1. Introduction

  • 1.1 Overview of the AWS Certified Advanced Networking – Specialty Certification
    • Purpose of the certification
    • Target audience and recommended experience
  • 1.2 Exam Structure
    • Multiple-choice and multiple-response questions
    • Scoring model and exam weightings
  • 1.3 How to Use This eBook for Exam Preparation
    • Study strategies and tips
    • Recommended learning resources

2. Domain 1: Network Design (30%)

2.1 Edge Network Services and Traffic Management

  • 2.1.1 Design Patterns for Content Distribution Networks (CDNs)
    • Knowledge: Amazon CloudFront, caching strategies
    • Skills: Evaluating global inbound/outbound traffic for CDN optimization
  • 2.1.2 Global Traffic Management Solutions
    • Knowledge: AWS Global Accelerator and its use cases
    • Skills: Designing solutions using AWS Global Accelerator with Elastic Load Balancing (ELB)

2.2 DNS Solutions for Public, Private, and Hybrid Networks

  • 2.2.1 DNS Protocol Basics
    • Knowledge: DNS records (A, AAAA, CNAME), TTL, DNSSEC
    • Skills: Configuring public and private hosted zones in Route 53
  • 2.2.2 Route 53 Integrations
    • Knowledge: Route 53 health checks, alias records, resolver endpoints
    • Skills: Designing multi-account and multi-region DNS architectures

2.3 Load Balancing for High Availability and Security

  • 2.3.1 Types of Load Balancers
    • Knowledge: Layer 3, 4, and 7 load balancing (Network Load Balancer, Application Load Balancer)
    • Skills: Selecting appropriate load balancers and integrating with Auto Scaling
  • 2.3.2 Load Balancer Configurations
    • Knowledge: Proxy protocol, cross-zone load balancing, session stickiness
    • Skills: Configuring encryption and authentication (TLS termination)

2.4 Logging and Monitoring for Visibility

  • 2.4.1 AWS CloudWatch and VPC Monitoring
    • Knowledge: CloudWatch metrics, logs, alarms, and dashboards
    • Skills: Setting up VPC flow logs, VPC Reachability Analyzer for network performance monitoring

2.5 Hybrid Connectivity and Routing

  • 2.5.1 On-premises to AWS Network Design
    • Knowledge: BGP, static vs. dynamic routing, Direct Connect, Site-to-Site VPN
    • Skills: Designing redundant hybrid architectures
  • 2.5.2 Multi-Account and Multi-Region Connectivity
    • Knowledge: Transit Gateway, VPC Peering, AWS PrivateLink
    • Skills: Managing IP overlaps and connecting multiple VPCs using the appropriate services

3. Domain 2: Network Implementation (26%)

3.1 Routing and Hybrid Connectivity Implementation

  • 3.1.1 Implementing Hybrid Connectivity Solutions
    • Knowledge: VPNs, Direct Connect, colocation facilities
    • Skills: Configuring static/dynamic routing for hybrid architectures

3.2 Multi-Account, Multi-Region VPC Connectivity

  • 3.2.1 Inter-VPC and Multi-Region Connectivity
    • Knowledge: Transit Gateway, VPC Peering, PrivateLink, MPLS
    • Skills: Configuring hybrid networks with third-party solutions

3.3 Hybrid and Multi-Account DNS Architectures

  • 3.3.1 DNS Traffic Management
    • Knowledge: DNS delegation, weighted/geolocation-based traffic management
    • Skills: Configuring private/public hosted zones and DNSSEC for hybrid DNS architectures

3.4 Infrastructure as Code (IaC) for Networking

  • 3.4.1 Automating Network Infrastructure
    • Knowledge: AWS CloudFormation, AWS CDK, Terraform, AWS CLI
    • Skills: Automating hybrid network deployments using IaC and event-driven architecture

4. Domain 3: Network Management and Operation (20%)

4.1 Managing AWS and Hybrid Routing and Connectivity

  • 4.1.1 AWS Networking Services and Limitations
    • Knowledge: Direct Connect, Transit Gateway, VPC Peering
    • Skills: Managing routing protocols like BGP, IP subnets, and bandwidth quotas

4.2 Network Monitoring and Troubleshooting

  • 4.2.1 Network Performance Metrics and Troubleshooting Tools
    • Knowledge: Reachability Analyzer, VPC Flow Logs, CloudWatch
    • Skills: Identifying and resolving packet loss, connectivity, and routing issues

4.3 Optimizing Network Performance and Cost

  • 4.3.1 Choosing the Right Connectivity Solutions
    • Knowledge: AWS Global Accelerator, CloudFront, Transit Gateway
    • Skills: Optimizing bandwidth, reducing latency, and selecting cost-effective connectivity options

5. Domain 4: Network Security, Compliance, and Governance (24%)

5.1 Network Security for AWS Architectures

  • 5.1.1 Security Threats and Mitigation Strategies
    • Knowledge: AWS WAF, AWS Shield, AWS Network Firewall
    • Skills: Implementing secure inbound/outbound traffic flows, securing VPC traffic between accounts

5.2 Network Monitoring and Logging for Security

  • 5.2.1 Network Monitoring Tools
    • Knowledge: CloudWatch, VPC Traffic Mirroring, AWS CloudTrail
    • Skills: Implementing automated alerts and analyzing security logs

5.3 Data Encryption and Confidentiality

  • 5.3.1 Encryption Methods
    • Knowledge: TLS, IPsec, Direct Connect encryption
    • Skills: Implementing encryption for data in transit and using AWS Certificate Manager (ACM) for TLS

6. Appendix

  • 6.1 In-scope AWS Services and Features
  • 6.2 Out-of-scope AWS Services
  • 6.3 Additional Learning Resources and Study Tools