{"id":11430,"date":"2021-01-04T11:00:35","date_gmt":"2021-01-04T05:30:35","guid":{"rendered":"https:\/\/www.testpreptraining.com\/blog\/?p=11430"},"modified":"2023-10-06T12:17:08","modified_gmt":"2023-10-06T06:47:08","slug":"aws-certified-advanced-networking-specialty-cheat-sheet","status":"publish","type":"post","link":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/","title":{"rendered":"AWS Certified Advanced Networking Specialty Cheat Sheet"},"content":{"rendered":"\n<p>The AWS Certified Advanced Networking Specialty certification is widely recognized and confirms the proficiency of network architects and engineers in creating and deploying advanced networking solutions within the Amazon Web Services (AWS) environment. The exam covers a wide range of networking topics such as routing, security, connectivity, and performance optimization. Passing this certification exam requires a thorough understanding of AWS networking concepts, services, and best practices.<\/p>\n\n\n\n<p>Getting ready for the AWS Certified Advanced Networking Specialty exam requires a substantial commitment of time and dedication to studying and hands-on practice with different networking scenarios on AWS. Despite the variety of online study materials, it can be overwhelming to get through all the available content and resources. This is where a cheat sheet can be incredibly useful.<\/p>\n\n\n\n<p>In this blog post, we&#8217;ll provide a comprehensive AWS Certified Advanced Networking Specialty cheat sheet that covers the most important networking concepts and services that you need to know to pass the exam. We&#8217;ll also share tips and tricks to help you prepare effectively for the exam and boost your chances of success. Whether you&#8217;re a seasoned network engineer or just getting started with AWS networking, this cheat sheet will help you streamline your preparation and focus on the most critical topics. So let&#8217;s get started!<\/p>\n\n\n\n<p><strong>AWS Certified Advanced Networking Specialty: Overview<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/aws-certified-advanced-networking-specialty-questions\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Certified Advanced Networking Specialty<\/a> exam is designed for candidates who have knowledge and skills to perform complex networking tasks. This exam validates candidates abilities in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To begin with, Designing, developing, and deploying cloud-based solutions using AWS<\/li>\n\n\n\n<li>Then, Implementing AWS core services with basic architecture best practices<\/li>\n\n\n\n<li>Also, Maintaining and designing network architecture for all AWS services<\/li>\n\n\n\n<li>Finally, Leveraging tools to automate AWS networking tasks<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Glossary for AWS Certified Advanced Networking Terminology<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>AWS Direct Connect: A dedicated network connection service that allows customers to connect their data centers to AWS.<\/li>\n\n\n\n<li>AWS Global Accelerator: A service that enhances the availability and performance of applications through the utilization of static IP addresses and a worldwide network.<\/li>\n\n\n\n<li>AWS Transit Gateway: A service that simplifies network connectivity between VPCs and on-premises networks.<\/li>\n\n\n\n<li>Elastic Load Balancing (ELB): A service that distributes incoming traffic across multiple instances or services to improve performance and availability.<\/li>\n\n\n\n<li>Amazon Route 53: A scalable domain name system (DNS) web service that translates domain names into IP addresses.<\/li>\n\n\n\n<li>Amazon VPC: A virtual private cloud (VPC) that allows customers to launch AWS resources into a virtual network that they define.<\/li>\n\n\n\n<li>Network Address Translation (NAT) Gateway: A service that enables instances in a private subnet to connect to the internet or other AWS services.<\/li>\n\n\n\n<li>Virtual Private Network (VPN): A secure and encrypted connection between two networks, typically used to connect a customer\u2019s on-premises data center to AWS.<\/li>\n\n\n\n<li>AWS PrivateLink: A service that enables customers to access AWS services over a private connection, rather than over the internet.<\/li>\n\n\n\n<li>AWS Site-to-Site VPN: A service that allows customers to create secure connections between their on-premises data center and their VPCs in AWS.<\/li>\n\n\n\n<li>AWS VPN CloudHub: A service that allows customers to create multiple site-to-site VPN connections to a single VPC.<\/li>\n\n\n\n<li>Elastic Network Interface (ENI): A virtual network interface that customers can attach to an instance in a VPC to enable connectivity.<\/li>\n\n\n\n<li>Border Gateway Protocol (BGP): A routing protocol that enables the exchange of routing information between different networks.<\/li>\n\n\n\n<li>Amazon CloudFront: A content delivery network (CDN) service designed to accelerate the delivery of both static and dynamic content to users.<\/li>\n\n\n\n<li>AWS Global Transit Network: A service that enables customers to create a global network backbone that connects their VPCs, data centers, and remote offices.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Exam preparation resources for the AWS Certified Advanced Networking Specialty exam<\/strong><\/h4>\n\n\n\n<p>Here are some official exam preparation resources with website links for the AWS Certified Advanced Networking Specialty exam:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>AWS Certified Advanced Networking Specialty Exam Guide: This official exam guide covers all the topics and skills you need to know to pass the AWS Certified Advanced Networking Specialty exam. You can find it on the AWS website at <a href=\"https:\/\/aws.amazon.com\/certification\/certified-advanced-networking-specialty\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aws.amazon.com\/certification\/certified-advanced-networking-specialty\/<\/a>.<\/li>\n\n\n\n<li>AWS Certified Advanced Networking Specialty Sample Questions: These sample questions provide you with an idea of what to expect on the exam and help you assess your readiness for the exam. You can find them on the AWS website at <a href=\"https:\/\/aws.amazon.com\/certification\/certified-advanced-networking-specialty\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aws.amazon.com\/certification\/certified-advanced-networking-specialty\/<\/a>.<\/li>\n\n\n\n<li>AWS Certified Advanced Networking Specialty Practice Exam: This practice exam helps you prepare for the real exam by simulating the actual exam environment. You can purchase it on the AWS website at <a href=\"https:\/\/www.aws.training\/certification?src=advanced-networking\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.aws.training\/certification?src=advanced-networking<\/a>.<\/li>\n\n\n\n<li>AWS Certified Advanced Networking Specialty Training: This training course provides you with in-depth knowledge and hands-on experience with AWS networking services. You can find it on the AWS website at <a href=\"https:\/\/aws.amazon.com\/training\/course-descriptions\/advanced-networking-specialty\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aws.amazon.com\/training\/course-descriptions\/advanced-networking-specialty\/<\/a>.<\/li>\n\n\n\n<li>AWS Certified Advanced Networking Specialty Exam Readiness Workshop: This workshop helps you prepare for the exam by providing you with an overview of the exam and tips for passing it. You can find it on the AWS website at <a href=\"https:\/\/aws.amazon.com\/events\/aws-certified-advanced-networking-specialty-exam-readiness-workshop\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aws.amazon.com\/events\/aws-certified-advanced-networking-specialty-exam-readiness-workshop\/<\/a>.<\/li>\n<\/ol>\n\n\n\n<p>Note that the above resources are official AWS resources, and there may be other third-party resources available online that can also help you prepare for the exam.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Prerequisite for the exam<\/strong><\/h3>\n\n\n\n<p>Before you start preparing for exam it is important to check the recommended knowledge and experience to take the exam. The AWS Certified Advanced Networking \u2013 Specialty prerequisites are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firstly, candidates are recommended to hold an AWS Certified Cloud Practitioner or a current Associate-level certification: AWS Certified Solutions Architect \u2013 Associate, AWS Certified Developer \u2013 Associate or AWS Certified SysOps Administrator \u2013 Associate.<\/li>\n\n\n\n<li>They must have advanced knowledge of AWS networking concepts and technologies.<\/li>\n\n\n\n<li>Furthermore, candidates should possess at least five years of practical experience in designing and executing network solutions.<\/li>\n\n\n\n<li>Further, they should know about advanced networking architectures and interconnectivity options (e.g., IP VPN, MPLS\/VPLS) including networking technologies within the OSI model, and how they affect implementation decisions.<\/li>\n\n\n\n<li>Moreover, it is necessary to have knowledge of CIDR and subnetting (IPv4 and IPv6) with an understanding of IPv6 transition challenges.<\/li>\n\n\n\n<li>Next, candidates must have a solid understanding of standard network security solutions, encompassing features like WAF, IDS, IPS, DDoS protection, and Economic Denial of Service\/Sustainability (EDoS).<\/li>\n\n\n\n<li>Lastly, they should be proficient in creating automation scripts and tools, including routing architectures (such as static and dynamic routing), multi-region strategies for global enterprises, and highly resilient connectivity solutions (e.g., DX, VPN).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cheat Sheet: AWS Certified Advanced Networking Specialty&nbsp;<\/strong><\/h2>\n\n\n\n<p>The&nbsp;<strong>AWS Certified Advanced Networking Specialty<\/strong> Cheat Sheet is your ideal instrument to have an overview of the exam before venturing. It will keep you loaded with the right resources and bridge the gap for your dream job. Furthermore, we will be adding a few quick links to ease your preparation process. We suggest you to a quick glance at this cheat sheet before you appear for the exam.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"750\" height=\"400\" src=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Copy-of-Collab-Space-Central-1-1.png\" alt=\"AWS Certified Advanced Networking Specialty cheat sheet \" class=\"wp-image-11440\" srcset=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Copy-of-Collab-Space-Central-1-1.png 750w, https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Copy-of-Collab-Space-Central-1-1-300x160.png 300w\" sizes=\"(max-width: 750px) 100vw, 750px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\"><strong>Review the Exam Objectives<\/strong><\/h3>\n\n\n\n<p>The first step is to always have a denser look at each and every domain of the exam. Therefore, you must review the exam objectives and familiarise with the exam course. A thorough analysis will help you to gain the required command to earn your desired certification. This exam covers the following domains:<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Updated AWS Certified Advanced Networking &#8211; Specialty (ANS-C01) Course outline<\/strong><\/h5>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Domain 1: Network Design (30%)<\/strong><\/h5>\n\n\n\n<p><strong>Task Statement 1.1: Design a solution that incorporates edge network services to optimize user performance and traffic management for global architectures.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Design patterns for the usage of content distribution networks (for example, Amazon CloudFront) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/mediapackage\/latest\/ug\/cdns.html\" target=\"_blank\" rel=\"noreferrer noopener\">Working with Content Delivery Networks (CDNs)<\/a>)<\/li>\n\n\n\n<li>Design patterns for global traffic management (for example, AWS Global Accelerator) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/global-accelerator\/latest\/dg\/getting-started.html\" target=\"_blank\" rel=\"noreferrer noopener\">Getting started with AWS Global Accelerator<\/a>, <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/traffic-management-with-aws-global-accelerator\/\" target=\"_blank\" rel=\"noreferrer noopener\">Traffic management with AWS Global Accelerator<\/a>)<\/li>\n\n\n\n<li>Integration patterns for content distribution networks and global traffic management with other services (for example, Elastic Load Balancing, Amazon API Gateway) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-overview\/networking-services.html\" target=\"_blank\" rel=\"noreferrer noopener\">Networking and Content Delivery<\/a>, <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/introduction-to-network-transformation-on-aws-part-2\/\" target=\"_blank\" rel=\"noreferrer noopener\">Introduction to Network Transformation on AWS<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Evaluating requirements of global inbound and outbound traffic from the internet to design an appropriate content distribution solution <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/security-reference-architecture\/network.html\" target=\"_blank\" rel=\"noreferrer noopener\">Infrastructure OU &#8211; Network account<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/routing-to-cloudfront-distribution.html\" target=\"_blank\" rel=\"noreferrer noopener\">Routing traffic to an Amazon CloudFront distribution<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 1.2: Design DNS solutions that meet public, private, and hybrid requirements.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DNS protocol (for example, DNS records, timers, DNSSEC, DNS delegation, zones) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/domain-configure-dnssec.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configuring DNSSEC for a domain<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html\" target=\"_blank\" rel=\"noreferrer noopener\">Supported DNS record types<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/route-53-concepts.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Route&nbsp;53 concepts<\/a>)<\/li>\n\n\n\n<li>DNS logging and monitoring <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/logging-monitoring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging and monitoring in Amazon Route&nbsp;53<\/a>)<\/li>\n\n\n\n<li>Amazon Route 53 features (for example, alias records, traffic policies, resolvers, health checks) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/dns-failover.html\" target=\"_blank\" rel=\"noreferrer noopener\">Creating Amazon Route&nbsp;53 health checks and configuring DNS failover<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/health-checks-how-route-53-chooses-records.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Route&nbsp;53 chooses records when health checking<\/a>, <a href=\"https:\/\/aws.amazon.com\/route53\/faqs\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Route 53 FAQs<\/a>)<\/li>\n\n\n\n<li>Integration of Route 53 with other AWS networking services (for example, Amazon VPC) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/integration-with-other-services.html\" target=\"_blank\" rel=\"noreferrer noopener\">Integration with other services<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resolver.html\" target=\"_blank\" rel=\"noreferrer noopener\">Resolving DNS queries between VPCs and your network<\/a>)<\/li>\n\n\n\n<li>Integration of Route 53 with hybrid, multi-account, and multi-Region options <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/architecture\/using-route-53-private-hosted-zones-for-cross-account-multi-region-architectures\/\" target=\"_blank\" rel=\"noreferrer noopener\">Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures<\/a>, <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simplify DNS management in a multi-account environment<\/a>)<\/li>\n\n\n\n<li>Domain Registration <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/domain-register.html\" target=\"_blank\" rel=\"noreferrer noopener\">Registering a new domain<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using Route 53 public hosted zones <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/CreatingHostedZone.html\" target=\"_blank\" rel=\"noreferrer noopener\">Creating a public hosted zone<\/a>)<\/li>\n\n\n\n<li>Using Route 53 private hosted zones <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/hosted-zones-private.html\" target=\"_blank\" rel=\"noreferrer noopener\">Working with private hosted zones<\/a>)<\/li>\n\n\n\n<li>Using Route 53 Resolver endpoints in hybrid and AWS architectures <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/set-up-integrated-dns-resolution-for-hybrid-networks-in-amazon-route-53.html\" target=\"_blank\" rel=\"noreferrer noopener\">Set up integrated DNS resolution for hybrid networks in Amazon Route 53<\/a>)<\/li>\n\n\n\n<li>Using Route 53 for global traffic management <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/Welcome.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Route&nbsp;53<\/a>)<\/li>\n\n\n\n<li>Creating and managing domain registrations <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/domain-register.html\" target=\"_blank\" rel=\"noreferrer noopener\">Registering a new domain<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 1.3: Design solutions that integrate load balancing to meet high availability, scalability,<br>and security requirements.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How load balancing works at layer 3, layer 4, and layer 7 of the OSI model <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonECS\/latest\/developerguide\/load-balancer-types.html\" target=\"_blank\" rel=\"noreferrer noopener\">Load balancer types<\/a>, <a href=\"https:\/\/aws.amazon.com\/elasticloadbalancing\/features\/\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic Load Balancing features<\/a>)<\/li>\n\n\n\n<li>Different types of load balancers and how they meet requirements for network design, high availability, and security <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonECS\/latest\/developerguide\/load-balancer-types.html\" target=\"_blank\" rel=\"noreferrer noopener\">Load balancer types<\/a>)<\/li>\n\n\n\n<li>Connectivity patterns that apply to load balancing based on the use case (for example, internal load balancers, external load balancers) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/application-load-balancers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Application Load Balancers<\/a>, <a href=\"https:\/\/aws.amazon.com\/elasticloadbalancing\/features\/\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic Load Balancing features<\/a>)<\/li>\n\n\n\n<li>Scaling factors for load balancers<\/li>\n\n\n\n<li>Integrations of load balancers and other AWS services (for example, Global Accelerator, CloudFront, AWS WAF, Route 53, Amazon Elastic Kubernetes Service [Amazon EKS], AWS Certificate Manager [ACM]) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/config\/latest\/developerguide\/resource-config-reference.html\" target=\"_blank\" rel=\"noreferrer noopener\">Supported Resource Types<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/AWSCloudFormation\/latest\/UserGuide\/aws-resource-eks-cluster.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS::EKS::Cluster<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/pt_br\/AWSCloudFormation\/latest\/UserGuide\/aws-resource-globalaccelerator-accelerator.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS::GlobalAccelerator::Accelerator<\/a>)<\/li>\n\n\n\n<li>Configuration options for load balancers (for example, proxy protocol, cross-zone load balancing, session affinity [sticky sessions], routing algorithms) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/network\/load-balancer-target-groups.html\" target=\"_blank\" rel=\"noreferrer noopener\">Target groups for your Network Load Balancers<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/classic\/elb-sticky-sessions.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configure sticky sessions for your Classic Load Balancer<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/sticky-sessions.html\" target=\"_blank\" rel=\"noreferrer noopener\">Sticky sessions for your Application Load Balancer<\/a>)<\/li>\n\n\n\n<li>Configuration options for load balancer target groups (for example, TCP, GENEVE, IP compared with instance) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/APIReference\/API_CreateTargetGroup.html\" target=\"_blank\" rel=\"noreferrer noopener\">CreateTargetGroup<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/network\/load-balancer-target-groups.html\" target=\"_blank\" rel=\"noreferrer noopener\">Target groups for your Network Load Balancers<\/a>)<\/li>\n\n\n\n<li>AWS Load Balancer Controller for Kubernetes clusters <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/aws-load-balancer-controller.html\" target=\"_blank\" rel=\"noreferrer noopener\">Installing the AWS Load Balancer Controller add-on<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/alb-ingress.html\" target=\"_blank\" rel=\"noreferrer noopener\">Application load balancing on Amazon EKS<\/a>)<\/li>\n\n\n\n<li>Considerations for encryption and authentication with load balancers (for example, TLS termination, TLS passthrough) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/network\/create-tls-listener.html\" target=\"_blank\" rel=\"noreferrer noopener\">TLS listeners for your Network Load Balancer<\/a>,<a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/create-https-listener.html\" target=\"_blank\" rel=\"noreferrer noopener\"> Create an HTTPS listener for your Application Load Balancer<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Selecting an appropriate load balancer based on the use case <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/application-load-balancers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Application Load Balancers<\/a>)<\/li>\n\n\n\n<li>Integrating auto-scaling with load balancing solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/autoscaling\/ec2\/userguide\/attach-load-balancer-asg.html\" target=\"_blank\" rel=\"noreferrer noopener\">Attach a load balancer to your Auto Scaling group<\/a>)<\/li>\n\n\n\n<li>Integrating load balancers with existing application deployments <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/codedeploy\/latest\/userguide\/integrations-aws-elastic-load-balancing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Integrating CodeDeploy with Elastic Load Balancing<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 1.4: Define logging and monitoring requirements across AWS and hybrid networks.<br>Knowledge of:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Amazon CloudWatch metrics, agents, logs, alarms, dashboards, and insights in AWS architectures to provide visibility <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/WhatIsCloudWatch.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon CloudWatch<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/cloudwatch_architecture.html\" target=\"_blank\" rel=\"noreferrer noopener\">How Amazon CloudWatch works<\/a>)<\/li>\n\n\n\n<li>AWS Transit Gateway Network Manager in architectures to provide visibility <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgwnm\/network-manager-getting-started.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Network Manager for Transit Gateway networks<\/a>)<\/li>\n\n\n\n<li>VPC Reachability Analyzer in architectures to provide visibility <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/reachability\/what-is-reachability-analyzer.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPC Reachability Analyzer<\/a>)<\/li>\n\n\n\n<li>Flow logs and traffic mirroring in architecture to provide visibility <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/mirroring\/what-is-traffic-mirroring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Traffic Mirroring<\/a>, <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/using-vpc-traffic-mirroring-to-monitor-and-secure-your-aws-infrastructure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Using VPC Traffic Mirroring to monitor and secure your AWS infrastructure<\/a>)<\/li>\n\n\n\n<li>Access logging (for example, load balancers, CloudFront) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/load-balancer-access-logs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Access logs for your Application Load Balancer<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identifying the logging and monitoring requirements <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/implementing-logging-monitoring-cloudwatch\/welcome.html\" target=\"_blank\" rel=\"noreferrer noopener\">Designing and implementing logging and monitoring with Amazon CloudWatch<\/a>)<\/li>\n\n\n\n<li>Recommending appropriate metrics to provide visibility of the network status <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/viewing_metrics_with_cloudwatch.html\" target=\"_blank\" rel=\"noreferrer noopener\">List the available CloudWatch metrics for your instances<\/a>)<\/li>\n\n\n\n<li>Capturing baseline network performance <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/WindowsGuide\/ec2-instance-network-bandwidth.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon EC2 instance network bandwidth<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 1.5: Design a routing strategy and connectivity architecture between on-premises<br>networks and the AWS Cloud.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Routing fundamentals (for example, dynamic compared with static, BGP) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpn\/latest\/s2svpn\/VPNRoutingTypes.html\" target=\"_blank\" rel=\"noreferrer noopener\">Site-to-Site VPN routing options<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpn\/latest\/s2svpn\/cgw-dynamic-routing-examples.html\" target=\"_blank\" rel=\"noreferrer noopener\">customer gateway device configurations for dynamic routing (BGP)<\/a>)<\/li>\n\n\n\n<li>Layer 1 and layer 2 concepts for physical interconnects (for example, VLAN, link aggregation group [LAG], optics, jumbo frames) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/lags.html\" target=\"_blank\" rel=\"noreferrer noopener\">Link aggregation groups<\/a>)<\/li>\n\n\n\n<li>Encapsulation and encryption technologies (for example, Generic Routing Encapsulation [GRE], IPsec) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/simplify-sd-wan-connectivity-with-aws-transit-gateway-connect\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simplify SD-WAN connectivity with AWS Transit Gateway Connect<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpn\/latest\/s2svpn\/your-cgw.html\" target=\"_blank\" rel=\"noreferrer noopener\">Your customer gateway device<\/a>)<\/li>\n\n\n\n<li>Resource sharing across AWS accounts <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/ram\/latest\/userguide\/getting-started-sharing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Sharing your AWS resources<\/a>)<\/li>\n\n\n\n<li>Overlay networks <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/sap\/latest\/sap-hana\/sap-oip-overlay-ip-routing-using-aws-transit-gateway.html\" target=\"_blank\" rel=\"noreferrer noopener\">Overlay IP Routing using AWS Transit Gateway<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identifying the requirements for hybrid connectivity <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/hybrid-connectivity\/connectivity-models.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connectivity models<\/a>)<\/li>\n\n\n\n<li>Designing a redundant hybrid connectivity model with AWS services (for example, AWS Direct Connect, AWS Site-to-Site VPN) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/hybrid-connectivity.html\" target=\"_blank\" rel=\"noreferrer noopener\">Hybrid connectivity<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/hybrid-connectivity\/vpn-connection-as-a-backup-to-aws-dx-connection-example.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPN connection as a backup<\/a>)<\/li>\n\n\n\n<li>Designing BGP routing with BGP attributes to influence the traffic flows based on the desired traffic patterns (load sharing, active\/passive) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/routing-and-bgp.html\" target=\"_blank\" rel=\"noreferrer noopener\">Routing policies and BGP communities<\/a>, <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/creating-active-passive-bgp-connections-over-aws-direct-connect\/\" target=\"_blank\" rel=\"noreferrer noopener\">Creating active\/passive BGP connections over AWS Direct Connect<\/a>)<\/li>\n\n\n\n<li>Designing for integration of a software-defined wide area network (SD-WAN) with AWS (for example, Transit Gateway Connect, overlay networks) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/simplify-sd-wan-connectivity-with-aws-transit-gateway-connect\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simplify SD-WAN connectivity with AWS Transit Gateway Connect<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 1.6: Design a routing strategy and connectivity architecture that includes multiple AWS<br>accounts, AWS Regions, and VPCs to support different connectivity patterns.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Different connectivity patterns and use cases (for example, VPC peering, Transit Gateway, AWS PrivateLink) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/aws-privatelink.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS PrivateLink<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-peering.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect VPCs using VPC peering<\/a>)<\/li>\n\n\n\n<li>Capabilities and advantages of VPC sharing <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-sharing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Share your VPC with other accounts<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/amazon-vpc-sharing.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPC sharing<\/a>)<\/li>\n\n\n\n<li>IP subnets and solutions accounting for IP address overlaps<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connecting multiple VPCs by using the most appropriate services based on requirements (for example, using VPC peering, Transit Gateway, PrivateLink) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/vpc-to-vpc-connectivity.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPC to VPC connectivity<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-peering.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect VPCs using VPC peering<\/a>)<\/li>\n\n\n\n<li>Using VPC sharing in a multi-account setup <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-sharing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Share your VPC with other accounts<\/a>)<\/li>\n\n\n\n<li>Managing IP overlaps by using different available services and options (for example, NAT, PrivateLink, Transit Gateway routing) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/aws-privatelink.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS PrivateLink<\/a>)<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Domain 2: Network Implementation (26%)<\/strong><\/h5>\n\n\n\n<p><strong>Task Statement 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Routing protocols (for example, static, dynamic) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpn\/latest\/s2svpn\/VPNRoutingTypes.html\" target=\"_blank\" rel=\"noreferrer noopener\">Site-to-Site VPN routing options<\/a>)<\/li>\n\n\n\n<li>VPNs (for example, security, accelerated VPN) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpn\/latest\/s2svpn\/accelerated-vpn.html\" target=\"_blank\" rel=\"noreferrer noopener\">Accelerated Site-to-Site VPN connections<\/a>)<\/li>\n\n\n\n<li>Layer 1 and types of hardware to use (for example, Letter of Authorization [LOA] documents, colocation facilities, Direct Connect) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/getting_started.html\" target=\"_blank\" rel=\"noreferrer noopener\">Classic<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/Colocation.html\" target=\"_blank\" rel=\"noreferrer noopener\">Requesting cross connects at AWS Direct Connect locations<\/a>)<\/li>\n\n\n\n<li>Layer 2 and layer 3 (for example, VLANs, IP addressing, gateways, routing, switching) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/apn\/amazon-vpc-for-on-premises-network-engineers-part-one\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon VPC for On-Premises Network Engineers<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/route-table-options.html\" target=\"_blank\" rel=\"noreferrer noopener\">Example routing options<\/a>)<\/li>\n\n\n\n<li>Traffic management and SD-WAN (for example, Transit Gateway Connect) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/simplify-sd-wan-connectivity-with-aws-transit-gateway-connect\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simplify SD-WAN connectivity with AWS Transit Gateway Connect<\/a>)<\/li>\n\n\n\n<li>DNS (for example, conditional forwarding, hosted zones, resolvers) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resolver.html\" target=\"_blank\" rel=\"noreferrer noopener\">Resolving DNS queries between VPCs and your network<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resolver-rules-managing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Managing forwarding rules<\/a>)<\/li>\n\n\n\n<li>Security appliances (for example, firewalls) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/network-firewall\/latest\/developerguide\/what-is-aws-network-firewall.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Network Firewall<\/a>)<\/li>\n\n\n\n<li>Load balancing (for example, layer 4 compared with layer 7, reverse proxies, layer 3) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/elasticloadbalancing\/features\/\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic Load Balancing features<\/a>)<\/li>\n\n\n\n<li>Infrastructure automation <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/running-containerized-microservices\/infrastructure-automation.html\" target=\"_blank\" rel=\"noreferrer noopener\">Infrastructure Automation<\/a>)<\/li>\n\n\n\n<li>AWS Organizations and AWS Resource Access Manager (AWS RAM) (for example, multiaccount Transit Gateway, Direct Connect, Amazon VPC, Route 53) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/ram\/latest\/userguide\/shareable.html\" target=\"_blank\" rel=\"noreferrer noopener\">Shareable AWS resources<\/a>)<\/li>\n\n\n\n<li>Test connectivity (for example, Route Analyzer, Reachability Analyzer) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/reachability\/what-is-reachability-analyzer.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPC Reachability Analyzer<\/a>)<\/li>\n\n\n\n<li>Networking services of VPCs <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/what-is-amazon-vpc.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon VPC<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configuring the physical network requirements for hybrid connectivity solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/hybrid-connectivity\/hybrid-network-connection.html\" target=\"_blank\" rel=\"noreferrer noopener\">Hybrid network connection<\/a>)<\/li>\n\n\n\n<li>Configuring static or dynamic routing protocols to work with hybrid connectivity solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/simplify-sd-wan-connectivity-with-aws-transit-gateway-connect\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simplify SD-WAN connectivity with AWS Transit Gateway Connect<\/a>)<\/li>\n\n\n\n<li>Configuring existing on-premises networks to connect with the AWS Cloud <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpn\/latest\/clientvpn-admin\/scenario-onprem.html\" target=\"_blank\" rel=\"noreferrer noopener\">Access to an on-premises network<\/a>)<\/li>\n\n\n\n<li>Configuring existing on-premises name resolution with the AWS Cloud <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/set-up-integrated-dns-resolution-for-hybrid-networks-in-amazon-route-53.html\" target=\"_blank\" rel=\"noreferrer noopener\">Set up integrated DNS resolution for hybrid networks in Amazon Route 53<\/a>)<\/li>\n\n\n\n<li>Configuring and implementing load balancing solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/create-application-load-balancer.html\" target=\"_blank\" rel=\"noreferrer noopener\">Create an Application Load Balancer<\/a>)<\/li>\n\n\n\n<li>Configuring network monitoring and logging for AWS services <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/network-firewall\/latest\/developerguide\/logging-monitoring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging and monitoring in AWS Network Firewall<\/a>)<\/li>\n\n\n\n<li>Testing and validating connectivity between environments <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/migration-replatforming-cots-applications\/testing-validating-application.html\" target=\"_blank\" rel=\"noreferrer noopener\">Testing and validating your applications<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 2.2: Implement routing and connectivity across multiple AWS accounts, Regions, and VPCs to support different connectivity patterns.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Inter-VPC and multi-account connectivity (for example, VPC peering, Transit Gateway, VPN, third-party vendors, SD-WAN, multiprotocol label switching [MPLS]) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-vpc-connectivity-options\/amazon-vpc-to-amazon-vpc-connectivity-options.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon VPC-to-Amazon VPC connectivity options<\/a>, <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/simplify-sd-wan-connectivity-with-aws-transit-gateway-connect\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simplify SD-WAN connectivity with AWS Transit Gateway Connect<\/a>)<\/li>\n\n\n\n<li>Private application connectivity (for example, PrivateLink) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/endpoint-services-overview.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect your VPC to services using AWS PrivateLink<\/a>)<\/li>\n\n\n\n<li>Methods of expanding AWS networking connectivity (for example, Organizations, AWS RAM) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/organizations\/latest\/userguide\/services-that-can-integrate-ram.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Resource Access Manager and AWS Organizations<\/a>)<\/li>\n\n\n\n<li>Host and service name resolution for applications and clients (for example, DNS) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resolver.html\" target=\"_blank\" rel=\"noreferrer noopener\">Resolving DNS queries between VPCs and your network<\/a>)<\/li>\n\n\n\n<li>Infrastructure automation <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/running-containerized-microservices\/infrastructure-automation.html\" target=\"_blank\" rel=\"noreferrer noopener\">Infrastructure Automation<\/a>)<\/li>\n\n\n\n<li>Authentication and authorization (for example, SAML, Active Directory) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_providers_saml.html\" target=\"_blank\" rel=\"noreferrer noopener\">About SAML 2.0-based federation<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_providers_saml_3rd-party.html\" target=\"_blank\" rel=\"noreferrer noopener\">Integrating third-party SAML solution providers with AWS<\/a>)<\/li>\n\n\n\n<li>Security (for example, security groups, network ACLs, AWS Network Firewall) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-network-acls.html\" target=\"_blank\" rel=\"noreferrer noopener\">Control traffic to subnets using Network ACLs<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/VPC_SecurityGroups.html\" target=\"_blank\" rel=\"noreferrer noopener\">Control traffic to resources using security groups<\/a>)<\/li>\n\n\n\n<li>Test connectivity (for example, Route Analyzer, Reachability Analyzer, tooling) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/reachability\/what-is-reachability-analyzer.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPC Reachability Analyzer<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configuring network connectivity architectures by using AWS services in a single-VPC or multiVPC design (for example, DHCP, routing, security groups) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/quickstart\/latest\/vpc\/architecture.html\" target=\"_blank\" rel=\"noreferrer noopener\">Architecture<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/VPC_SecurityGroups.html\" target=\"_blank\" rel=\"noreferrer noopener\">Control traffic to resources using security groups<\/a>)<\/li>\n\n\n\n<li>Configuring hybrid connectivity with existing third-party vendor solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/securityhub\/latest\/userguide\/securityhub-partner-providers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Available third-party partner product integrations<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/hybrid-connectivity.html\" target=\"_blank\" rel=\"noreferrer noopener\">Hybrid connectivity<\/a>)<\/li>\n\n\n\n<li>Configuring a hub-and-spoke network architecture (for example, Transit Gateway, transit VPC) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/transit-vpc-solution.html\" target=\"_blank\" rel=\"noreferrer noopener\">Transit VPC solution<\/a>)<\/li>\n\n\n\n<li>Configuring a DNS solution to make hybrid connectivity possible <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/set-up-integrated-dns-resolution-for-hybrid-networks-in-amazon-route-53.html\" target=\"_blank\" rel=\"noreferrer noopener\">Set up integrated DNS resolution for hybrid networks in Amazon Route 53<\/a>)<\/li>\n\n\n\n<li>Implementing security between network boundaries <\/li>\n\n\n\n<li>Configuring network monitoring and logging by using AWS solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/config\/latest\/developerguide\/security-logging-and-monitoring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging and Monitoring in AWS Config<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 2.3: Implement complex hybrid and multi-account DNS architectures.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>When to use private hosted zones and public hosted zones <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/hosted-zones-private.html\" target=\"_blank\" rel=\"noreferrer noopener\">Working with private hosted zones<\/a>)<\/li>\n\n\n\n<li>Methods to alter traffic management (for example, based on latency, geography, weighting) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/routing-policy.html\" target=\"_blank\" rel=\"noreferrer noopener\">Choosing a routing policy<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/TutorialLBRMultipleEC2InRegion.html\" target=\"_blank\" rel=\"noreferrer noopener\">Using latency and weighted records in Amazon Route&nbsp;53<\/a>)<\/li>\n\n\n\n<li>DNS delegation and forwarding (for example, conditional forwarding) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resolver-rules-managing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Managing forwarding rules<\/a>)<\/li>\n\n\n\n<li>Different DNS record types (for example, A, AAAA, TXT, pointer records, alias records) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html\" target=\"_blank\" rel=\"noreferrer noopener\">Supported DNS record types<\/a>)<\/li>\n\n\n\n<li>DNSSEC<\/li>\n\n\n\n<li>How to share DNS services between accounts (for example, AWS RAM) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/ram\/latest\/userguide\/shareable.html\" target=\"_blank\" rel=\"noreferrer noopener\">Shareable AWS resources<\/a>)<\/li>\n\n\n\n<li>Requirements and implementation options for outbound and inbound endpoints <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resolver-getting-started.html\" target=\"_blank\" rel=\"noreferrer noopener\">Getting started with Route 53 Resolver<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configuring DNS zones and conditional forwarding <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/managedservices\/latest\/onboardingguide\/configure-conditional-forwarder.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configure the conditional forwarder<\/a>)<\/li>\n\n\n\n<li>Configuring traffic management by using DNS solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/traffic-flow.html\" target=\"_blank\" rel=\"noreferrer noopener\">Using traffic flow to route DNS traffic<\/a>)<\/li>\n\n\n\n<li>Configuring DNS for hybrid networks <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/set-up-integrated-dns-resolution-for-hybrid-networks-in-amazon-route-53.html\" target=\"_blank\" rel=\"noreferrer noopener\">Set up integrated DNS resolution for hybrid networks in Amazon Route 53<\/a>)<\/li>\n\n\n\n<li>Configuring appropriate DNS records <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html\" target=\"_blank\" rel=\"noreferrer noopener\">Supported DNS record types<\/a>)<\/li>\n\n\n\n<li>Configuring DNSSEC on Route 53 <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/domain-configure-dnssec.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configuring DNSSEC for a domain<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/dns-configuring-dnssec.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configuring DNSSEC signing in Amazon Route&nbsp;53<\/a>)<\/li>\n\n\n\n<li>Configuring DNS within a centralized or distributed network architecture <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/set-up-integrated-dns-resolution-for-hybrid-networks-in-amazon-route-53.html\" target=\"_blank\" rel=\"noreferrer noopener\">Set up integrated DNS resolution for hybrid networks in Amazon Route 53<\/a>)<\/li>\n\n\n\n<li>Configuring DNS monitoring and logging on Route 53 <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/logging-monitoring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging and monitoring in Amazon Route&nbsp;53<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 2.4: Automate and configure network infrastructure.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Infrastructure as code (IaC) (for example, AWS Cloud Development Kit [AWS CDK], AWS CloudFormation, AWS CLI, AWS SDK, APIs) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/cdk\/v2\/guide\/home.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS CDK<\/a>)<\/li>\n\n\n\n<li>Event-driven network automation <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/compute\/getting-started-with-event-driven-architecture\/\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started with Event-Driven Architecture<\/a>)<\/li>\n\n\n\n<li>Common problems of using hardcoded instructions in IaC templates when provisioning cloud networking resources <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSCloudFormation\/latest\/UserGuide\/best-practices.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS CloudFormation best practices<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Creating and managing repeatable network configurations <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/best-practices-for-configuring-network-interfaces.html\" target=\"_blank\" rel=\"noreferrer noopener\">Best practices for configuring network interfaces<\/a>)<\/li>\n\n\n\n<li>Integrating event-driven networking functions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/compute\/getting-started-with-event-driven-architecture\/\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started with Event-Driven Architecture<\/a>)<\/li>\n\n\n\n<li>Integrating hybrid network automation options with AWS native IaC<\/li>\n\n\n\n<li>Eliminating risk and achieving efficiency in a cloud networking environment while maintaining the lowest possible cost<\/li>\n\n\n\n<li>Automating the process of optimizing cloud network resources with IaC <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/cloud-automation-5g-network\/cloud-automation-areas.html\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud automation areas<\/a>)<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Domain 3: Network Management and Operations (20%)<\/strong><\/h5>\n\n\n\n<p><strong>Task Statement 3.1: Maintain routing and connectivity on AWS and hybrid networks.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Industry-standard routing protocols that are used in AWS hybrid networks (for example, BGP over Direct Connect) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/routing-and-bgp.html\" target=\"_blank\" rel=\"noreferrer noopener\">Routing policies and BGP communities<\/a>)<\/li>\n\n\n\n<li>Connectivity methods for AWS and hybrid networks (for example, Direct Connect gateway, Transit Gateway, VIFs) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/direct-connect.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Direct Connect&nbsp;<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/direct-connect-transit-gateways.html\" target=\"_blank\" rel=\"noreferrer noopener\">Transit gateway associations<\/a>)<\/li>\n\n\n\n<li>How limits and quotas affect AWS networking services (for example, bandwidth limits, route limits) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgw\/transit-gateway-quotas.html\" target=\"_blank\" rel=\"noreferrer noopener\">Quotas for your transit gateways<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/amazon-vpc-limits.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon VPC quotas<\/a>)<\/li>\n\n\n\n<li>Available private and public access methods for custom services (for example, PrivateLink, VPC peering) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-peering.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect VPCs using VPC peering<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/endpoint-services-overview.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect your VPC to services using AWS PrivateLink<\/a>)<\/li>\n\n\n\n<li>Available inter-Regional and intra-Regional communication patterns <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/automate-the-setup-of-inter-region-peering-with-aws-transit-gateway.html\" target=\"_blank\" rel=\"noreferrer noopener\">Automate the setup of inter-Region peering with AWS Transit Gateway<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Managing routing protocols for AWS and hybrid connectivity options (for example, over a Direct Connect connection, VPN) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpn-connections.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect your VPC to remote networks using AWS Virtual Private Network<\/a>)<\/li>\n\n\n\n<li>Maintaining private access to custom services (for example, PrivateLink, VPC peering) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpc-peering.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect VPCs using VPC peering<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/endpoint-services-overview.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect your VPC to services using AWS PrivateLink<\/a>)<\/li>\n\n\n\n<li>Using route tables to direct traffic appropriately (for example, automatic propagation, BGP) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/VPC_Route_Tables.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configure route tables<\/a>)<\/li>\n\n\n\n<li>Setting up private access or public access to AWS services (for example, Direct Connect, VPN) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/vpn-connections.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect your VPC to remote networks using AWS Virtual Private Network<\/a>)<\/li>\n\n\n\n<li>Optimizing routing over dynamic and static routing protocols (for example, summarizing routes, CIDR overlap)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 3.2: Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network performance metrics and reachability constraints (for example, routing, packet size) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/monitoring-network-performance-ena.html\" target=\"_blank\" rel=\"noreferrer noopener\">Monitor network performance for your EC2 instance<\/a>)<\/li>\n\n\n\n<li>Appropriate logs and metrics to assess network performance and reachability issues (for example, packet loss) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/premiumsupport\/knowledge-center\/troubleshoot-vpn-packet-loss\/\" target=\"_blank\" rel=\"noreferrer noopener\">troubleshoot packet loss on my VPN<\/a>, <a href=\"https:\/\/aws.amazon.com\/premiumsupport\/knowledge-center\/network-issue-vpc-onprem-ig\/\" target=\"_blank\" rel=\"noreferrer noopener\">troubleshoot network performance issues<\/a>)<\/li>\n\n\n\n<li>Tools to collect and analyze logs and metrics (for example, CloudWatch, VPC Flow Logs, VPC Traffic Mirroring) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/flow-logs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging IP traffic using VPC Flow Logs<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/mirroring\/what-is-traffic-mirroring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Traffic Mirroring<\/a>)<\/li>\n\n\n\n<li>Tools to analyze routing patterns and issues (for example, Reachability Analyzer, Transit Gateway Network Manager) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgwnm\/route-analyzer.html\" target=\"_blank\" rel=\"noreferrer noopener\">Route Analyzer<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Analyzing tool output to assess network performance and troubleshoot connectivity (for example, VPC Flow Logs, Amazon CloudWatch Logs) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/flow-logs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging IP traffic using VPC Flow Logs<\/a>)<\/li>\n\n\n\n<li>Mapping or understanding network topology (for example, Transit Gateway Network Manager) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgwnm\/what-is-network-manager.html\" target=\"_blank\" rel=\"noreferrer noopener\">Network Manager<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgwnm\/network-manager-getting-started.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Network Manager for Transit Gateway networks<\/a>)<\/li>\n\n\n\n<li>Analyzing packets to identify issues in packet shaping (for example, VPC Traffic Mirroring) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/using-vpc-traffic-mirroring-to-monitor-and-secure-your-aws-infrastructure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Using VPC Traffic Mirroring to monitor and secure your AWS infrastructure<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/mirroring\/what-is-traffic-mirroring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Traffic Mirroring<\/a>)<\/li>\n\n\n\n<li>Troubleshooting connectivity issues that are caused by network misconfiguration (for example, Reachability Analyzer) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/reachability\/what-is-reachability-analyzer.html\" target=\"_blank\" rel=\"noreferrer noopener\">VPC Reachability Analyzer<\/a>)<\/li>\n\n\n\n<li>Verifying that a network configuration meets network design requirements (for example, Reachability Analyzer) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/reachability\/getting-started.html\" target=\"_blank\" rel=\"noreferrer noopener\">Getting started with VPC Reachability Analyzer<\/a>)<\/li>\n\n\n\n<li>Automating the verification of connectivity intent as a network configuration changes (for example, Reachability Analyzer)<\/li>\n\n\n\n<li>Troubleshooting packet size mismatches in a VPC to restore network connectivity <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/premiumsupport\/knowledge-center\/network-issue-vpc-onprem-ig\/\" target=\"_blank\" rel=\"noreferrer noopener\">troubleshoot network performance issues<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 3.3: Optimize AWS networks for performance, reliability, and cost-effectiveness.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Situations in which a VPC peer or a transit gateway are appropriate <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgw\/what-is-transit-gateway.html\" target=\"_blank\" rel=\"noreferrer noopener\">transit gateway<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgw\/tgw-peering.html\" target=\"_blank\" rel=\"noreferrer noopener\">Transit gateway peering attachments<\/a>)<\/li>\n\n\n\n<li>Different methods to reduce bandwidth utilization (for example, unicast compared with multicast, CloudFront) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudFront\/latest\/DeveloperGuide\/usage-charts.html\" target=\"_blank\" rel=\"noreferrer noopener\">CloudFront usage reports<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudFront\/latest\/DeveloperGuide\/IntroductionUseCases.html\" target=\"_blank\" rel=\"noreferrer noopener\">CloudFront use cases<\/a>)<\/li>\n\n\n\n<li>Cost-effective connectivity options for data transfer between a VPC and on-premises environments <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/hybrid-networking-lens\/cost-optimization-pillar.html\" target=\"_blank\" rel=\"noreferrer noopener\">Cost optimization pillar<\/a>)<\/li>\n\n\n\n<li>Different types of network interfaces on AWS <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/using-eni.html\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic network interfaces<\/a>)<\/li>\n\n\n\n<li>High-availability features in Route 53 (for example, DNS load balancing using health checks with latency and weighted record sets) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/dns-failover.html\" target=\"_blank\" rel=\"noreferrer noopener\">Creating Amazon Route&nbsp;53 health checks and configuring DNS failover<\/a>)<\/li>\n\n\n\n<li>Availability of options from Route 53 that provide reliability <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/route53\/faqs\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Route 53 FAQs<\/a>)<\/li>\n\n\n\n<li>Load balancing and traffic distribution patterns <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/elasticloadbalancing\/features\/\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic Load Balancing features<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/autoscaling\/ec2\/userguide\/autoscaling-load-balancer.html\" target=\"_blank\" rel=\"noreferrer noopener\">Use Elastic Load Balancing to distribute traffic<\/a>)<\/li>\n\n\n\n<li>VPC subnet optimization <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/configure-subnets.html\" target=\"_blank\" rel=\"noreferrer noopener\">Subnets for your VPC<\/a>)<\/li>\n\n\n\n<li>Frame size optimization for bandwidth across different connection types <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/ec2\/instance-types\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon EC2 Instance Types<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Optimizing for network throughput <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/WindowsGuide\/ec2-instance-network-bandwidth.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon EC2 instance network bandwidth<\/a>)<\/li>\n\n\n\n<li>Selecting the right network interface for the best performance (for example, elastic network interface, Elastic Network Adapter [ENA], Elastic Fabric Adapter [EFA])  <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/efa.html\" target=\"_blank\" rel=\"noreferrer noopener\">Elastic Fabric Adapter<\/a>)<\/li>\n\n\n\n<li>Choosing between VPC peering, proxy patterns, or a transit gateway connection based on analysis of the network requirements provided <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgw\/tgw-best-design-practices.html\" target=\"_blank\" rel=\"noreferrer noopener\">Transit gateway design best practices<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/automate-the-setup-of-inter-region-peering-with-aws-transit-gateway.html\" target=\"_blank\" rel=\"noreferrer noopener\">Automate the setup of inter-Region peering<\/a>)<\/li>\n\n\n\n<li>Implementing a solution on an appropriate network connectivity service (for example, VPC peering, Transit Gateway, VPN connection) to meet network requirements  <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/transit-vpc-solution.html\" target=\"_blank\" rel=\"noreferrer noopener\">Transit VPC solution<\/a>)<\/li>\n\n\n\n<li>Implementing a multicast capability within a VPC and on-premises environments <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/tgw\/working-with-multicast.html\" target=\"_blank\" rel=\"noreferrer noopener\">Working with multicast<\/a>)<\/li>\n\n\n\n<li>Creating Route 53 public hosted zones and private hosted zones and records to optimize application availability (for example, private zonal DNS entry to route traffic to multiple Availability Zones)<\/li>\n\n\n\n<li>Updating and optimizing subnets for auto-scaling configurations to support the increased application load <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/autoscaling\/ec2\/APIReference\/API_UpdateAutoScalingGroup.html\" target=\"_blank\" rel=\"noreferrer noopener\">UpdateAutoScalingGroup<\/a>)<\/li>\n\n\n\n<li>Updating and optimizing subnets to prevent the depletion of available IP addresses within a VPC (for example, secondary CIDR) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/configure-subnets.html\" target=\"_blank\" rel=\"noreferrer noopener\">Subnets for your VPC<\/a>)<\/li>\n\n\n\n<li>Configuring jumbo frame support across connection types <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/network_mtu.html\" target=\"_blank\" rel=\"noreferrer noopener\">Network maximum transmission unit (MTU) for your EC2 instance<\/a>)<\/li>\n\n\n\n<li>Optimizing network connectivity by using Global Accelerator to improve network performance and application availability <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/global-accelerator\/latest\/dg\/what-is-global-accelerator.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Global Accelerator<\/a>)<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Domain 4: Network Security, Compliance, and Governance (24%)<\/strong><\/h5>\n\n\n\n<p><strong>Task Statement 4.1: Implement and maintain network features to meet security and compliance needs and requirements.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Different threat models based on application architecture<\/li>\n\n\n\n<li>Common security threats <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-overview\/security-and-compliance.html\" target=\"_blank\" rel=\"noreferrer noopener\">Security and compliance<\/a>)<\/li>\n\n\n\n<li>Mechanisms to secure different application flows<\/li>\n\n\n\n<li>AWS network architecture that meets security and compliance requirements<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Securing inbound traffic flows into AWS (for example, AWS WAF, AWS Shield, Network Firewall) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/what-is-aws-waf.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS WAF, AWS Shield, and AWS Firewall Manager<\/a>)<\/li>\n\n\n\n<li>Securing outbound traffic flows from AWS (for example, Network Firewall, proxies, Gateway Load Balancers) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/network-firewall\/latest\/developerguide\/architectures.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Network Firewall example architectures with routing<\/a>)<\/li>\n\n\n\n<li>Securing inter-VPC traffic within an account or across multiple accounts (for example, security groups, network ACLs, VPC endpoint policies) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/VPC_Security.html\" target=\"_blank\" rel=\"noreferrer noopener\">Internetwork traffic privacy in Amazon VPC<\/a>)<\/li>\n\n\n\n<li>Implementing an AWS network architecture to meet security and compliance requirements (for example, untrusted network, perimeter VPC, three-tier architecture) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/quickstart\/latest\/vpc\/architecture.html\" target=\"_blank\" rel=\"noreferrer noopener\">Architecture<\/a>)<\/li>\n\n\n\n<li>Developing a threat model and identifying appropriate mitigation strategies for a given network architecture<\/li>\n\n\n\n<li>Testing compliance with the initial requirements (for example, failover test, resiliency) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/directconnect\/latest\/UserGuide\/resiliency_failover.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Direct Connect Failover Test<\/a>)<\/li>\n\n\n\n<li>Automating security incident reporting and alerting using AWS <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-security-incident-response-guide\/automating-incident-response.html\" target=\"_blank\" rel=\"noreferrer noopener\">Automating Incident Response<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 4.2: Validate and audit security by using network monitoring and logging services.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network monitoring and logging services that are available in AWS (for example, CloudWatch, AWS CloudTrail, VPC Traffic Mirroring, VPC Flow Logs, Transit Gateway Network Manager) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/flow-logs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging IP traffic using VPC Flow Logs<\/a>)<\/li>\n\n\n\n<li>Alert mechanisms (for example, CloudWatch alarms) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/AlarmThatSendsEmail.html\" target=\"_blank\" rel=\"noreferrer noopener\">Using Amazon CloudWatch alarms<\/a>)<\/li>\n\n\n\n<li>Log creation in different AWS services (for example, VPC flow logs, load balancer access logs, CloudFront access logs) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudFront\/latest\/DeveloperGuide\/AccessLogs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configuring and using standard logs (access logs)<\/a>)<\/li>\n\n\n\n<li>Log delivery mechanisms (for example, Amazon Kinesis, Route 53, CloudWatch) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/logging-monitoring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging and monitoring in Amazon Route&nbsp;53<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/firehose\/latest\/dev\/writing-with-cloudwatch-logs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Writing to Kinesis Data Firehose Using CloudWatch Logs<\/a>)<\/li>\n\n\n\n<li>Mechanisms to audit network security configurations (for example, security groups, AWS Firewall Manager, AWS Trusted Advisor) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/security-group-policies.html\" target=\"_blank\" rel=\"noreferrer noopener\">Security group policies<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Creating and analyzing a VPC flow log (including base and extended fields of flow logs) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/flow-logs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Logging IP traffic using VPC Flow Logs<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/flow-logs-records-examples.html\" target=\"_blank\" rel=\"noreferrer noopener\">Flow log record examples<\/a>)<\/li>\n\n\n\n<li>Creating and analyzing network traffic mirroring (for example, using VPC Traffic Mirroring) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/aws.amazon.com\/blogs\/networking-and-content-delivery\/using-vpc-traffic-mirroring-to-monitor-and-secure-your-aws-infrastructure\/\" target=\"_blank\" rel=\"noreferrer noopener\">Using VPC Traffic Mirroring to monitor and secure your AWS infrastructure<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/mirroring\/what-is-traffic-mirroring.html\" target=\"_blank\" rel=\"noreferrer noopener\">Traffic Mirroring<\/a>)<\/li>\n\n\n\n<li>Implementing automated alarms by using CloudWatch <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/using-cloudwatch-createalarm.html\" target=\"_blank\" rel=\"noreferrer noopener\">Create a CloudWatch alarm for an instance<\/a>)<\/li>\n\n\n\n<li>Implementing customized metrics by using CloudWatch <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/publishingMetrics.html\" target=\"_blank\" rel=\"noreferrer noopener\">Publishing custom metrics<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/managedservices\/latest\/userguide\/custom-cloudwatch-events.html\" target=\"_blank\" rel=\"noreferrer noopener\">Creating custom CloudWatch metrics and alarms<\/a>)<\/li>\n\n\n\n<li>Correlating and analyzing information across single or multiple AWS log sources <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/implementing-logging-monitoring-cloudwatch\/cloudwatch-search-analysis.html\" target=\"_blank\" rel=\"noreferrer noopener\">Searching and analyzing logs in CloudWatch<\/a>)<\/li>\n\n\n\n<li>Implementing log delivery solutions <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/logs\/AWS-logs-and-resource-policy.html\" target=\"_blank\" rel=\"noreferrer noopener\">Enabling logging from certain AWS services<\/a>)<\/li>\n\n\n\n<li>Implementing a network audit strategy across single or multiple AWS network services and accounts (for example, Firewall Manager, security groups, network ACLs)  <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/security-group-policies.html\" target=\"_blank\" rel=\"noreferrer noopener\">Security group policies<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Task Statement 4.3: Implement and maintain the confidentiality of data and communications of the network.<\/strong><\/p>\n\n\n\n<p>Knowledge of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network encryption options that are available on AWS <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/userguide\/UsingEncryption.html\" target=\"_blank\" rel=\"noreferrer noopener\">Protecting data using encryption<\/a>)<\/li>\n\n\n\n<li>VPN connectivity over Direct Connect <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-vpc-connectivity-options\/aws-direct-connect-vpn.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Direct Connect + VPN<\/a>)<\/li>\n\n\n\n<li>Encryption methods for data in transit (for example, IPsec) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/logical-separation\/encrypting-data-at-rest-and--in-transit.html\" target=\"_blank\" rel=\"noreferrer noopener\">Encrypting Data-at-Rest and -in-Transit<\/a>)<\/li>\n\n\n\n<li>Network encryption under the AWS shared responsibility model Network encryption under the AWS <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-risk-and-compliance\/shared-responsibility-model.html\" target=\"_blank\" rel=\"noreferrer noopener\">shared responsibility model<\/a>)<\/li>\n\n\n\n<li>Security methods for DNS communications (for example, DNSSEC) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/domain-configure-dnssec.html\" target=\"_blank\" rel=\"noreferrer noopener\">Configuring DNSSEC for a domain<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>Skills in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implementing network encryption methods to meet application compliance requirements (for example, IPsec, TLS) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/security-pillar\/protecting-data-in-transit.html\" target=\"_blank\" rel=\"noreferrer noopener\">Protecting Data in Transit<\/a>)<\/li>\n\n\n\n<li>Implementing encryption solutions to secure data in transit (for example, CloudFront, Application Load Balancers and Network Load Balancers, VPN over Direct Connect, AWS managed databases, Amazon S3, custom solutions on Amazon EC2, Transit Gateway) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/securityhub\/latest\/userguide\/securityhub-standards-fsbp-controls.html\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Foundational Security Best Practices controls<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-overview\/networking-services.html\" target=\"_blank\" rel=\"noreferrer noopener\">Networking and Content Delivery<\/a>, <a href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/patterns\/connect-to-application-migration-service-data-and-control-planes-over-a-private-network.html\" target=\"_blank\" rel=\"noreferrer noopener\">Connect to Application Migration Service data<\/a>)<\/li>\n\n\n\n<li>Implementing a certificate management solution by using a certificate authority (for example, ACM, AWS Certificate Manager Private Certificate Authority [ACM PCA]) <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/acm-pca\/latest\/userguide\/PcaWelcome.html\" target=\"_blank\" rel=\"noreferrer noopener\">ACM Private CA<\/a>)<\/li>\n\n\n\n<li>Implementing secure DNS communications <strong>(AWS Documentation:<\/strong> <a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/dns.html\" target=\"_blank\" rel=\"noreferrer noopener\">DNS<\/a>)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Quick Links to Learning Resources<\/strong><\/h3>\n\n\n\n<p>Choosing the right resources with reliable content is very important. As a matter of fact, there are various resources to choose from. This makes it difficult to select the authentic and genuine ones. As you have probably been preparing for this exam we hope that you have made a wise choice in terms of your learning resources. However, here area few quick links that will definitely benefit your preparations and help you ace the exam:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>AWS Training<\/strong><\/h4>\n\n\n\n<p>AWS offers training opportunities for candidates to develop expertise, self-assurance, and authenticity by acquiring practical cloud skills. Candidates have the option to engage in self-paced online learning or choose to be instructed by certified AWS instructors who are experts in the field. This training is advantageous for individuals at various stages, whether they are beginners looking to build upon their existing IT skills or seasoned professionals with prior cloud knowledge. AWS provides three distinct types of training, which comprise:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firstly, the free <a href=\"https:\/\/aws.amazon.com\/training\/course-descriptions\/?nc2=sb_tr_to\" target=\"_blank\" rel=\"noreferrer noopener\">digital training<\/a> offers on-demand digital courses that enable candidates to acquire new cloud skills and knowledge at their own convenience.<\/li>\n\n\n\n<li>Secondly, <a href=\"https:\/\/aws.amazon.com\/training\/virtual-classroom\/?nc2=sb_tr_vt\" target=\"_blank\" rel=\"noreferrer noopener\">classroom training<\/a> features live classes conducted either virtually or in-person, led by accredited AWS instructors. These classes impart sought-after cloud skills and best practices through a blend of presentations, discussions, and hands-on labs.<\/li>\n\n\n\n<li>Lastly, <a href=\"https:\/\/aws.amazon.com\/training\/enterprise\/private-on-site-training\/?nc2=sb_tr_pot\" target=\"_blank\" rel=\"noreferrer noopener\">private training<\/a> consists of virtual or in-person classes led by accredited AWS instructors, focusing on in-depth AWS Cloud skills within a private learning environment.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Whitepapers<\/strong><\/h4>\n\n\n\n<p>Candidates preparing for the AWS can take the help of AWS whitepapers for preparation. These are the authentic study resources which can help candidates during understanding about the AWS services. Whitepapers not only strengthen your preparation process but also helps you build a strong strategy to lay your focus on. You can refer the following White Papers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/d1.awsstatic.com\/whitepapers\/best-practices-vpcs-networking-amazon-workspaces-deployments.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Best Practices for VPCs and Networking in Amazon WorkSpaces Deployments<\/a>&nbsp;<\/li>\n\n\n\n<li>&nbsp;<a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/building-scalable-secure-multi-vpc-network-infrastructure\/welcome.html\" target=\"_blank\" rel=\"noreferrer noopener\">Building a Scalable and Secure Multi-VPC AWS Network Infrastructure<\/a>&nbsp;<\/li>\n\n\n\n<li>&nbsp;<a href=\"https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-vpc-connectivity-options\/welcome.html\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Virtual Private Cloud Connectivity Options<\/a>&nbsp;<\/li>\n\n\n\n<li>&nbsp;<a href=\"https:\/\/d1.awsstatic.com\/whitepapers\/Security\/DDoS_White_Paper.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Best Practices for DDoS Resiliency<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/d1.awsstatic.com\/whitepapers\/Intro_to_HPC_on_AWS.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">High Performance Computing on AWS Redefines What is Possible<\/a>&nbsp;<\/li>\n\n\n\n<li>&nbsp;<a href=\"https:\/\/d1.awsstatic.com\/whitepapers\/Networking\/integrating-aws-with-multiprotocol-label-switching.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Integrating AWS with Multiprotocol Label Switching<\/a>&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.amazon.com\/Certified-Advanced-Networking-Official-Study-ebook\/dp\/B079VKD1CN\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Certified Advanced Networking Official Study Guide: Specialty Exam<\/a><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Reference Books<\/strong><\/h4>\n\n\n\n<p>Books can offer a valuable edge when it comes to acquiring a deeper and more precise understanding of various topics. The market offers a wide range of books, and for those pursuing the AWS Certified Advanced Networking &#8211; Specialty certification, the essential reference books are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Firstly, <strong>AWS Certified Advanced Networking Official Study Guide: Specialty Exam<\/strong><\/em><\/li>\n\n\n\n<li><em>Secondly,<strong> AWS certified advanced networking &#8211; specialty Exam Guide for Building knowledge and technical expertise as an AWS-certified networking specialist<\/strong><\/em><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Online Tutorials and Study Guide<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Online Tutorials<\/strong> <\/a>enhance your knowledge and provide in depth understanding about the exam concepts. Moreover, <strong>AWS certified advanced networking &#8211; specialty<\/strong> <strong><a href=\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-study-guide\/\" target=\"_blank\" rel=\"noreferrer noopener\">Study Guides<\/a><\/strong> help you stay consistent and determined. They enrich your learning experience. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" width=\"951\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Google-Certified-Professional-Cloud-Architect-4.png\" alt=\"AWS Certified Advanced Networking Specialty online tutorial\" class=\"wp-image-11439\" srcset=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Google-Certified-Professional-Cloud-Architect-4.png 951w, https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Google-Certified-Professional-Cloud-Architect-4-300x47.png 300w\" sizes=\"(max-width: 951px) 100vw, 951px\" \/><\/a><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\"><strong>Attempt Practice Tests<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Finally, it is time to check your preparations with the AWS certified advanced networking &#8211; specialty practice exam. Self-Evaluation is the key and hence your next step is to attempt practice tests. The more you\u2019re going to practice, the better for you. Further, these tests familiarise you with the real exam environment and also help you analyse areas that need improvement. Strengthening your weaker domains will surely help you pass with flying colours. Also, attempting multiple practice tests is vital to boost your confidence So, outperform yourself with each subsequent test to be fully ready on the exam day.&nbsp;<a href=\"https:\/\/www.testpreptraining.ai\/aws-certified-database-specialty-free-practice-test\" target=\"_blank\" rel=\"noreferrer noopener\">Start practising Now!<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/www.testpreptraining.ai\/aws-certified-advanced-networking-specialty-free-practice-test\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" width=\"951\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Google-Certified-Professional-Cloud-Architect-1-1.png\" alt=\"AWS Certified Advanced Networking Specialty free practice tests\" class=\"wp-image-11438\" srcset=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Google-Certified-Professional-Cloud-Architect-1-1.png 951w, https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Google-Certified-Professional-Cloud-Architect-1-1-300x47.png 300w\" sizes=\"(max-width: 951px) 100vw, 951px\" \/><\/a><\/figure>\n<\/div>\n\n\n<h5 class=\"wp-block-heading\"><strong>Boost your career with new learning resources. <a href=\"https:\/\/www.testpreptraining.ai\/aws-certified-advanced-networking-specialty-questions\" target=\"_blank\" rel=\"noreferrer noopener\">Start Preparing for the AWS Advanced Networking Specialty Exam Now!<\/a><\/strong><\/h5>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The AWS Certified Advanced Networking Specialty certification is widely recognized and confirms the proficiency of network architects and engineers in creating and deploying advanced networking solutions within the Amazon Web Services (AWS) environment. The exam covers a wide range of networking topics such as routing, security, connectivity, and performance optimization. Passing this certification exam requires&#8230;<\/p>\n","protected":false},"author":1,"featured_media":11444,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[1849,1848],"class_list":["post-11430","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","tag-aws-certified-advanced-networking-specialty-cheat-sheet","tag-aws-certified-advanced-networking-specialty-exam-guide"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>AWS Certified Advanced Networking Specialty Cheat Sheet - Blog<\/title>\n<meta name=\"description\" content=\"Cheat Sheet with Advanced Learning Resources for AWS Advanced Networking Specialty exam. Start your preparations Now with free practice tests\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AWS Certified Advanced Networking Specialty Cheat Sheet - Blog\" \/>\n<meta property=\"og:description\" content=\"Cheat Sheet with Advanced Learning Resources for AWS Advanced Networking Specialty exam. Start your preparations Now with free practice tests\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-04T05:30:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-06T06:47:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Copy-of-Collab-Space-Central-7.png\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TestPrepTraining\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TestPrepTraining\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"25 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/\",\"name\":\"AWS Certified Advanced Networking Specialty Cheat Sheet - Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/#website\"},\"datePublished\":\"2021-01-04T05:30:35+00:00\",\"dateModified\":\"2023-10-06T06:47:08+00:00\",\"author\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/#\/schema\/person\/b46daaf932dbfb07cbe7db807006780c\"},\"description\":\"Cheat Sheet with Advanced Learning Resources for AWS Advanced Networking Specialty exam. Start your preparations Now with free practice tests\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Advanced Networking Specialty Cheat Sheet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/blog\/\",\"name\":\"Learning Resources\",\"description\":\"Testprep Training Blogs\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/#\/schema\/person\/b46daaf932dbfb07cbe7db807006780c\",\"name\":\"TestPrepTraining\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4cd4f7acc79865d9ba457114e386c039833599aae3707598a92eda256c6a5278?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4cd4f7acc79865d9ba457114e386c039833599aae3707598a92eda256c6a5278?s=96&d=mm&r=g\",\"caption\":\"TestPrepTraining\"},\"description\":\"Testprep Training offers a wide range of practice exams and online courses for Professional certification exam curated by field experts and working professionals. Evaluate your skills and build confidence to appear for the exam.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AWS Certified Advanced Networking Specialty Cheat Sheet - Blog","description":"Cheat Sheet with Advanced Learning Resources for AWS Advanced Networking Specialty exam. Start your preparations Now with free practice tests","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/","og_locale":"en_US","og_type":"article","og_title":"AWS Certified Advanced Networking Specialty Cheat Sheet - Blog","og_description":"Cheat Sheet with Advanced Learning Resources for AWS Advanced Networking Specialty exam. Start your preparations Now with free practice tests","og_url":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/","og_site_name":"Blog","article_published_time":"2021-01-04T05:30:35+00:00","article_modified_time":"2023-10-06T06:47:08+00:00","og_image":[{"width":750,"height":400,"url":"https:\/\/www.testpreptraining.ai\/blog\/wp-content\/uploads\/2020\/12\/Copy-of-Collab-Space-Central-7.png","type":"image\/png"}],"author":"TestPrepTraining","twitter_card":"summary_large_image","twitter_misc":{"Written by":"TestPrepTraining","Est. reading time":"25 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/","url":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/","name":"AWS Certified Advanced Networking Specialty Cheat Sheet - Blog","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/blog\/#website"},"datePublished":"2021-01-04T05:30:35+00:00","dateModified":"2023-10-06T06:47:08+00:00","author":{"@id":"https:\/\/www.testpreptraining.ai\/blog\/#\/schema\/person\/b46daaf932dbfb07cbe7db807006780c"},"description":"Cheat Sheet with Advanced Learning Resources for AWS Advanced Networking Specialty exam. Start your preparations Now with free practice tests","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/blog\/aws-certified-advanced-networking-specialty-cheat-sheet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/blog\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Advanced Networking Specialty Cheat Sheet"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/blog\/#website","url":"https:\/\/www.testpreptraining.ai\/blog\/","name":"Learning Resources","description":"Testprep Training Blogs","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.testpreptraining.ai\/blog\/#\/schema\/person\/b46daaf932dbfb07cbe7db807006780c","name":"TestPrepTraining","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4cd4f7acc79865d9ba457114e386c039833599aae3707598a92eda256c6a5278?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4cd4f7acc79865d9ba457114e386c039833599aae3707598a92eda256c6a5278?s=96&d=mm&r=g","caption":"TestPrepTraining"},"description":"Testprep Training offers a wide range of practice exams and online courses for Professional certification exam curated by field experts and working professionals. Evaluate your skills and build confidence to appear for the exam."}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/posts\/11430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/comments?post=11430"}],"version-history":[{"count":13,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/posts\/11430\/revisions"}],"predecessor-version":[{"id":33700,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/posts\/11430\/revisions\/33700"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/media\/11444"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/media?parent=11430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/categories?post=11430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/blog\/wp-json\/wp\/v2\/tags?post=11430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}