Home Page Icon
Home Page
Table of Contents for
AWS® Certified Advanced Networking: Official Study Guide Specialty Exam
Close
AWS® Certified Advanced Networking: Official Study Guide Specialty Exam
by Steve Seymour, Steve Morad, Nick Matthews, Matt Lehwess, Alan Halachmi, James De
AWS Certified Advanced Networking Official Study Guide
Acknowledgments
About the Authors
Foreword
Introduction
What Does this Book Cover?
Interactive Online Learning Environment and Test Bank
Exam Objectives
Objective Map
Assessment Test
Answers to Assessment Test
Chapter 1 Introduction to Advanced Networking
AWS Global Infrastructure
Amazon Virtual Private Cloud
AWS Networking Services
Summary
Resources to Review
Exam Essentials
Exercise
Review Questions
Chapter 2 Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals
Introduction to Amazon Virtual Private Cloud (Amazon VPC)
Subnets
Route Tables
IP Addressing
Security Groups
Network Access Control Lists (ACLs)
Internet Gateways
Network Address Translation (NAT) Instances and NAT Gateways
Egress-Only Internet Gateways (EIGWs)
Virtual Private Gateways (VGWs), Customer Gateways, and Virtual Private Networks (VPNs)
VPC Endpoints
VPC Peering
Placement Groups
Elastic Network Interfaces
Dynamic Host Configuration Protocol (DHCP) Option Sets
Amazon Domain Name Service (DNS) Server
VPC Flow Logs
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Chapter 3 Advanced Amazon Virtual Private Cloud (Amazon VPC)
VPC Endpoints
VPC Endpoint Overview
Gateway VPC Endpoints
Interface VPC Endpoints
Transitive Routing
IP Addressing Features
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 4 Virtual Private Networks
Introduction to Virtual Private Networks
Site-to-Site VPN
Client-to-Site VPN
Design Patterns
Summary
Resources to Review
Exercises
Review Questions
Chapter 5 AWS Direct Connect
What Is AWS Direct Connect?
Physical Connectivity
Logical Connectivity
Resilient Connectivity
Billing
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 6 Domain Name System and Load Balancing
Introduction to Domain Name System and Load Balancing
Domain Name System
Amazon EC2 DNS Service
Amazon Route 53
Elastic Load Balancing
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 7 Amazon CloudFront
Introduction to Amazon CloudFront
Content Delivery Network Overview
The AWS CDN: Amazon CloudFront
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 8 Network Security
Governance
Data Flow Security
AWS Security Services
Detection and Response
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Chapter 9 Network Performance
Network Performance Basics
Amazon Elastic Compute Cloud (Amazon EC2) Instance Networking Features
Optimizing Performance
Example Applications
Performance Testing
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Chapter 10 Automation
Introduction to Network Automation
Infrastructure as Code
Network Monitoring Tools
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 11 Service Requirements
Introduction to Service Requirements
The Elastic Network Interface
AWS Cloud Services and Their Network Requirements
Amazon EMR
Amazon Relational Database Service (Amazon RDS)
AWS Database Migration Service (AWS DMS)
Amazon Redshift
AWS Glue
AWS Elastic Beanstalk
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 12 Hybrid Architectures
Introduction to Hybrid Architectures
Application Architectures
Access VPC Endpoints and Customer-Hosted Endpoints over AWS Direct Connect
Use of Transitive Routing in Hybrid IT
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 13 Network Troubleshooting
Introduction to Network Troubleshooting
Methodology for Troubleshooting
Network Troubleshooting Tools
Troubleshooting Common Scenarios
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 14 Billing
Billing Overview
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 15 Risk and Compliance
It All Begins with Threat Modeling
Ownership Model and the Role of Network Management
Controlling Access to AWS
Encryption Options
Network Activity Monitoring
Malicious Activity Detection
Penetration Testing and Vulnerability Assessment
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 16 Scenarios and Reference Architectures
Introduction to Scenarios and Reference Architectures
Hybrid Networking Scenario
Multi-Location Resiliency
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Appendix Answers to Review Questions
Chapter 1: Introduction to Advanced Networking
Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals
Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC)
Chapter 4: Virtual Private Networks
Chapter 5: AWS Direct Connect
Chapter 6: Domain Name System and Load Balancing
Chapter 7: Amazon CloudFront
Chapter 8: Network Security
Chapter 9: Network Performance
Chapter 10: Automation
Chapter 11: Service Requirements
Chapter 12: Hybrid Architectures
Chapter 13: Network Troubleshooting
Chapter 14: Billing
Chapter 15: Risk and Compliance
Chapter 16: Scenarios and Reference Architectures
Advert
EULA
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
About the Authors
Next
Next Chapter
AWS® Certified Advanced Networking: Official Study Guide Specialty Exam
Contents
Acknowledgments
About the Authors
Foreword
Introduction
What Does this Book Cover?
Interactive Online Learning Environment and Test Bank
Exam Objectives
Objective Map
Assessment Test
Answers to Assessment Test
Chapter 1 Introduction to Advanced Networking
AWS Global Infrastructure
Amazon Virtual Private Cloud
AWS Networking Services
Summary
Resources to Review
Exam Essentials
Exercise
Review Questions
Chapter 2 Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals
Introduction to Amazon Virtual Private Cloud (Amazon VPC)
Subnets
Route Tables
IP Addressing
Security Groups
Network Access Control Lists (ACLs)
Internet Gateways
Network Address Translation (NAT) Instances and NAT Gateways
Egress-Only Internet Gateways (EIGWs)
Virtual Private Gateways (VGWs), Customer Gateways, and Virtual Private Networks (VPNs)
VPC Endpoints
VPC Peering
Placement Groups
Elastic Network Interfaces
Dynamic Host Configuration Protocol (DHCP) Option Sets
Amazon Domain Name Service (DNS) Server
VPC Flow Logs
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Chapter 3 Advanced Amazon Virtual Private Cloud (Amazon VPC)
VPC Endpoints
VPC Endpoint Overview
Gateway VPC Endpoints
Interface VPC Endpoints
Transitive Routing
IP Addressing Features
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 4 Virtual Private Networks
Introduction to Virtual Private Networks
Site-to-Site VPN
Client-to-Site VPN
Design Patterns
Summary
Resources to Review
Exercises
Review Questions
Chapter 5 AWS Direct Connect
What Is AWS Direct Connect?
Physical Connectivity
Logical Connectivity
Resilient Connectivity
Billing
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 6 Domain Name System and Load Balancing
Introduction to Domain Name System and Load Balancing
Domain Name System
Amazon EC2 DNS Service
Amazon Route 53
Elastic Load Balancing
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 7 Amazon CloudFront
Introduction to Amazon CloudFront
Content Delivery Network Overview
The AWS CDN: Amazon CloudFront
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 8 Network Security
Governance
Data Flow Security
AWS Security Services
Detection and Response
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Chapter 9 Network Performance
Network Performance Basics
Amazon Elastic Compute Cloud (Amazon EC2) Instance Networking Features
Optimizing Performance
Example Applications
Performance Testing
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Chapter 10 Automation
Introduction to Network Automation
Infrastructure as Code
Network Monitoring Tools
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 11 Service Requirements
Introduction to Service Requirements
The Elastic Network Interface
AWS Cloud Services and Their Network Requirements
Amazon EMR
Amazon Relational Database Service (Amazon RDS)
AWS Database Migration Service (AWS DMS)
Amazon Redshift
AWS Glue
AWS Elastic Beanstalk
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 12 Hybrid Architectures
Introduction to Hybrid Architectures
Application Architectures
Access VPC Endpoints and Customer-Hosted Endpoints over AWS Direct Connect
Use of Transitive Routing in Hybrid IT
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 13 Network Troubleshooting
Introduction to Network Troubleshooting
Methodology for Troubleshooting
Network Troubleshooting Tools
Troubleshooting Common Scenarios
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 14 Billing
Billing Overview
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 15 Risk and Compliance
It All Begins with Threat Modeling
Ownership Model and the Role of Network Management
Controlling Access to AWS
Encryption Options
Network Activity Monitoring
Malicious Activity Detection
Penetration Testing and Vulnerability Assessment
Summary
Exam Essentials
Resources to Review
Exercises
Review Questions
Chapter 16 Scenarios and Reference Architectures
Introduction to Scenarios and Reference Architectures
Hybrid Networking Scenario
Multi-Location Resiliency
Summary
Resources to Review
Exam Essentials
Exercises
Review Questions
Appendix Answers to Review Questions
Chapter 1: Introduction to Advanced Networking
Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals
Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC)
Chapter 4: Virtual Private Networks
Chapter 5: AWS Direct Connect
Chapter 6: Domain Name System and Load Balancing
Chapter 7: Amazon CloudFront
Chapter 8: Network Security
Chapter 9: Network Performance
Chapter 10: Automation
Chapter 11: Service Requirements
Chapter 12: Hybrid Architectures
Chapter 13: Network Troubleshooting
Chapter 14: Billing
Chapter 15: Risk and Compliance
Chapter 16: Scenarios and Reference Architectures
Advert
EULA
List of Tables
Chapter 2
TABLE 2.1
TABLE 2.2
TABLE 2.3
TABLE 2.4
TABLE 2.5
TABLE 2.6
TABLE 2.7
Chapter 3
TABLE 3.1
Chapter 6
TABLE 6.1
TABLE 6.2
Chapter 9
TABLE 9.1
TABLE 9.2
TABLE 9.3
Chapter 13
TABLE 13.1
List of Illustrations
Chapter 1
FIGURE 1.1
AWS global infrastructure
FIGURE 1.2
Overview of the AWS service locations
Chapter 2
FIGURE 2.1
VPC, subnets, and a route table
FIGURE 2.2
Subnet identifier
FIGURE 2.3
Public, private, and VPC-only subnets
FIGURE 2.4
48-bit MAC to 64-bit modified EUI-64
FIGURE 2.5
VPC, subnet, route table, and Internet gateway
FIGURE 2.6
Egress-Only Internet gateway
FIGURE 2.7
VPC with a VPN connection to a customer network
FIGURE 2.8
Route table for a VPC endpoint
FIGURE 2.9
VPC peering connections do not support transitive routing
Chapter 3
FIGURE 3.1
Amazon S3 endpoint
FIGURE 3.2
A proxy fleet is configured to access an Amazon S3 endpoint over AWS VPN.
FIGURE 3.3
An Amazon Kinesis endpoint interface is created using AWS PrivateLink.
FIGURE 3.4
An endpoint service is created from the service provider VPC to the service consumer VPC. An interface endpoint is created in the service consumer VPC.
FIGURE 3.5
A shared service uses a Network Load Balancer and AWS PrivateLink to provide endpoint services into spoke VPCs.
FIGURE 3.6
An example of adding a CIDR range to an existing VPC. New subnets can use the new CIDR addresses.
Chapter 4
FIGURE 4.1
VPN termination at VGW
FIGURE 4.2
VGW HA endpoints
FIGURE 4.3
Avoiding asymmetric routing by using BGP parameters
FIGURE 4.4
AWS VPN CloudHub functionality
FIGURE 4.5
Graphical representation of VPN metrics in the Amazon CloudWatch dashboard
FIGURE 4.6
VPN termination in an Amazon EC2 instance
FIGURE 4.7
High availability when terminating VPN on an Amazon EC2 instance
FIGURE 4.8
High availability when terminating VPN on an Amazon EC2 instance—automated failover
FIGURE 4.9
AWS Marketplace
FIGURE 4.10
Vertical scaling with load balancing—single Availability Zone
FIGURE 4.11
Vertical scaling with load balancing—multiple Availability Zones
FIGURE 4.12
Horizontal Scaling based on VPC Subnets
FIGURE 4.13
Horizontal Scaling based on destination prefix
FIGURE 4.14
Customer gateway
FIGURE 4.15
Customer gateway high availability
FIGURE 4.16
Client-to-site VPN
FIGURE 4.17
Transitive routing
FIGURE 4.18
Enabling transitive routing in AWS
Chapter 5
FIGURE 5.1
Physical components of AWS Direct Connect
FIGURE 5.2
Direct Connect Gateway
FIGURE 5.3
Single connection with VPN backup
FIGURE 5.4
Dual connections: single location—VPN backup
FIGURE 5.5
Single connections: dual locations—VPN Backup
FIGURE 5.6
VPN over Direct Connect public VIF
FIGURE 5.7
Transit VPC with detached VGW
Chapter 6
FIGURE 6.1
FQDN components
FIGURE 6.2
NAT at the VPC Internet gateway
FIGURE 6.3
Amazon EC2 DNS instance acting as resolver and forwarder
FIGURE 6.4
Amazon EC2 DNS instances with segregated resolver and forwarder
FIGURE 6.5
Amazon Route 53 traffic flow—an example traffic policy
FIGURE 6.6
Amazon Route 53 health checking
FIGURE 6.7
Classic Load Balancer
FIGURE 6.8
Application Load Balancer
FIGURE 6.9
Network Load Balancer
FIGURE 6.10
ELB sandwich
Chapter 7
FIGURE 7.1
Configuring your Amazon CloudFront distribution
FIGURE 7.2
Amazon CloudFront content delivery
FIGURE 7.3
Amazon CloudFront content delivery
FIGURE 7.4
Streaming distributions, web, and RTMP
Chapter 8
FIGURE 8.1
Templates and stacks
FIGURE 8.2
AWS Service Catalog workflow
FIGURE 8.3
Shuffle sharding
FIGURE 8.4
Web ACLs, rules, and conditions
FIGURE 8.5
VPN over Public VIF
FIGURE 8.6
VPN over Private Virtual Interface
FIGURE 8.7
Shared responsibility model
FIGURE 8.8
SSH login attempts overview
FIGURE 8.9
Network traffic analysis overview
FIGURE 8.10
IP reputation overview
Chapter 10
FIGURE 10.1
Minimal VPC with a single public subnet
FIGURE 10.2
The stack state in the AWS Management Console when the stack has been rolled back
FIGURE 10.3
The stack events showing the route failed to create because it could not reference the Internet gateway
FIGURE 10.4
Parameters for the single public subnet template with the Availability Zone drop-down menu
FIGURE 10.5
Creating a change set for an existing stack
FIGURE 10.6
Examining the changes that would result by narrowing the CIDR range
FIGURE 10.7
A VPC with a private subnet connected to an on-premises network via a VPN.
FIGURE 10.8
AWS CodePipeline continuous deployment example
FIGURE 10.9
Amazon CloudWatch graph showing standard VPN metrics
FIGURE 10.10
Amazon CloudWatch custom metrics showing packet loss to three different hosts
FIGURE 10.11
Amazon CloudWatch dashboard for a VPN connection
FIGURE 10.12
Creating an alarm for a custom packet loss metric
FIGURE 10.13
The format of the received alarm over SMS (left) and email (right)
Chapter 12
FIGURE 12.1
Hybrid web application using AWS Load Balancing
FIGURE 12.2
Hybrid web application using DNS and AWS load balancing
FIGURE 12.3
Hybrid Active Directory setup
FIGURE 12.4
Quality of Service implementation
FIGURE 12.5
AWS CodeDeploy endpoint access over public VIF
FIGURE 12.6
Using AWS Direct Connect and VPN for Amazon WorkSpaces connectivity
FIGURE 12.7
Accessing Amazon S3 over AWS Direct Connect private VIF
FIGURE 12.8
VPN to VGW over AWS Direct Connect public VIF
FIGURE 12.9
VPN to Amazon EC2 instance over AWS Direct Connect private VIF
FIGURE 12.10
Isolating routing domains using VRF
FIGURE 12.11
VPN to Amazon EC2 over AWS Direct Connect public VIF
FIGURE 12.12
Transit VPC architecture
FIGURE 12.13
VPC peering vs. transit VPC for spoke-to-spoke communication
FIGURE 12.14
Transit VPC vs. AWS Direct Connect Gateway for hybrid traffic
FIGURE 12.15
Transit VPC vs. AWS Direct Connect Gateway for hybrid traffic
FIGURE 12.16
Detached VGW vs. on-premises initiated VPN
FIGURE 12.17
Global transit VPC
FIGURE 12.18
Global transit VPC with regional transit hub
Chapter 14
FIGURE 14.1
Scenario 1
FIGURE 14.2
Scenario 2
FIGURE 14.3
Scenario 3
FIGURE 14.4
Scenario 4
FIGURE 14.5
Scenario 5
FIGURE 14.6
Scenario 6
Chapter 15
FIGURE 15.1
Policy evaluation decision flow
FIGURE 15.2
Rotated plot of Amazon VPC flow logs: time/destination port/activity
Chapter 16
FIGURE 16.1
Current application network design
FIGURE 16.2
Web and application server network design
FIGURE 16.3
Regional availability
FIGURE 16.4
Multi-regional resiliency
FIGURE 16.5
Multi-region disaster planning
Guide
Cover
Table of Contents
Introduction
Pages
vii
ix
x
xi
xxxiii
xxxiv
xxxv
xxxvii
xxxviii
xxxix
xl
xli
xlii
xliii
xliv
xlv
xlvi
xlvii
xlviii
xlix
l
li
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
23
24
25
26
27
28
29
30
31
33
34
35
36
37
38
39
40
41
42
43
44
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
129
130
131
132
133
134
135
136
137
138
139
140
141
142
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
330
331
332
333
334
335
336
337
338
339
340
341
342
343
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
419
420
421
422
423
424
425
427
429
430
431
432
433
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
467
468
469
471
472
473
475
476
477
478
479
480
481
482
483
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset