Skip to main content

AWS Certified Advanced Networking Official Study Guide: Specialty Exam

E-Book

$39.99

AWS Certified Advanced Networking Official Study Guide: Specialty Exam

E-Book
$39.99
Paperback
$60.00
O-Book
Download Product Flyer

Download Product Flyer

Download Product Flyer is to download PDF in new tab. This is a dummy description. Download Product Flyer is to download PDF in new tab. This is a dummy description. Download Product Flyer is to download PDF in new tab. This is a dummy description. Download Product Flyer is to download PDF in new tab. This is a dummy description.

Description

The official study guide for the AWS certification specialty exam

The AWS Certified Advanced Networking Official Study Guide – Specialty Exam helps to ensure your preparation for the AWS Certified Advanced Networking – Specialty Exam. Expert review of AWS fundamentals align with the exam objectives, and detailed explanations of key exam topics merge with real-world scenarios to help you build the robust knowledge base you need to succeed on the exam—and in the field as an AWS Certified Networking specialist. Coverage includes the design, implementation, and deployment of cloud-based solutions; core AWS services implementation and knowledge of architectural best practices; AWS service architecture design and maintenance; networking automation; and more. You also get one year of free access to Sybex’s online interactive learning environment and study tools, which features flashcards, a glossary, chapter tests, practice exams, and a test bank to help you track your progress and gauge your readiness as exam day grows near.

The AWS credential validates your skills surrounding AWS and hybrid IT network architectures at scale. The exam assumes existing competency with advanced networking tasks, and assesses your ability to apply deep technical knowledge to the design and implementation of AWS services. This book provides comprehensive review and extensive opportunities for practice, so you can polish your skills and approach exam day with confidence.

  • Study key exam essentials with expert insight
  • Understand how AWS skills translate to real-world solutions
  • Test your knowledge with challenging review questions
  • Access online study tools, chapter tests, practice exams, and more

Technical expertise in cloud computing, using AWS, is in high demand, and the AWS certification shows employers that you have the knowledge and skills needed to deliver practical, forward-looking cloud-based solutions. The AWS Certified Advanced Networking Official Study Guide – Specialty Exam helps you learn what you need to take this next big step for your career.

Foreword xxxiii

Introduction xxxvii

Assessment Test xliv

Chapter 1 Introduction to Advanced Networking 1

AWS Global Infrastructure 2

Amazon Virtual Private Cloud 4

AWS Networking Services 7

Summary 9

Resources to Review 9

Exam Essentials 10

Exercise 11

Review Questions 12

Chapter 2 Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals 15

Introduction to Amazon Virtual Private Cloud (Amazon VPC) 16

Subnets 19

Route Tables 22

IP Addressing 23

Security Groups 26

Network Access Control Lists (ACLs) 29

Internet Gateways 30

Network Address Translation (NAT) Instances and NAT Gateways 31

Egress-Only Internet Gateways (EIGWs) 33

Virtual Private Gateways (VGWs), Customer Gateways, and Virtual Private Networks (VPNs) 35

VPC Endpoints 36

VPC Peering 38

Placement Groups 40

Elastic Network Interfaces 41

Dynamic Host Configuration Protocol (DHCP) Option Sets 42

Amazon Domain Name Service (DNS) Server 43

VPC Flow Logs 43

Summary 45

Resources to Review 48

Exam Essentials 48

Exercises 51

Review Questions 55

Chapter 3 Advanced Amazon Virtual Private Cloud (Amazon VPC) 57

VPC Endpoints 58

VPC Endpoint Overview 59

Gateway VPC Endpoints 60

Interface VPC Endpoints 64

Transitive Routing 70

IP Addressing Features 74

Summary 77

Exam Essentials 78

Resources to Review 80

Exercises 80

Review Questions 88

Chapter 4 Virtual Private Networks 93

Introduction to Virtual Private Networks 94

Site-to-Site VPN 94

Client-to-Site VPN 112

Design Patterns 114

Summary 117

Exam Essentials 119

Resources to Review 120

Exercises 121

Review Questions 126

Chapter 5 AWS Direct Connect 129

What Is AWS Direct Connect? 130

Physical Connectivity 131

Logical Connectivity 135

Resilient Connectivity 140

Billing 147

Summary 149

Exam Essentials 149

Resources to Review 150

Exercises 150

Review Questions 153

Chapter 6 Domain Name System and Load Balancing 155

Introduction to Domain Name System and Load Balancing 156

Domain Name System 156

Amazon EC2 DNS Service 163

Amazon Route 53 168

Elastic Load Balancing 180

Elastic Load Balancing Concepts 187

Elastic Load Balancer Configuration 189

Summary 193

Exam Essentials 196

Resources to Review 198

Exercises 199

Review Questions 205

Chapter 7 Amazon CloudFront 207

Introduction to Amazon CloudFront 208

Content Delivery Network Overview 208

The AWS CDN: Amazon CloudFront 209

Summary 224

Exam Essentials 224

Resources to Review 225

Exercises 226

Review Questions 230

Chapter 8 Network Security 233

Governance 235

Data Flow Security 238

AWS Security Services 252

Detection and Response 254

Summary 260

Resources to Review 262

Exam Essentials 264

Exercises 266

Review Questions 269

Chapter 9 Network Performance 273

Network Performance Basics 274

Amazon Elastic Compute Cloud (Amazon EC2) Instance Networking Features 276

Optimizing Performance 279

Example Applications 283

Performance Testing 286

Summary 289

Resources to Review 290

Exam Essentials 290

Exercises 292

Review Questions 299

Chapter 10 Automation 305

Introduction to Network Automation 306

Infrastructure as Code 306

Network Monitoring Tools 325

Summary 331

Exam Essentials 331

Resources to Review 333

Exercises 334

Review Questions 341

Chapter 11 Service Requirements 345

Introduction to Service Requirements 346

The Elastic Network Interface 346

AWS Cloud Services and Their Network Requirements 346

Summary 354

Exam Essentials 355

Resources to Review 356

Exercises 357

Review Questions 360

Chapter 12 Hybrid Architectures 363

Introduction to Hybrid Architectures 364

Application Architectures 365

Access VPC Endpoints and Customer-Hosted Endpoints over AWS Direct Connect 375

Use of Transitive Routing in Hybrid IT 379

Summary 386

Exam Essentials 388

Resources to Review 389

Exercises 389

Review Questions 394

Chapter 13 Network Troubleshooting 397

Introduction to Network Troubleshooting 398

Methodology for Troubleshooting 398

Network Troubleshooting Tools 399

Troubleshooting Common Scenarios 401

Summary 409

Exam Essentials 410

Resources to Review 411

Exercises 412

Review Questions 415

Chapter 14 Billing 419

Billing Overview 420

Summary 428

Exam Essentials 428

Resources to Review 429

Exercises 429

Review Questions 432

Chapter 15 Risk and Compliance 435

It All Begins with Threat Modeling 436

Ownership Model and the Role of Network Management 439

Controlling Access to AWS 439

Encryption Options 442

Network Activity Monitoring 444

Malicious Activity Detection 449

Penetration Testing and Vulnerability Assessment 454

Summary 456

Exam Essentials 457

Resources to Review 458

Exercises 459

Review Questions 464

Chapter 16 Scenarios and Reference Architectures 467

Introduction to Scenarios and Reference Architectures 468

Hybrid Networking Scenario 468

Multi-Location Resiliency 472

Summary 476

Resources to Review 476

Exam Essentials 477

Exercises 478

Review Questions 481

Appendix Answers to Review Questions 485

Chapter 1: Introduction to Advanced Networking 486

Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals 487

Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC) 487

Chapter 4: Virtual Private Networks 489

Chapter 5: AWS Direct Connect 490

Chapter 6: Domain Name System and Load Balancing 490

Chapter 7: Amazon CloudFront 491

Chapter 8: Network Security 492

Chapter 9: Network Performance 493

Chapter 10: Automation 495

Chapter 11: Service Requirements 496

Chapter 12: Hybrid Architectures 497

Chapter 13: Network Troubleshooting 498

Chapter 14: Billing 498

Chapter 15: Risk and Compliance 499

Chapter 16: Scenarios and Reference Architectures 499

Index 501

ChapterPageDetailsDatePrint Run
376Errata in text
Currently, the text reads:
Success is best-effort, which means AWS will try to reclaim the
address, but it is not guaranteed if another customer is already be
using the public address.

Text should be:
Success is best-effort, which means AWS will try to reclaim the
address, but it is not guaranteed if another customer is already
using the public address.
23-3-18

383Errata in text
In step 10, change:
public VPC

To:
provider VPC
23-3-18

6160Errata in text
Problem sentence:
At this point, the requester has the IP address of a Name Server
that are authoritative for the wikipedia.org domain.

Correction:
At this point, the requester has the IP address of a Name Server
that is authoritative for the wikipedia.org domain.
23-2-18

6164Errata in text
In Figure 6.2, change the network address in subnet 2,
Network address currently reads:
Subnet 2-10.0.1.0/24

Text should be:
Subnet 2-10.0.2.0/24
23-2-18

6174Errata in text
Problem sentence:
Use a failover routing policy to configure active-passive failover,
in which one resource takes all of the traffic when it is available
and the other resource takes all of the traffic when the first
resource fails health checks failover resource record sets are only
available for public hosted zones as of this writing.

Correction:
Use a failover routing policy to configure active-passive failover,
in which one resource takes all of the traffic when it is available
and the other resource takes all of the traffic when the first
resource fails health checks. Failover resource record sets are only
available for public hosted zones as of this writing.
23-3-18

7214Errata in text
Problem sentence:
Regional Edge Caches work with for custom origins.

Correction:
Regional Edge Caches work with custom origins.
23-3-18

7217Errata in text
Problem sentence:
Not only can you use Amazon CloudFront to optimize origin access via
connection re-use, but content in the edge cache will delivered faster
than it could be from your origin servers, even ignoring latency
differences between the edge and the origin.

Correction:
Not only can you use Amazon CloudFront to optimize origin access via
connection re-use, but content in the edge cache will be delivered faster
than it could be from your origin servers, even ignoring latency
differences between the edge and the origin.
23-3-18

7223Errata in text
Problem sentence:
You can specify up to 10 fields in an HTTP POST request that are to
encrypted, and you can set it so that different profiles are applied
to each request based on a query string within the request URL.

Correction:
You can specify up to 10 fields in an HTTP POST request that are to
be encrypted, and you can set it so that different profiles are applied
to each request based on a query string within the request URL.
23-3-18

9286Errata in text
Paragraph 5:
Problem sentence:
Amazon CloudWatch metrics make it easy to observe and collect data about your network's.

Correction:
Amazon CloudWatch metrics make it easy to observe and collect data about your networks.
20-Apr-18

9287Errata in text
Chapter 9 page 287:

Currently Reads:
"...the math is 10,920,000 divided by 8..."

Should Read:
"...the math is 10,920,000 multiplied by 8..."
22-Oct-18

9288Errata in Text
Table 9.3
First row

INCORRECT:
(In Amazon CloudWatch Metric column) TunnelState

(In Description column)
The state of the tunnel.

CORRECT:
(In Amazon CloudWatch Metric column) ConnectionState

(In Description column)
The state of the connection.
09-05-2019

9301Errata in text
Question 11
INCORRECT
R3 instances to R4 instances.

CORRECT
C4 instances to C5 instances.

13408Errata in text
Paragraph:3 bullet: 2
Problem sentence:
Verify that the load balancer targets security groups and network ACLs allow inbound traffic from the load balancer subnet and outbound traffic to the load balancer subnet.

Correction:
Verify that the load balancer target's security groups and network ACLs allow inbound traffic from the load balancer subnet and outbound traffic to the load balancer subnet.
20-Apr-18

Appendix489Errata in text
Appendix: Answers to Review Questions, Chapter 4: Virtual Private Networks

INCORRECT:
6. B. Unlike site-to-site VPN, AWS currently doesn?t offer a managed
gateway endpoint for this type of VPN setup. You will have to use an
Amazon EC2 instance as a client-to-site VPN gateway.

CORRECT:
6. C. Virtual Private Gateway supports only IPSEC VPN protocol.
Options B and D are not supported. Option A while supported is not
mandatory.
23-3-18

Appendix489Errata in text
Appendix: Answers to Review Questions, Chapter 4: Virtual Private Networks

INCORRECT:
7. C. SSL or Transport Layer Security (TLS) works at the application
layer and encrypts all TCP traffic. SSL is a more efficient algorithm
than IPsec and is easier to deploy/use. By using SSL, you can also
encrypt only the traffi c for the application that requires it,
whereas with IPsec all traffic is encrypted. Option D is incorrect as
it covers encryption at rest while the question is about achieving
encryption in motion.

CORRECT:
7. B. Option A is wrong as VGW doesn?t support client to site VPN.
Option C while a valid choice has management overhead associated with
implementing and maintaining the automation described. Option D
achieves less availability when compared to option B.
23-3-18

Appendix489Errata in text
Appendix: Answers to Review Questions, Chapter 4: Virtual Private Networks

INCORRECT:
8. A. The IP addresses of the VGW endpoints are automatically generated.
These IP addresses are used to terminate the VPN connections.

CORRECT:
8. B. Unlike site-to-site VPN, AWS currently doesn?t offer a managed
gateway endpoint for this type of VPN setup. You will have to use an
Amazon EC2 instance as a client-to-site VPN gateway.
23-3-18

Appendix489Errata in text
Appendix: Answers to Review Questions, Chapter 4: Virtual Private Networks

INCORRECT:
[Number 9 answer is missing.]

CORRECT:
9. C. SSL or Transport Layer Security (TLS) works at the application
layer and encrypts all TCP traffic. SSL is a more efficient algorithm
than IPsec and is easier to deploy/use. By using SSL, you can also
encrypt only the traffic for the application that requires it,
whereas with IPsec all traffic is encrypted. Option D is incorrect as
it covers encryption at rest while the question is about achieving
encryption in motion.
23-3-18

Appendix489Errata in text
Appendix: Answers to Review Questions, Chapter 4: Virtual Private Networks

INCORRECT:
[Number 10 answer is missing.]

CORRECT:
10. A. The IP addresses of the VGW endpoints are automatically generated.
These IP addresses are used to terminate the VPN connections.
23-3-18

Appendix495Errata in text
Question 24:
Problem sentence:
This error is with one of the end of chapter questions ? Chapter 9 question 24. The description of the answer is correct, but the letter given does not match the question.
C. Bandwidth is the maximum data transfer rate at any point in the network.

Correction:
D. Bandwidth is the maximum data transfer rate at any point in the network.
20-Apr-18

12VariesErrata in text
Problem sentence:
This is more of a consistency thing. Throughout the other chapters references to the PrivateLink feature referred to this as PrivateLink (one word). However, chapter 12 referred to this feature as Private Link (two words). The AWS website refers to this feature as PrivateLink (one word). I believe this is the correct spelling of the feature.

Correction:
In Chapter 12, could you change any occurrence of Private Link to AWS PrivateLink.
Tech writers say: it's AWS style to italicize the service name only the first time it's mentioned in the chapter, but we should go with whatever Wiley's style is.
20-Apr-18

Appendix A - Chap 15499Errata in text
Chapter 15: Risk and Compliance
INCORRECT:
1. B, D.
CORRECT:
1. A, C.
30-Aug-2018

Appendix A - Chap 13498Errata in text
INCORRECT: 5. A. There is a limit of 25 VPC peering connections per VPC by default. CORRECT: 5. A. There is a limit of 50 VPC peering connections per VPC by default.
31-Aug-2018

10326Errata in text
In the code snippet, the command - AWS with parameters - CloudWatch
put-metric-data.. is called.
INCORRECT: Amazon Cloudwatch
CORRECT: aws cloudwatch
31-Aug-2018