AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam [Second Edition] 1394171854, 9781394171859
The latest edition of the official study guide for the AWS Advanced Networking certification specialty exam The newly r
184 77 46MB
English Year 2023
![AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam [Second Edition]
1394171854, 9781394171859](https://dokumen.pub/img/200x200/aws-certified-advanced-networking-study-guide-specialty-ans-c01-exam-second-edition-1394171854-9781394171859-z-4645143.jpg)
Table of contents :
Cover Page
Title Page
Copyright Page
Acknowledgments
About the Author
Contents at a Glance
Contents
Introduction
Interactive Online Learning Environment and Test Bank
AWS Certified Advanced Networking - Specialty (ANS-C01) Study Guide Exam Objectives
Objective Map
How to Contact the Publisher
Assessment Test
Answers to Assessment Test
Part I Network Design
Chapter 1 Edge Networking
Content Distribution Networking
CloudFront
CloudFront Implementation
Caching and Object Retention
Invalidations
Protocol Support
CloudFront Encryption Using SSL/TLS and SNI
CloudFront Security
Billing
Lambda@edge
Geo-restriction and Geolocation
Global Accelerator
Global Accelerator Architecture
Custom Routing Accelerator
AWS Global Accelerator Pricing
Elastic Load Balancers
Load Balancer Architectures
Listeners
Target Groups
Health Checking
Sticky Connections
Proxy Connections
Load Balancing Across Different Availability Zones
Connection Draining
AWS Load Balancer Offerings
Application Load Balancers
Gateway Load Balancers
Network Load Balancer
Classic Load Balancers
Configuring Elastic Load Balancers
API Gateway
REST API
HTTP API
WebSocket Protocol
API Gateway Configuration
API Gateway Caching
Endpoint Types
Security
Authentication and Authorization
CloudFront Design Considerations
Summary
Exam Essentials
Exercises
Written Lab
Written Lab 1.1: Create an HTTP API by Using the AWS Management Console
Review Questions
Chapter 2 Domain Name Services
DNS and Route 53
DNS Overview
Architecture
DNS Hierarchy
Zones
DNS Resolution Process
Resource Records
Timers
Delegations
DNSSEC Overview
DNS Logging and Monitoring
CloudTrail
CloudWatch
Artificial Intelligence and Machine Learning
Redshift
Route 53 Advanced Features and Policies
Alias Records
Resolvers
Route 53 Resolver DNS Firewall
Health Checks
Traffic Routing Policies
Simple Routing
Multivalue Responses
Latency-Based Routing
Failover Routing
Round-Robin Routing
Weighted Routing
Geolocation
Geo-proximity
Route 53 Service Integrations
VPC
CloudFront
Load Balancers
Route 53 Application Recovery Controller
Hybrid Route 53
Multi-account Route 53
Multi-Region Route 53
Using Route 53 Public Hosted Zones
Using Route 53 Private Hosted Zones
Using Route 53 Resolver Endpoints in Hybrid and AWS Architectures
Using Route 53 for Global Traffic Management
Route 53 Failover
Domain Registration
Required Information to Register a Domain
Privacy Protection
Route 53 Registration Information
Renewing Your Domain
Summary
Exam Essentials
Exercises
Review Questions
Chapter 3 Hybrid and Multi-account DNS
Implementing Hybrid and Multi-account DNS Architectures
Route 53 Hosted Zones
Private Hosted Zones
Public Hosted Zones
Traffic Management
Latency
Geolocation
Weighted
Failover
Multivalue
Health Checking
Domain Delegation and Forwarding
Delegating Domains
Forwarding Rules
Configuring Records in Route 53
A Record
AAAA Record
CNAME
MX Record
SOA Record
TXT Record
PTR Record
Alias Record
SRV Record
SPF Record
NAPTR Record
CAA Record
Configuring DNSSEC
Multi-account Route 53
DNS Endpoints
Outbound Endpoints
Inbound Endpoints
Configuring Route 53 Monitoring and Logging
CloudTrail API Logging
CloudWatch Logging
DNS Query Logging
Resolver Query Logging
Hosted Zone Monitoring
Resolver Endpoints Monitoring
Domain Registration Monitoring
Summary
Exam Essentials
Written Labs
Written Lab 3.1: Configure Logging for DNS Queries
Written Lab 3.2: View DNS Query Metrics for a Public Hosted Zone in the CloudWatch Console
Review Questions
Chapter 4 Load Balancing
Elastic Load Balancing
Network Load Balancing
Application Load Balancing
Gateway Load Balancing
Classic Load Balancing
Network Design
High Availability
Security
ELB Connectivity Patterns
Internal Load Balancers
External Load Balancers
Autoscaling
AWS Service Integrations
Config
Global Accelerator
CloudFront
Traffic Mirroring
VPC Endpoint Services (PrivateLink)
Web Application Firewall
Route 53
Amazon Elastic Kubernetes Service
AWS Certificate Manager
ELB Configuration Options
Proxy Protocol
X-Forwarded-For Protocol
Cross-Zone Load Balancing
Session Affinity and Sticky Sessions
Target Groups
Routing
Target Types
IP Address Type
Protocol Version
Registered Targets
Routing Algorithms
Deregistration and Connection Draining
Deletion Protection
Health Checking
Slow Start
The GENEVE Protocol
Encryption and Authentication
SSL/TLS Offload
TLS Passthrough
Summary
Exam Essentials
Exercises
Written Labs
Written Lab 4.1: Create a Network Load Balancer
Written Lab 4.2: Use the Console to Enable Deletion Protection
Written Lab 4.3: Use the Console to Disable Deletion Protection
Written Lab 4.4: Enable Application-Based Stickiness
Review Questions
Chapter 5 Logging and Monitoring
CloudWatch
Metrics
Monitoring Categories
Agents
Logging
Alarms
Metric Insights
Dashboards
Transit Gateway Network Manager
VPC Reachability Analyzer
Access Logs
Elastic Load Balancing
Route 53 Logs
CloudFront Logs
CloudTrail Logs
X-Ray
X-Ray Traces
X-Ray Insights
Flow Logs
Baseline Network Performance
Inspector
Application Insights
Config
Summary
Exam Essentials
Written Labs
Written Lab 5.1: Enable CloudWatch Detailed Monitoring for an Instance That Has Already Been Enabled
Written Lab 5.2: Enable CloudWatch Logging from the Web Console
Written Lab 5.3: Enable CloudWatch Alarms from the Web Console
Written Lab 5.4: Create a VPC Reachability Analyzer from the Web Console
Review Questions
Part II Network Implementation
Chapter 6 Hybrid Networking
Hybrid Connectivity
OSI Layer 1
Optics
OSI Layer 2
VLANs
Link Aggregation
Jumbo Frames
Encapsulation and Encryption
Overlay and Underlay Networks
VxLan
Generic Routing Encapsulation
IPSec
GENEVE
Routing Fundamentals
Static Routing
Dynamic Routing
The BGP Routing Protocol
Direct Connect
Direct Connect Gateway
Virtual Private Gateway
Site-to-Site VPN
VPN CloudHub
AWS Account Resource Sharing
Summary
Exam Essentials
Exercises
Written Labs
Written Lab 6.1: Simulate Creating a Direct Connection
Written Lab 6.2: Simulate Creating a Site-to-Site VPN Connection
Review Questions
Chapter 7 Connecting On-Premises Networks
On-Premises Network Connectivity
VPNs
VPN Security
Accelerated Site-to-Site VPN Connections
Layer 1 and Types of Hardware to Use
Direct Connect
Direct Connect Locations
Letter of Authorization Documents
Layer 2 and Layer 3
Switching
Routing
Gateways
Software-Defined Networking
Transit Gateway
PrivateLink
Resource Access Manager
Testing and Validating Connectivity Between Environments
Route Analyzer
Reachability Analyzer
ICMP ping
traceroute
Summary
Exam Essentials
Written Labs
Written Lab 7.1: Create a VPN Attachment on a Transit Gateway Using the Console
Written Lab 7.2: Perform a traceroute
Written Lab 7.3: Use ping
Review Questions
Chapter 8 Inter-VPC and Multi-account Networking
Networking Services of VPCs
VPC Sharing
VPC Peering
Multi-account VPC Sharing
PrivateLink
Hub-and-Spoke VPC Architectures
Transit Gateway
Transit Gateway Connect
transit VPCs
Wide-Area Networking
Software-Defined Wide Area Networking
Multi Protocol Label Switching
Expanding AWS Networking Connectivity
Organizations
Resource Access Manager
Authentication and Authorization
Security Association Markup Language
Active Directory
Summary
Exam Essentials
Exercises
Review Questions
Chapter 9 Hybrid Network Routing and Connectivity
Industry-Standard Routing Protocols Used in AWS Hybrid Networks
Optimizing Routing
Optimizing Dynamic Routing
Optimizing Static Routing
Route Priorities and Administrative Distance
Route Summarization
Route Propagation
Overlapping Routes
BGP Over Direct Connect
Connectivity Methods for AWS and Hybrid Networks
Direct Connect and Direct Connect Gateway
Direct Connect Virtual Interfaces
Site-to-Site VPN
App Mesh
AWS Networking Limits and Quotas
Available Private and Public Access Methods for Custom Services
PrivateLink
VPC Peering
Available Inter-Regional and Intra-Regional Communication Patterns
Summary
Exam Essentials
Written Lab
Written Lab 9.1: Enable Route Propagation in a VPC
Exercises
Review Questions
Part III Network Management and Operations
Chapter 10 Network Automation
Network Automation
Infrastructure as Code
AWS Cloud Development Kit
AWS CloudFormation
EventBridge
AWS Command-Line Interface
AWS Software Development Kit
Application Programming Interfaces
Integrating Network Automation Using Infrastructure as Code
Event-Driven Network Automation
Automating the Process of Optimizing Cloud Network Resources with IaC
Common Problems When Using Hard-Coded Instructions in IaC Templates
Creating and Managing Repeatable Network Configurations
Integrating Event-Driven Networking Functions
Integrating Hybrid Network Automation Options with AWS Native IaC
Eliminating Risk and Achieving Efficiency in a Cloud Networking Environment
Summary
Exam Essentials
Exercises
Review Questions
Chapter 11 Monitor, Analyze, and Optimize Network Traffic
Monitoring, Analyzing, and Optimizing AWS Networks
Monitor and Analyze Network Traffic to Troubleshoot and Optimize Connectivity Patterns
Network Performance Metrics and Reachability Constraints
Appropriate Logs and Metrics to Assess Network Performance and Reachability Issues
AWS Tools to Collect and Analyze Logs and Metrics
AWS Tools to Analyze Routing Patterns and Issues
Analyzing Logging Output to Assess Network Performance and Troubleshoot Connectivity
Network Topology Mapping
Analyzing Packets to Identify Issues
Using the Reachability Analyzer for Troubleshooting, Validating, and Automating Connectivity Issues
Optimize AWS Networks for Performance, Reliability, and Cost-Effectiveness
VPC Peering vs. Transit Gateways
Reducing Bandwidth Utilization with Multicast
Implementing Multicast Capability Within a VPC and On-Premises Environments
Optimizing Route 53
Frame Size Optimization Across Different Connection Types
Jumbo Frame Support Across Different Connection Types
Optimizing Network Throughput
Selecting a Network Interface for Best Performance
Select Network Connectivity Services That Meet Requirements
VPC Subnet Optimization
Updating and Optimizing Subnets to Prevent the Depletion of Available IP Addresses in a VPC
Updating and Optimizing Subnets for Autoscaling
Optimizing Network Performance and Availability Using Caching and Compression
Summary
Exam Essentials
Written Labs
Written Lab 11.1: Create a VPC Flow Log
Written Lab 11.2: Add a New Subnet to a VPC
Written Lab 11.3: Change the MTU on a Linux EC2 Interface
Exercises
Review Questions
Part IV Network Security, Compliance, and Governance
Chapter 12 Security, Compliance and Governance
Security, Compliance, and Governance
Threat Models
Common Security Threats
Securing Application Flows
Network Architectures That Meet Security and Compliance Requirements
Securing Inbound Traffic Flows
Web Application Firewall
Network Firewall
Shield
Security Groups
Network Access Control Lists
Securing Outbound Traffic Flows
Network Firewall
Proxies
Gateway Load Balancers
Route 53 Resolvers
Virtual Private Networks
VPC Endpoint Services: PrivateLink
Securing Inter-VPC Traffic
Network ACLs
VPC Endpoint Policies
Security Groups
Transit Gateway
VPC Peering
Implementing an AWS Network Architecture to Meet Security and Compliance Requirements
Untrusted Networks
Perimeter VPC
Three-Tier Architecture
Hub-and-Spoke Architecture
Develop a Threat Model and Identify Mitigation Strategies
Compliance Testing
Automating Security Incident Reporting and Alerting
Summary
Exam Essentials
Exercises
Written Labs
Written Lab 12.1: Download an Artifact Report
Written Lab 12.2: Request a Public SSL/TLS Certificate from the Aws Console
Written Lab 12.3: Review a Security Group Configuration from the AWS Console
Review Questions
Chapter 13 Network Monitoring and Logging
Network Monitoring and Logging Services in AWS
AWS CloudTrail
VPC Traffic Mirroring
VPC Flow Logs
Transit Gateway Logging
Alerting Mechanisms
CloudWatch Alarms
Simple Notification Service
Log Creation with Different AWS Services
Load Balancer Access Logs
CloudFront Access Logs
Log Delivery Mechanisms
Kinesis
Route 53
CloudWatch
Mechanisms to Audit Network Security Configurations
Security Groups
Firewall Manager
Trusted Advisor
Traffic Mirroring and Flow Logs
Creating and Analyzing VPC Flow Logs
Creating and Analyzing Network Traffic Mirroring
CloudWatch
Implementing Automated Alarms Using CloudWatch
Implementing Customized Metrics Using CloudWatch
Correlating and Analyzing Information Across Single or Multiple AWS Log Sources
Implementing Log Delivery Solutions
Implementing a Network Audit Strategy
Summary
Exam Essentials
Exercises
Review Questions
Chapter 14 Confidentiality and Encryption
Confidentiality and Encryption
Network Encryption Options Available on AWS
VPN Connectivity Over Direct Connect
Encryption Methods for Data in Transit
Network Encryption and the AWS Shared Responsibility Model
Security Methods for DNS Communications
Implementing Network Encryption Methods to Meet Application Compliance Requirements
IPSec
TLS
Implementing Encryption Solutions to Secure Data in Transit
CloudFront
Application Load Balancers and Network Load Balancers
Securing AWS Managed Databases
Securing Amazon S3 Buckets
Securing EC2 Instances
Transit Gateway
Certificate Management Using a Certificate Authority
AWS Certificate Manager and Private Certificate Authority
Summary
Exam Essentials
Exercises
Review Questions
Appendix: Answers to Review Questions
Chapter 1: Edge Networking
Chapter 2: Domain Name Services
Chapter 3: Hybrid and Multi-account DNS
Chapter 4: Load Balancing
Chapter 5: Logging and Monitoring
Chapter 6: Hybrid Networking
Chapter 7: Connecting On-Premises Networks
Chapter 8: Inter-VPC and Multi-account Networking
Chapter 9: Hybrid Network Routing and Connectivity
Chapter 10: Network Automation
Chapter 11: Monitor, Analyze, and Optimize Network Traffic
Chapter 12: Security, Compliance and Governance
Chapter 13: Network Monitoring and Logging
Chapter 14: Confidentiality and Encryption
Index
EULA
![AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam [Second Edition]
1394171854, 9781394171859](https://dokumen.pub/img/200x200/aws-certified-advanced-networking-study-guide-specialty-ans-c01-exam-second-edition-1394171854-9781394171859-x-4720300.jpg)
![AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam [Second Edition]
1394171854, 9781394171859](https://dokumen.pub/img/200x200/aws-certified-advanced-networking-study-guide-specialty-ans-c01-exam-second-edition-1394171854-9781394171859.jpg)
![AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam [Team-IRA] [2 ed.]
1394171854, 9781394171859](https://dokumen.pub/img/200x200/aws-certified-advanced-networking-study-guide-specialty-ans-c01-exam-team-ira-2nbsped-1394171854-9781394171859.jpg)
![AWS Certified Security Study Guide: Specialty (SCS-C01) Exam [1 ed.]
1119658810, 9781119658818, 9781119658832, 9781119658849](https://dokumen.pub/img/200x200/aws-certified-security-study-guide-specialty-scs-c01-exam-1nbsped-1119658810-9781119658818-9781119658832-9781119658849.jpg)