AWS Certified Advanced Networking – Specialty Exam Study Guide
The AWS Certified Advanced Networking – Specialty certification exam is a part of the AWS Specialty learning path and is a highly in-demand certificate among AWS Specialty certifications. The Advanced Networking path focuses on designing and maintaining network architectures in AWS, and using core AWS services to perform networking tasks. You are also tested on your technical skills in implementing hybrid network solutions that span multiple locations for both on-premises and in AWS. Since networking in AWS is quite intricate, companies need individuals like you who meet the competency level in designing complex network solutions.
Primarily, this certification exam is recommended for people who have experience with AWS networking. A Specialty exam can be as difficult as a Professional-level exam, so ample preparation is needed. You can know more about your exam through the official exam guide here. It breaks down the different domains that you can expect from the exam, with each domain discussing the different scenarios and services that you should have knowledge of.
The best things in life are free. With that said, the primary study materials we recommend for the AWS Certified Advanced Networking Specialty exam are:
- Exam Readiness: AWS Certified Advanced Networking – Specialty – This is a 9-hour course that is FREE to take in the aws.training portal. It is a great way to get started on your review.
- AWS Whitepapers – This will be listed below
- AWS Documentation and FAQs
- AWS Blogs – This is also important since blogs often contain scenarios or architecture diagrams that might appear as questions in your exam.
- AWS Re:Invent videos – The same goes with Re:Invent videos. AWS usually features sample architectures for new features or services to give a better idea of how to use them.
There are also some paid content that are worth checking out if you are eager to pass the exam confidently:
- AWS Certified Advanced Networking Official Study Guide: Specialty Exam – There is a kindle version of this and a paperback version.
- Advanced Architecting on the AWS training site – A classroom-type setting that discusses architectures using multiple AWS networking services such as Direct Connect and Storage Gateway.
- AWS Direct Connect Deep Dive
- Amazon Virtual Private Cloud Connectivity Options
- Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
- Hybrid Cloud DNS Options for Amazon VPC
- Integrating AWS with Multiprotocol Label Switching
- Reviewing DNS Mechanisms for Routing Traffic and Enabling Failover for AWS PrivateLink Deployments
- Connecting a Single Customer Router to Multiple VPCs
- How to Set Up DNS Resolution Between On-Premises Networks and AWS by Using Unbound
Core AWS Services to Focus On
For this exam, you should have a thorough understanding of the following services:
1. Amazon VPC
- AWS Regions and Availability Zones
- IPv4 and IPv6 operations and supported service
- Elastic IP
- Amazon PrivateLink, VPC Endpoints
- VPC Peering and other VPC connectivity options
- DHCP Options Set
- Secondary CIDR Blocks
- IPv4 CIDR block association restrictions
- NAT Gateway Troubleshooting
- Ephemeral ports
- Managed prefix list for VPC Endpoints
- VPC Flow Logs
- Transit VPC
2. VPN on AWS
- VPN termination in AWS
- VPN + Direct Connect, Routing preferences
- VPN high availability, fault-tolerance and scalability
- Site-to-Site VPN tunnel options
- Customer gateway options
- Direct Connect Provisioning
- Virtual Interface Types (Public, Private, Transit and Hosted)
- Link Aggregation Group
- Direct Connect Gateway
- AWS Direct Connect Resiliency Types
5. Route 53
- DNS management
- Traffic routing policies with health checks
- Subdomain Delegation
- Public vs Private Hosted Zone
- ALB, NLB and CLB
- TCP Passthrough
- Request Headers (X-Forwarded-For, Proxy Protocol v2)
- ALB Listener Rule condition types
- Components of a CloudFront distribution
- CloudFront for caching, CloudFront for streaming
8. AWS VPN CloudHub
- How to automate monitoring of potential network threats
- How to guard against DDoS and other infrastructure layer attacks
11. AWS WAF
- How to guard against network layer DDoS, SQL injection, XSS, and other common security exploits
- IP-based and Geo-based Blocking
- How to centrally manage firewall rules across multiple accounts
Important networking topics
- OSI model
- Traffic encryption
- IP VPN, MPLS (multi-protocol label switching), VPLS (virtual private LAN service)
- Transitioning from IPv4 to IPv6
- Maximum Transmission Unit (MTU)
- Types of Scope BGP community tags
- Types of Local preference BGP community tags
- Multi-exit discriminators (MEDs)
- Autonomous System (AS) prepending
- Public and Private Autonomous System Number (ASN)
- IP Protocol 50 – Encapsulating Security Payload (ESP)
- BGP routing and static routing
- DHCP in VPC
- IPS/IDS, WAF, DDoS protection, EDoS protection
- Hybrid architectures involving private networks and AWS network
- How to troubleshoot network issues
Validate Your Knowledge
The first resource that you should check after you’ve reviewed the materials above is the FREE AWS sample questions for Advanced Networking specialty. It has 10 questions that are patterned similarly to the real exam, and AWS has provided the answers with great explanations for each item at the end of the file. Be sure to check this sample questionnaire often since AWS may upload a new version of it at any time.
For a full-on practice test course, you can use Tutorials Dojo’s high-quality AWS Certified Advanced Networking Specialty practice exams to get you prepared. Our practice exams contain multiple sets of questions that cover almost every area you can expect from the real certification exam. We also include detailed explanations after each item to help you understand why one choice is better than the others, which is the value that you get from our course. Practice exams are a great way to know which AWS topics you need to focus on and they also highlight the important information that you might have missed during your reviews.
Sample Practice Test Questions:
The company’s on-premises network has an established AWS Direct Connect connection to its VPC in AWS. A Network Engineer is designing the network infrastructure of a multitier application hosted in an Auto Scaling group of EC2 instances. The application will be accessed by the employees from the on-premises network as well as from the public Internet. The network configuration must automatically update routes in your route table based on your dynamic BGP route advertisement.
What should the Engineer do to implement this network setup?
- Enable route propagation in the route table of the VPC and add a specific route to the on-premises network. Specify the virtual private gateway as the target.
- Set up two different route tables in the VPC. The first route table must have a default route to the Internet Gateway and the second table has a route to the virtual private gateway.
- Disable the default route propagation option in the route table of the VPC and add a specific route to the on-premises network. Choose the virtual private gateway as the target. Enable the route propagation option in the customer gateway.
- Modify the main route table of the VPC to have two default routes. The first route goes to the public Internet via the Internet Gateway while the second route goes to the on-premises network via the virtual private gateway.
A company needs to establish network connectivity between its Amazon VPCs and on-premises network using multiple AWS Managed VPN connections that are associated with a Transit Gateway. The Network Engineer has been assigned to increase the traffic bandwidth over multiple paths and get a higher VPN bandwidth beyond the default 1.25 Gbps limit.
What must the Engineer do to accomplish this task?
- Set up a private Multiprotocol Label Switching (MPLS) network in your on-premises data center.
- Use Jumbo Frames by setting the MTU to 9001.
- Set up Equal-Cost Multi-Path (ECMP) routing. Ensure that VPN ECMP Support and Dynamic VPN options are enabled in the Transit Gateway.
- Implement Q-in-Q Tunnels by adding a second 802.1Q tag to an already tagged frame.
Check out our other AWS practice test courses here:
Unfortunately, for this Specialty certification exam, as of writing this guide, AWS has yet to release an official practice exam in the aws.training portal. If you have purchased the AWS Certified Advanced Networking Official Study Guide: Specialty Exam book, it includes two sets of practice questions that you can read through and answer, as well as sample exercises that you can implement in your AWS account.
In a real-world setting, it can be difficult to gain hands-on experience with deep, technical, network-related AWS tasks. Not everyone uses a Direct Connect or links multiple VPCs together, and these situations are not easily doable on a personal account. This is also why some exam takers consider the AWS Advanced Networking exam to be more difficult than both the Solutions Architect Professional exam and the DevOps Professional exam. If you are also in a similar situation, the next best way to study is to “simulate” using these services via pen and paper. List down the steps and details you need to provision a resource, for example, and create a diagram of how your network should look like at the end. This way, you’ll at least have the theoretical experience needed in designing and troubleshooting complex network systems, which will really help you out in your actual exam.