Introduction
There’s a lot to know if you want to provide highly available, scalable, performant, and flexible architectures. This study guide is designed to help you develop appropriate networking solutions using AWS and to provide you with the knowledge required to achieve the AWS Certified Advanced Networking – Specialty certification.
This study guide covers relevant topics on the exam, with additional context to help further your understanding. By referencing the exam blueprint, this study guide provides a comprehensive view of the knowledge required to pass the exam. While Chapter 2, Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals, provides a review of key networking fundamentals for Amazon Virtual Private Cloud (Amazon VPC), this study guide does not include many of the concepts covered by the prerequisite exams. It is also expected that you have hands-on experience architecting and implementing network solutions.
This study guide begins with an introduction to AWS networking, which is then followed by chapters on the topics covered in the exam. Chapters include specific information on services or topics, followed by an Exam Essentials section that contains key information needed for your exam preparation.
Each chapter includes an Exercise section with activities designed to help reinforce the topic of the chapter with hands-on learning. Each chapter then contains Review Questions to assess your knowledge. Note that the actual exam questions will require you to combine multiple concepts to determine the correct answer. The Review Questions in this study guide focus specifically on the topics and concepts of a given chapter.
The guide also contains a self-assessment exam with 25 questions. Two practice exams with 50 questions each are also included to help you gauge your readiness to take the exam, as well as flashcards to help you learn and retain key facts needed to prepare for the exam.
What Does this Book Cover?
This book covers topics that you need to know to prepare for the Amazon Web Services (AWS) Certified Advanced Networking – Specialty exam:
Chapter 1: Introduction to Advanced Networking This chapter provides an overview of the AWS Global Infrastructure, Amazon Virtual Private Cloud, and other AWS networking services. The chapter provides a baseline understanding of concepts like AWS Regions and Availability Zones. It also characterizes where various network capabilities reside within the overall AWS infrastructure.
Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals This chapter reviews the basics of Amazon VPC and the components within it. The content covers the foundational knowledge required for operating both IPv4 and IPv6 in an Amazon VPC. Subsequent chapters build on the information provided in this chapter.
Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC) In this chapter, you will learn advanced Amazon VPC concepts such as AWS PrivateLink, VPC endpoints, and transitive routing. There is a review of a few of the ways to connect services privately in different VPCs. In addition, there are some advanced IP address features, such as reclaiming elastic IP addresses.
Chapter 4: Virtual Private Networks This chapter is intended to provide you with an understanding of how to design Virtual Private Networks (VPNs) on AWS. We go into detail on the various options available for VPN termination in AWS. We evaluate the options in terms of ease of VPN creation and management, high availability, scalability, and additional features. We sum up the chapter by talking about various design patters around VPN use in AWS including transitive routing.
Chapter 5: AWS Direct Connect In this chapter, we will expand on the elements involved in deploying AWS Direct Connect, beginning with Physical Connectivity at Direct Connect Locations, the provisioning process, and finally covering the logical configuration of Virtual Interfaces. Both hosted connections and dedicated connections are covered along with Public and Private Virtual Interfaces including integration with Direct Connect Gateway.
Chapter 6: Domain Name System and Load Balancing This chapter begins with an overview of Domain Name System and Amazon EC2 DNS. It then describes Amazon Route 53, including domain registration and routing policies. This chapter then dives into Elastic Load Balancing and each of the three types of Load Balancers: CLB, ALB, and NLB.
Chapter 7: Amazon CloudFront This chapter describes the Amazon CloudFront service, its components, and how Amazon CloudFront distributions can be uses to serve static, dynamic, and streaming objects.
Chapter 8: Network Security This chapter focuses on the network security capabilities provided by or enabled through AWS services. You will learn about the spectrum of network security options available from the edge of the network through to individual Amazon EC2 instances. This chapter also discussed new AWS offerings that leverage Artificial Intelligence and Machine Learning to protect information regarding your network infrastructure.
Chapter 9: Network Performance This chapter discusses network performance. There is a brief review of the components of network performance, how they are implemented in AWS, and how to configure your applications for better network performance. The chapter also reviews some example use cases where network performance is important for applications.
Chapter 10: Automation This chapter describes how to automate the deployment and configuration of networks on AWS. You’ll start by learning how to maintain the network infrastructure as code by creating AWS CloudFormation templates and stacks, and how to use AWS CodePipeline to enable the continuous deployment of this infrastructure at scale. The chapter finishes by covering Amazon CloudWatch to monitor the health and performance of your network and how to create alarms that alert you when an issue arises.
Chapter 11: Service Requirements This chapter discusses AWS services that can be launched within a VPC. It maps the service requirements of each service to the corresponding network requirements. Knowledge of network requirements for each service will help you design and assess appropriate network architectures on the exam.
Chapter 12: Hybrid Architectures This chapter explains how to design hybrid architectures using the technologies and AWS Cloud services. We go into detail on how AWS Direct Connect and Virtual Private Networks (VPNs) can be leveraged to enable common hybrid IT application architectures. We also dive deep into the transit VPC architecture, discussing the various design elements of the architecture and the various use cases where it can be leveraged.
Chapter 13: Network Troubleshooting This chapter begins with a discussion of both traditional and AWS-provided network troubleshooting tools. It then addresses common troubleshooting scenarios and the steps to take in each scenario.
Chapter 14: Billing In this chapter, we will cover the elements involved in AWS billing as it relates to Networking. The content considers factors such as data processing fees, data transfer fees, and hourly service charges in relation to Amazon EC2, VPN, AWS Direct Connect, and Elastic Load Balancing. The chapter also discusses data transfer specifically between Availability Zones and AWS Regions.
Chapter 15: Risk and Compliance In this chapter, you will learn about a range of risk and compliance considerations when leveraging the cloud. The chapter begins with a review of threat modeling, access control, and encryption. The chapter then discusses network monitoring and malicious activity detection. Finally, you will learn about executing penetration and vulnerability assessment on your AWS workloads.
Chapter 16: Scenarios and Reference Architectures This chapter covers scenarios and reference architectures for combining different AWS network components to meet common customer requirements. These scenarios include implementing networks that span multiple regions and locations, connecting to enterprise shared services, and creating hybrid networks.
Interactive Online Learning Environment and Test Bank
The authors have worked hard to provide you with some really great tools to help you with your certification process. The interactive online learning environment that accompanies the AWS Certified Advanced Networking – Specialty Official Study Guide provides a test bank with study tools to help you prepare for the certification exam. This will help you increase your chances of passing it the first time! The test bank includes the following:
Sample Tests All of the questions in this book, including the 25-question Assessment Test at the end of this introductory section and the Review Questions are provided at the end of each chapter. In addition, there are two Practice Exams online with 50 questions each. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.
Flashcards The online test banks include 100 Flashcards specifically written to quiz your knowledge of AWS operations. After completing all of the exercises, Review Questions, Practice Exams, and Flashcards, you should be more than ready to take the exam. The flashcard questions are provided in a digital flashcard format (a question followed by a single correct answer). You can use the Flashcards to reinforce your learning and provide last-minute test prep before the exam.
Glossary A Glossary of key terms from this book is available as a fully-searchable PDF.
Exam Objectives
The AWS Certified Advanced Networking – Specialty Exam is intended for people who have experience designing and implementing scalable network infrastructures. Exam concepts that you should understand for this exam include the following:
- Designing, developing, and deploying cloud-based solutions using AWS
- Implementing core AWS services according to basic architectural best practices
- Designing and maintaining network architecture for all AWS services
- Leveraging tools to automate AWS networking tasks
In general, certification candidates should understand the following:
- AWS networking nuances and how they relate to the integration of AWS services
- Advanced networking architectures and interconnectivity options (for example, IP VPN, and MPLS/VPLS)
- Networking technologies within the OSI model and how they affect implementation decisions
- Development of automation scripts and tools
- Design, implementation, and optimization of the following:
- Routing architectures
- Multi-region solutions for a global enterprise
- Highly-available connectivity solutions
- CIDR and subnetting (IPv4 and IPv6)
- IPv6 transition challenges
- Generic solutions for network security features, including WAF, IDS, IPS, DDoS protection, and Economic Denial of Service/Sustainability (EDoS)
- Professional experience using AWS technology
- Experience implementing AWS security best practices
- Knowledge of AWS storage options and their underlying consistency models
The exam covers six different domains, with each domain broken down into objectives and subobjectives.
Objective Map
The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain’s objectives and subobjectives are covered.
| Domain | Percentage of Exam | Chapter |
| Domain 1.0: Design and implement hybrid IT network architectures at scale | 23% | 1, 3, 4, 5 12, 16 |
| 1.1 Implement connectivity for hybrid IT | 4, 12 | |
| 1.2 Given a scenario, derive an appropriate hybrid IT architecture connectivity solution | 3, 4, 12, 16 | |
| 1.3 Explain the process to extend connectivity using AWS Direct Connect | 5 | |
| 1.4 Evaluate design alternatives that leverage AWS Direct Connect | 1, 4, 5, 12 | |
| 1.5 Define routing policies for hybrid IT architectures | 3, 4, 5, 12 | |
| Domain 2.0: Design and implement AWS networks | 29% | 1, 2, 3, 6, 7, 8, 9, 10, 13, 14, 16 |
| 2.1 Apply AWS networking concepts | 1, 2, 3, 10, 13 | |
| 2.2 Given customer requirements, define network architectures on AWS | 8, 10, 16 | |
| 2.3 Propose optimized designs based on the evaluation of an existing implementation | 10, 16 | |
| 2.4 Determine network requirements for a specialized workload | 6, 7, 9 | |
| 2.5 Derive an appropriate architecture based on customer and application requirements | 3, 6, 7, 8, 9, 10 | |
| 2.6 Evaluate and optimize cost allocations given a network design and application data flow | 14 | |
| Domain 3.0: Automate AWS tasks | 8% | 8, 10 |
| 3.1 Evaluate automation alternatives within AWS for network deployments | 10 | |
| 3.2 Evaluate tool-based alternatives within AWS for network operations and management | 8, 10 | |
| Domain 4.0: Configure network integration with application services | 15% | 1, 2, 6, 7, 11, 12 |
| 4.1 Leverage the capabilities of Amazon Route 53 | 1, 6 | |
| 4.2 Evaluate DNS solutions in a hybrid IT architecture | 6, 12 | |
| 4.3 Determine the appropriate configuration of DHCP within AWS | 2 | |
| 4.4 Given a scenario, determine an appropriate load balancing strategy within the AWS ecosystem | 1, 6 | |
| 4.5 Determine a content distribution strategy to optimize for performance | 1, 6, 7 | |
| 4.6 Reconcile AWS service requirements with network requirements | 11 | |
| Domain 5.0: Design and implement for security and compliance | 12% | 1, 3, 4, 5, 8, 12, 15 |
| 5.1 Evaluate design requirements for alignment with security and compliance objectives | 3, 8, 15 | |
| 5.2 Evaluate monitoring strategies in support of security and compliance objectives | 8, 15 | |
| 5.3 Evaluate AWS security features for managing network traffic | 1, 8, 15 | |
| 5.4 Utilize encryption technologies to secure network communications | 4, 5, 8, 12, 15 | |
| Domain 6.0: Manage, optimize, and troubleshoot the network | 13% | 13 |
| 6.1 Given a scenario, troubleshoot and resolve a network issue | 13 |