Aws Certified Advanced Networking Official Study Guide: Specialty Exam 9781119439837, 9781119439882, 9781119439905, 1119439833

The official study guide for the AWS certification specialty exam TheAWS Certified Advanced Networking Official Study G

1,473 264 9MB

English Pages 576 [574] Year 2018

Report DMCA / Copyright

DOWNLOAD FILE

Aws Certified Advanced Networking Official Study Guide: Specialty Exam
 9781119439837, 9781119439882, 9781119439905, 1119439833

Table of contents :
Cover......Page 1
Title Page......Page 5
Copyright......Page 6
Contents......Page 17
Table of Exercises......Page 31
Foreword......Page 35
What Does this Book Cover?......Page 39
Interactive Online Learning Environment and Test Bank......Page 41
Exam Objectives......Page 42
Objective Map......Page 43
Assessment Test......Page 46
Answers to Assessment Test......Page 52
Chapter 1 Introduction to Advanced Networking......Page 57
Regions......Page 58
Availability Zones......Page 59
VPC Mechanics......Page 60
Services Outside Your VPC......Page 61
Elastic Load Balancing......Page 63
AWS Shield......Page 64
Resources to Review......Page 65
Exam Essentials......Page 66
Exercise......Page 67
Review Questions......Page 68
Chapter 2 Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals......Page 71
Introduction to Amazon Virtual Private Cloud (Amazon VPC)......Page 72
Subnets......Page 75
Route Tables......Page 78
IP Addressing......Page 79
IPv4 Addresses......Page 80
IPv6 Addresses......Page 81
Security Groups......Page 82
Network Access Control Lists (ACLs)......Page 85
Internet Gateways......Page 86
Network Address Translation (NAT) Instances and NAT Gateways......Page 87
NAT Instance......Page 88
Egress-Only Internet Gateways (EIGWs)......Page 89
Virtual Private Gateways (VGWs), Customer Gateways, and Virtual Private Networks (VPNs)......Page 91
VPC Endpoints......Page 92
VPC Peering......Page 94
Placement Groups......Page 96
Elastic Network Interfaces......Page 97
Dynamic Host Configuration Protocol (DHCP) Option Sets......Page 98
VPC Flow Logs......Page 99
Summary......Page 101
Exam Essentials......Page 104
Exercises......Page 107
Review Questions......Page 111
Chapter 3 Advanced Amazon Virtual Private Cloud (Amazon VPC)......Page 113
VPC Endpoints......Page 114
Gateway VPC Endpoints......Page 115
Amazon S3 Endpoints......Page 116
Accessing Gateway Endpoints Over Remote Networks......Page 118
Securing Gateway VPC Endpoints......Page 119
Interface VPC Endpoints......Page 120
AWS PrivateLink for Customer and Partner Services......Page 121
Comparing AWS PrivateLink and VPC Peering......Page 123
AWS PrivateLink Service Consumer Considerations......Page 124
Accessing a Shared Services VPC......Page 125
Transitive Routing......Page 126
Routing Across Peered VPCs......Page 129
Resizing VPC Considerations......Page 130
Design Considerations......Page 132
Summary......Page 133
Exam Essentials......Page 134
Exercises......Page 136
Review Questions......Page 144
Chapter 4 Virtual Private Networks......Page 149
Site-to-Site VPN......Page 150
Virtual Private Gateway as a VPN Termination Endpoint......Page 151
Availability and Redundancy......Page 152
VPN Features......Page 153
AWS VPN CloudHub......Page 154
VPN Creation Process......Page 156
Amazon Elastic Compute Cloud (Amazon EC2) Instance as a VPN Termination Endpoint......Page 157
Availability and Redundancy......Page 158
VPN Creation Process......Page 160
Performance......Page 162
VPN Termination Endpoint for On-Premises Networks (Customer Gateways)......Page 166
Third-Party VPN Device......Page 167
Client-to-Site VPN......Page 168
Design Patterns......Page 170
Summary......Page 173
Exam Essentials......Page 175
Resources to Review......Page 176
Exercises......Page 177
Review Questions......Page 182
Chapter 5 AWS Direct Connect......Page 185
Border Gateway Protocol......Page 186
Dedicated Connections......Page 187
Cross-Connect to the AWS Port......Page 188
Multiple Connections......Page 189
AWS Direct Connect Partners......Page 190
Logical Connectivity......Page 191
Virtual Interfaces......Page 192
Public Virtual Interfaces......Page 193
Private Virtual Interfaces......Page 194
Direct Connect Gateway......Page 195
Dual Connection: Single Location......Page 196
Single Connections: Dual Locations......Page 197
Private Virtual Interface Configuration......Page 199
Backup Virtual Private Network (VPN)......Page 200
Virtual Private Network Over AWS Direct Connect......Page 201
Integration with the Transit Virtual Private Cloud Solution......Page 202
Port-Hours......Page 203
Public Virtual Interface Data Transfer......Page 204
Exam Essentials......Page 205
Exercises......Page 206
Review Questions......Page 209
Chapter 6 Domain Name System and Load Balancing......Page 211
Domain Name System......Page 212
Top-Level Domains......Page 213
Fully Qualified Domain Names......Page 214
Domain Name Registrars......Page 215
Domain Level Name Servers......Page 216
Start of Authority Record......Page 217
Pointer......Page 218
Amazon EC2 DNS Service......Page 219
Amazon EC2 DNS and VPC Peering......Page 221
Custom Amazon EC2 DNS Resolver......Page 222
Amazon Route 53......Page 224
Domain Registration......Page 225
Transferring Domains......Page 226
Domain Name System Service......Page 227
Supported Record Types......Page 228
Weighted Routing Policy......Page 229
Failover Routing Policy......Page 230
Geolocation Routing Policy......Page 231
Multivalue Answer Routing......Page 232
Geoproximity Routing (Traffic Flow Only)......Page 233
More on Health Checking......Page 234
Elastic Load Balancing......Page 236
Types of Load Balancers......Page 237
Classic Load Balancer......Page 239
Network Load Balancer......Page 240
Internet-Facing Load Balancers......Page 242
Listeners......Page 243
Targets......Page 244
Idle Connection Timeout......Page 245
Proxy Protocol......Page 246
Health Checks......Page 247
ELB Sandwich......Page 248
Summary......Page 249
Exam Essentials......Page 252
Resources to Review......Page 254
Exercises......Page 255
Review Questions......Page 261
Chapter 7 Amazon CloudFront......Page 263
Content Delivery Network Overview......Page 264
Distributions......Page 265
How Amazon CloudFront Delivers Content......Page 266
Configuring Amazon CloudFront......Page 267
How CloudFront Operates......Page 268
Amazon CloudFront Regional Edge Caches......Page 270
Dynamic Content, Multiple Origins, and Cache Behaviors......Page 271
A Note on Performance: Dynamic Content and HTTP/2......Page 272
Private Content......Page 273
RTMP Distributions......Page 274
Alternate Domain Names......Page 275
HTTPS......Page 276
Invalidating Objects (Web Distributions Only)......Page 277
Amazon CloudFront and AWS [email protected] 278
Amazon CloudFront Field-Level Encryption......Page 279
Exam Essentials......Page 280
Resources to Review......Page 281
Exercises......Page 282
Review Questions......Page 286
Chapter 8 Network Security......Page 289
AWS Organizations......Page 291
AWS CloudFormation......Page 292
AWS Service Catalog......Page 293
Amazon Route 53......Page 294
Amazon CloudFront......Page 296
AWS [email protected] 297
AWS WAF......Page 298
AWS Shield......Page 301
Elastic Load Balancing......Page 302
Subnets and Route Tables......Page 303
Security Groups and Network Access Control Lists (ACLs)......Page 305
Amazon Elastic Compute Cloud (Amazon EC2)......Page 306
Amazon GuardDuty......Page 308
Amazon Macie......Page 309
AWS Cloud Services......Page 310
Solution Description......Page 311
AWS Cloud Services......Page 312
Solution Description......Page 313
AWS Cloud Services......Page 314
Solution Description......Page 315
Summary......Page 316
Resources to Review......Page 318
Exam Essentials......Page 320
Exercises......Page 322
Review Questions......Page 325
Chapter 9 Network Performance......Page 329
Bandwidth......Page 330
Packet Loss......Page 331
Instance Networking......Page 332
Amazon Elastic Block Store (Amazon EBS)-Optimized Instances......Page 333
Network Drivers......Page 334
Optimizing Performance......Page 335
Network Credits......Page 336
Load Balancer Performance......Page 337
Quality of Service (QoS) in a VPC......Page 338
Real-Time Media......Page 339
On-Premises Data Transfer......Page 340
Network Appliances......Page 341
Amazon CloudWatch Metrics......Page 342
Throughput Testing......Page 344
Summary......Page 345
Exam Essentials......Page 346
Exercises......Page 348
Review Questions......Page 355
Chapter 10 Automation......Page 361
Infrastructure as Code......Page 362
Templates and Stacks......Page 363
Stack Dependencies......Page 366
Errors and Rollbacks......Page 370
Template Parameters......Page 371
Verifying Changes with Change Sets......Page 374
Configuring Non-AWS Resources......Page 375
Security Best Practices......Page 377
Continuous Delivery......Page 378
Approvals......Page 379
Monitoring Network Health Metrics......Page 381
Creating Alarms for Unusual Events......Page 383
Collecting Text Logs......Page 385
Converting Logs to Metrics......Page 386
Exam Essentials......Page 387
Resources to Review......Page 389
Exercises......Page 390
Review Questions......Page 397
Chapter 11 Service Requirements......Page 401
Amazon WorkSpaces......Page 402
Amazon AppStream 2.0......Page 403
AWS Lambda Requirements......Page 404
Amazon EC2 Container Service (Amazon ECS)......Page 405
Amazon EMR Requirements......Page 406
AWS Database Migration Service (AWS DMS)......Page 407
Amazon Redshift Requirements......Page 408
AWS Elastic Beanstalk......Page 409
Summary......Page 410
Exam Essentials......Page 411
Resources to Review......Page 412
Exercises......Page 413
Review Questions......Page 416
Chapter 12 Hybrid Architectures......Page 419
Choices for Connectivity......Page 420
Three-Tier Web Application......Page 421
Active Directory......Page 423
Applications Requiring Consistent Network Performance......Page 424
Hybrid Operations......Page 426
Application Storage Access......Page 427
Amazon Simple Storage Service (Amazon S3)......Page 428
Hybrid Cloud Storage: AWS Storage Gateway......Page 430
Access VPC Endpoints and Customer-Hosted Endpoints over AWS Direct Connect......Page 431
Encryption on AWS Direct Connect......Page 432
Use of Transitive Routing in Hybrid IT......Page 435
Transit VPC Architecture Considerations......Page 436
Transit VPC Scenarios......Page 440
Summary......Page 442
Exam Essentials......Page 444
Exercises......Page 445
Review Questions......Page 450
Chapter 13 Network Troubleshooting......Page 453
Methodology for Troubleshooting......Page 454
nslookup......Page 455
Amazon CloudWatch......Page 456
Troubleshooting Common Scenarios......Page 457
Virtual Private Network......Page 458
Internet Key Exchange (IKE) Phase 1 and Phase 2 Troubleshooting......Page 459
Security Groups......Page 460
Routing......Page 461
Virtual Private Cloud (VPC) Peering Connections......Page 462
Amazon CloudFront Connectivity......Page 463
Domain Name System......Page 464
Summary......Page 465
Exam Essentials......Page 466
Resources to Review......Page 467
Exercises......Page 468
Review Questions......Page 471
Chapter 14 Billing......Page 475
Virtual Private Network (VPN) Connections......Page 476
Elastic Load Balancing......Page 477
Types of Data Transfer......Page 478
Data Transfer: Inter-Availability Zone......Page 479
Scenario 2......Page 480
Scenario 5......Page 482
Exam Essentials......Page 484
Exercises......Page 485
Review Questions......Page 488
Chapter 15 Risk and Compliance......Page 491
It All Begins with Threat Modeling......Page 492
Compliance and Scoping......Page 493
Audit Reports and Other Papers......Page 494
Controlling Access to AWS......Page 495
Amazon CloudFront Distributions......Page 497
AWS API Calls and Internet API Endpoints......Page 498
Encryption in Transit Inside AWS Environments......Page 499
Network Activity Monitoring......Page 500
AWS Config......Page 501
Amazon CloudWatch......Page 502
Amazon CloudWatch Logs......Page 503
Amazon VPC Flow Logs......Page 504
AWS Shield and Anti-DDoS Measures......Page 505
Amazon VPC Flow Logs Analysis......Page 507
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)/AWS Web Application Firewall (AWS WAF)......Page 508
Other Compliance Tools......Page 509
Penetration Test Authorization Scope and Exceptions......Page 510
Applying for and Receiving Penetration Test Authorization......Page 511
Summary......Page 512
Exam Essentials......Page 513
Resources to Review......Page 514
Exercises......Page 515
Review Questions......Page 520
Chapter 16 Scenarios and Reference Architectures......Page 523
Hybrid Networking Scenario......Page 524
Multi-Location Resiliency......Page 528
Resources to Review......Page 532
Exam Essentials......Page 533
Exercises......Page 534
Review Questions......Page 537
Appendix Answers to Review Questions......Page 541
Chapter 1: Introduction to Advanced Networking......Page 542
Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC)......Page 543
Chapter 4: Virtual Private Networks......Page 545
Chapter 6: Domain Name System and Load Balancing......Page 546
Chapter 7: Amazon CloudFront......Page 547
Chapter 8: Network Security......Page 548
Chapter 9: Network Performance......Page 549
Chapter 10: Automation......Page 551
Chapter 11: Service Requirements......Page 552
Chapter 12: Hybrid Architectures......Page 553
Chapter 14: Billing......Page 554
Chapter 16: Scenarios and Reference Architectures......Page 555
Index......Page 557
EULA......Page 574

Polecaj historie