
I’ve mostly been talking about the guts of our cloud networking system: How it’s built and what’s inside. But the most important thing is not how (which can and will change dynamically under the hood as we constantly iterate and advance our technology) but the what; that is, what you as an IT professional can do with the features that these advanced technologies expose.
In this book, AWS experts will take you through that what. In the following chapters, you’ll begin with the basics and then advance through the most sophisticated networking features that the AWS cloud has to offer. When you complete this study guide, you will have the fundamental knowledge required to succeed on the AWS Certified Advanced Networking – Specialty certification.
The best thing about networking in the cloud is that networking is no longer a static, expensive, and labor-intensive domain managed only by experts and evolved only at great expense in labor and hardware. Networking is now an integral part of developing, deploying, and managing powerful and highly-secure software using modern secure dev/ops approaches. Networking is now open to builders. Now go build!
James Hamilton
Vice President and Distinguished Engineer
Amazon Web Services
There’s a lot to know if you want to provide highly available, scalable, performant, and flexible architectures. This study guide is designed to help you develop appropriate networking solutions using AWS and to provide you with the knowledge required to achieve the AWS Certified Advanced Networking – Specialty certification.
This study guide covers relevant topics on the exam, with additional context to help further your understanding. By referencing the exam blueprint, this study guide provides a comprehensive view of the knowledge required to pass the exam. While Chapter 2, Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals, provides a review of key networking fundamentals for Amazon Virtual Private Cloud (Amazon VPC), this study guide does not include many of the concepts covered by the prerequisite exams. It is also expected that you have hands-on experience architecting and implementing network solutions.
This study guide begins with an introduction to AWS networking, which is then followed by chapters on the topics covered in the exam. Chapters include specific information on services or topics, followed by an Exam Essentials section that contains key information needed for your exam preparation.
Each chapter includes an Exercise section with activities designed to help reinforce the topic of the chapter with hands-on learning. Each chapter then contains Review Questions to assess your knowledge. Note that the actual exam questions will require you to combine multiple concepts to determine the correct answer. The Review Questions in this study guide focus specifically on the topics and concepts of a given chapter.
The guide also contains a self-assessment exam with 25 questions. Two practice exams with 50 questions each are also included to help you gauge your readiness to take the exam, as well as flashcards to help you learn and retain key facts needed to prepare for the exam.
This book covers topics that you need to know to prepare for the Amazon Web Services (AWS) Certified Advanced Networking – Specialty exam:
Chapter 1: Introduction to Advanced Networking This chapter provides an overview of the AWS Global Infrastructure, Amazon Virtual Private Cloud, and other AWS networking services. The chapter provides a baseline understanding of concepts like AWS Regions and Availability Zones. It also characterizes where various network capabilities reside within the overall AWS infrastructure.
Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals This chapter reviews the basics of Amazon VPC and the components within it. The content covers the foundational knowledge required for operating both IPv4 and IPv6 in an Amazon VPC. Subsequent chapters build on the information provided in this chapter.
Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC) In this chapter, you will learn advanced Amazon VPC concepts such as AWS PrivateLink, VPC endpoints, and transitive routing. There is a review of a few of the ways to connect services privately in different VPCs. In addition, there are some advanced IP address features, such as reclaiming elastic IP addresses.
Chapter 4: Virtual Private Networks This chapter is intended to provide you with an understanding of how to design Virtual Private Networks (VPNs) on AWS. We go into detail on the various options available for VPN termination in AWS. We evaluate the options in terms of ease of VPN creation and management, high availability, scalability, and additional features. We sum up the chapter by talking about various design patters around VPN use in AWS including transitive routing.
Chapter 5: AWS Direct Connect In this chapter, we will expand on the elements involved in deploying AWS Direct Connect, beginning with Physical Connectivity at Direct Connect Locations, the provisioning process, and finally covering the logical configuration of Virtual Interfaces. Both hosted connections and dedicated connections are covered along with Public and Private Virtual Interfaces including integration with Direct Connect Gateway.
Chapter 6: Domain Name System and Load Balancing This chapter begins with an overview of Domain Name System and Amazon EC2 DNS. It then describes Amazon Route 53, including domain registration and routing policies. This chapter then dives into Elastic Load Balancing and each of the three types of Load Balancers: CLB, ALB, and NLB.
Chapter 7: Amazon CloudFront This chapter describes the Amazon CloudFront service, its components, and how Amazon CloudFront distributions can be uses to serve static, dynamic, and streaming objects.
Chapter 8: Network Security This chapter focuses on the network security capabilities provided by or enabled through AWS services. You will learn about the spectrum of network security options available from the edge of the network through to individual Amazon EC2 instances. This chapter also discussed new AWS offerings that leverage Artificial Intelligence and Machine Learning to protect information regarding your network infrastructure.
Chapter 9: Network Performance This chapter discusses network performance. There is a brief review of the components of network performance, how they are implemented in AWS, and how to configure your applications for better network performance. The chapter also reviews some example use cases where network performance is important for applications.
Chapter 10: Automation This chapter describes how to automate the deployment and configuration of networks on AWS. You’ll start by learning how to maintain the network infrastructure as code by creating AWS CloudFormation templates and stacks, and how to use AWS CodePipeline to enable the continuous deployment of this infrastructure at scale. The chapter finishes by covering Amazon CloudWatch to monitor the health and performance of your network and how to create alarms that alert you when an issue arises.
Chapter 11: Service Requirements This chapter discusses AWS services that can be launched within a VPC. It maps the service requirements of each service to the corresponding network requirements. Knowledge of network requirements for each service will help you design and assess appropriate network architectures on the exam.
Chapter 12: Hybrid Architectures This chapter explains how to design hybrid architectures using the technologies and AWS Cloud services. We go into detail on how AWS Direct Connect and Virtual Private Networks (VPNs) can be leveraged to enable common hybrid IT application architectures. We also dive deep into the transit VPC architecture, discussing the various design elements of the architecture and the various use cases where it can be leveraged.
Chapter 13: Network Troubleshooting This chapter begins with a discussion of both traditional and AWS-provided network troubleshooting tools. It then addresses common troubleshooting scenarios and the steps to take in each scenario.
Chapter 14: Billing In this chapter, we will cover the elements involved in AWS billing as it relates to Networking. The content considers factors such as data processing fees, data transfer fees, and hourly service charges in relation to Amazon EC2, VPN, AWS Direct Connect, and Elastic Load Balancing. The chapter also discusses data transfer specifically between Availability Zones and AWS Regions.
Chapter 15: Risk and Compliance In this chapter, you will learn about a range of risk and compliance considerations when leveraging the cloud. The chapter begins with a review of threat modeling, access control, and encryption. The chapter then discusses network monitoring and malicious activity detection. Finally, you will learn about executing penetration and vulnerability assessment on your AWS workloads.
Chapter 16: Scenarios and Reference Architectures This chapter covers scenarios and reference architectures for combining different AWS network components to meet common customer requirements. These scenarios include implementing networks that span multiple regions and locations, connecting to enterprise shared services, and creating hybrid networks.
The authors have worked hard to provide you with some really great tools to help you with your certification process. The interactive online learning environment that accompanies the AWS Certified Advanced Networking – Specialty Official Study Guide provides a test bank with study tools to help you prepare for the certification exam. This will help you increase your chances of passing it the first time! The test bank includes the following:
Sample Tests All of the questions in this book, including the 25-question Assessment Test at the end of this introductory section and the Review Questions are provided at the end of each chapter. In addition, there are two Practice Exams online with 50 questions each. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.
Flashcards The online test banks include 100 Flashcards specifically written to quiz your knowledge of AWS operations. After completing all of the exercises, Review Questions, Practice Exams, and Flashcards, you should be more than ready to take the exam. The flashcard questions are provided in a digital flashcard format (a question followed by a single correct answer). You can use the Flashcards to reinforce your learning and provide last-minute test prep before the exam.
Glossary A Glossary of key terms from this book is available as a fully-searchable PDF.
The AWS Certified Advanced Networking – Specialty Exam is intended for people who have experience designing and implementing scalable network infrastructures. Exam concepts that you should understand for this exam include the following:
In general, certification candidates should understand the following:
The exam covers six different domains, with each domain broken down into objectives and subobjectives.
The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain’s objectives and subobjectives are covered.
Domain | Percentage of Exam | Chapter |
Domain 1.0: Design and implement hybrid IT network architectures at scale | 23% | 1, 3, 4, 5 12, 16 |
4, 12 | ||
1.2 Given a scenario, derive an appropriate hybrid IT architecture connectivity solution | 3, 4, 12, 16 | |
1.3 Explain the process to extend connectivity using AWS Direct Connect | 5 | |
1.4 Evaluate design alternatives that leverage AWS Direct Connect | 1, 4, 5, 12 | |
1.5 Define routing policies for hybrid IT architectures | 3, 4, 5, 12 | |
Domain 2.0: Design and implement AWS networks | 29% | 1, 2, 3, 6, 7, 8, 9, 10, 13, 14, 16 |
2.1 Apply AWS networking concepts | 1, 2, 3, 10, 13 | |
2.2 Given customer requirements, define network architectures on AWS | 8, 10, 16 | |
2.3 Propose optimized designs based on the evaluation of an existing implementation | 10, 16 | |
2.4 Determine network requirements for a specialized workload | 6, 7, 9 | |
2.5 Derive an appropriate architecture based on customer and application requirements | 3, 6, 7, 8, 9, 10 | |
2.6 Evaluate and optimize cost allocations given a network design and application data flow | 14 | |
Domain 3.0: Automate AWS tasks | 8% | 8, 10 |
3.1 Evaluate automation alternatives within AWS for network deployments | 10 | |
3.2 Evaluate tool-based alternatives within AWS for network operations and management | 8, 10 | |
Domain 4.0: Configure network integration with application services | 15% | 1, 2, 6, 7, 11, 12 |
4.1 Leverage the capabilities of Amazon Route 53 | 1, 6 | |
4.2 Evaluate DNS solutions in a hybrid IT architecture | 6, 12 | |
4.3 Determine the appropriate configuration of DHCP within AWS | 2 | |
4.4 Given a scenario, determine an appropriate load balancing strategy within the AWS ecosystem | 1, 6 | |
4.5 Determine a content distribution strategy to optimize for performance | 1, 6, 7 | |
4.6 Reconcile AWS service requirements with network requirements | 11 | |
Domain 5.0: Design and implement for security and compliance | 12% | 1, 3, 4, 5, 8, 12, 15 |
5.1 Evaluate design requirements for alignment with security and compliance objectives | 3, 8, 15 | |
5.2 Evaluate monitoring strategies in support of security and compliance objectives | 8, 15 | |
5.3 Evaluate AWS security features for managing network traffic | 1, 8, 15 | |
5.4 Utilize encryption technologies to secure network communications | 4, 5, 8, 12, 15 | |
Domain 6.0: Manage, optimize, and troubleshoot the network | 13% | 13 |
6.1 Given a scenario, troubleshoot and resolve a network issue | 13 |