AWS Certified Advanced Networking Official Study Guide :Specialty Exam

Publication subTitle :Specialty Exam

Author: Sidhartha Chauhan   James Devine   Alan Halachmi   Matt Lehwess   Nick Matthews   Steve Morad   Steve Seymour  

Publisher: John Wiley & Sons Inc‎

Publication year: 2018

E-ISBN: 9781119439882

P-ISBN(Paperback): 9781119439837

Subject: TP Automation Technology , Computer Technology

Keyword: AWS exam preparation AWS review AWS topics AWS exam objectives AWS review guide AWS study topics AWS practice questions AWS concepts AWS advanced skills AWS certification AWS exam preview AWS official guide AWS exam domain AWS exam tutorials taking the AWS exam AWS exam guide advanced cloud computing Amazon Web Services certification AWS study aids AWS exam flashcards AWS exam prep kit AWS Certified Advanced Networking Official Study Guide Sidhartha Chauhan James Devine A

Language: ENG

Access to resources Favorite

Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.

Chapter

AWS Certified Advanced Networking: Official Study Guide

Acknowledgments

About the Authors

Contents at a Glance

Contents

Foreword

Introduction

Assessment Test

Answers to Assessment Test

Chapter 1 Introduction to Advanced Networking

AWS Global Infrastructure

Regions

Availability Zones

Edge Locations

Amazon Virtual Private Cloud

VPC Mechanics

Services Outside Your VPC

AWS Networking Services

Amazon Elastic Compute Cloud

Amazon Virtual Private Cloud

AWS Direct Connect

Elastic Load Balancing

Amazon Route 53

Amazon CloudFront

GuardDuty

AWS WAF

AWS Shield

Summary

Resources to Review

Exam Essentials

Exercise

Review Questions

Chapter 2 Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals

Introduction to Amazon Virtual Private Cloud (Amazon VPC)

Subnets

Route Tables

IP Addressing

IPv4 Addresses

IPv6 Addresses

Security Groups

Network Access Control Lists (ACLs)

Internet Gateways

Network Address Translation (NAT) Instances and NAT Gateways

NAT Instance

NAT Gateway

Egress-Only Internet Gateways (EIGWs)

Virtual Private Gateways (VGWs), Customer Gateways, and Virtual Private Networks (VPNs)

VPC Endpoints

VPC Peering

Placement Groups

Elastic Network Interfaces

Dynamic Host Configuration Protocol (DHCP) Option Sets

Amazon Domain Name Service (DNS) Server

VPC Flow Logs

Summary

Resources to Review

Exam Essentials

Exercises

Review Questions

Chapter 3 Advanced Amazon Virtual Private Cloud (Amazon VPC)

VPC Endpoints

VPC Endpoints and Security

VPC Endpoint Policy

VPC Endpoint Overview

Gateway VPC Endpoints

Interface VPC Endpoints

AWS PrivateLink

Gateway VPC Endpoints

Amazon S3 Endpoints

Amazon DynamoDB Endpoints

Accessing Gateway Endpoints Over Remote Networks

Securing Gateway VPC Endpoints

Interface VPC Endpoints

Interface VPC Endpoints

AWS PrivateLink for Customer and Partner Services

Comparing AWS PrivateLink and VPC Peering

AWS PrivateLink Service Provider Considerations

AWS PrivateLink Service Consumer Considerations

Accessing a Shared Services VPC

Transitive Routing

Routing Across Peered VPCs

IP Addressing Features

Resizing a VPC

Resizing VPC Considerations

IP Address Features

Reclaiming Elastic IP Addresses

Cross-Account Network Interfaces

Design Considerations

Comparison with VPC Peering and VPC Endpoints

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 4 Virtual Private Networks

Introduction to Virtual Private Networks

Site-to-Site VPN

Virtual Private Gateway as a VPN Termination Endpoint

Availability and Redundancy

VPN Features

AWS VPN CloudHub

VPN Creation Process

Monitoring

Amazon Elastic Compute Cloud (Amazon EC2) Instance as a VPN Termination Endpoint

Availability and Redundancy

Amazon EC2 Features

VPN Creation Process

Monitoring

Performance

VPN Termination Endpoint for On-Premises Networks (Customer Gateways)

Third-Party VPN Device

Client-to-Site VPN

Design Patterns

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 5 AWS Direct Connect

What Is AWS Direct Connect?

Core Concepts

802.1Q Virtual Local Area Networks (VLANs)

Border Gateway Protocol

Bidirectional Forwarding Detection

Physical Connectivity

AWS Direct Connect Locations

Dedicated Connections

Provisioning Process

Requesting a Connection

Download Your Letter of Authorization

Cross-Connect to the AWS Port

Multiple Connections

Link Aggregation Groups

AWS Direct Connect Partners

Hosted Connections

Logical Connectivity

Virtual Interfaces

Public Virtual Interfaces

Private Virtual Interfaces

Direct Connect Gateway

Hosted Virtual Interfaces

Resilient Connectivity

Single Connection

Dual Connection: Single Location

Single Connections: Dual Locations

Dual Connections: Dual Locations

Virtual Interface Configuration

Public Virtual Interface Configuration

Private Virtual Interface Configuration

Bidirectional Forwarding Detection

Virtual Private Network with AWS Direct Connect

Backup Virtual Private Network (VPN)

Virtual Private Network Over AWS Direct Connect

Integration with the Transit Virtual Private Cloud Solution

Border Gateway Protocol Path Selection

Billing

Port-Hours

Data Transfer

Private Virtual Interface Data Transfer

Public Virtual Interface Data Transfer

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 6 Domain Name System and Load Balancing

Introduction to Domain Name System and Load Balancing

Domain Name System

Domain Name System Concepts

Top-Level Domains

Domain Names, Subdomains, and Hosts

IP Addresses

Fully Qualified Domain Names

Name Servers

Zones

Domain Name Registrars

Steps Involved in DNS Resolution

TLD Servers

Domain Level Name Servers

Resolving Name Servers

Record Types

Start of Authority Record

A and AAAA

Certificate Authority Authorization

Canonical Name

Mail Exchange

Name Authority Pointer

Name Server

Pointer

Sender Policy Framework

Text

Service

Amazon EC2 DNS Service

Amazon EC2 DNS vs. Amazon Route 53

Amazon EC2 DNS and VPC Peering

Using DNS with Simple AD

Custom Amazon EC2 DNS Resolver

Amazon Route 53

Domain Registration

Transferring Domains

Domain Name System Service

Hosted Zones

Supported Record Types

Routing Policies

Simple Routing Policy

Weighted Routing Policy

Latency-Based Routing Policy

Failover Routing Policy

Geolocation Routing Policy

Multivalue Answer Routing

Traffic Flow to Route DNS Traffic

Geoproximity Routing (Traffic Flow Only)

More on Health Checking

Elastic Load Balancing

Types of Load Balancers

Classic Load Balancer

Application Load Balancer

Network Load Balancer

Internet-Facing Load Balancers

Internal Load Balancers

HTTPS Load Balancers

Elastic Load Balancing Concepts

Listeners

Listener Rules

Targets

Target Groups

Elastic Load Balancer Configuration

Idle Connection Timeout

Cross-Zone Load Balancing

Connection Draining (Deregistration Delay)

Proxy Protocol

Sticky Sessions

Health Checks

ELB Sandwich

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 7 Amazon CloudFront

Introduction to Amazon CloudFront

Content Delivery Network Overview

The AWS CDN: Amazon CloudFront

Amazon CloudFront Basics

Distributions

Origins

Cache Control

How Amazon CloudFront Delivers Content

Configuring Amazon CloudFront

How CloudFront Operates

Amazon CloudFront Edge Locations

Amazon CloudFront Regional Edge Caches

Web Distributions

Dynamic Content and Advanced Features

Dynamic Content, Multiple Origins, and Cache Behaviors

A Note on Performance: Dynamic Content and HTTP/2

Whole Website

Private Content

RTMP Distributions

Alternate Domain Names

HTTPS

Amazon CloudFront and AWS Certificate Manager (ACM)

Invalidating Objects (Web Distributions Only)

Access Logs

Amazon CloudFront and AWS Lambda@Edge

Amazon CloudFront Field-Level Encryption

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 8 Network Security

Governance

AWS Organizations

AWS CloudFormation

AWS Service Catalog

Data Flow Security

Edge Locations

Amazon Route 53

Amazon CloudFront

AWS Lambda@Edge

Edge Locations and Regions

AWS Certificate Manager

AWS WAF

AWS Shield

Regions

Elastic Load Balancing

Subnets and Route Tables

Security Groups and Network Access Control Lists (ACLs)

Amazon Elastic Compute Cloud (Amazon EC2)

Regional Services

AWS Security Services

Amazon GuardDuty

Amazon Inspector

Amazon Macie

Detection and Response

Secure Shell (SSH) Login Attempts

AWS Cloud Services

Architecture Overview

Solution Description

Network Traffic Analysis

AWS Cloud Services

Architecture Overview

Solution Description

IP Reputation

AWS Cloud Services

Architecture Overview

Solution Description

Summary

Resources to Review

Exam Essentials

Exercises

Review Questions

Chapter 9 Network Performance

Network Performance Basics

Bandwidth

Latency

Jitter

Throughput

Packet Loss

Packets per Second

Maximum Transmission Unit

Amazon Elastic Compute Cloud (Amazon EC2) Instance Networking Features

Instance Networking

Placement Groups

Amazon Elastic Block Store (Amazon EBS)-Optimized Instances

Network Address Translation (NAT) Gateways

Enhanced Networking

Network Drivers

Enabling Enhanced Networking

Operating System Support

Additional Tuning and Driver Support

Optimizing Performance

Enhanced Networking

Jumbo Frames

Network Credits

Instance Bandwidth

Flow Performance

Load Balancer Performance

Virtual Private Network (VPN) Performance

AWS Direct Connect Performance

Quality of Service (QoS) in a VPC

Example Applications

High Performance Computing

Real-Time Media

Data Processing, Ingestion, and Backup

On-Premises Data Transfer

Network Appliances

Performance Testing

Amazon CloudWatch Metrics

Testing Methodology

Throughput Testing

Solution Testing

Summary

Resources to Review

Exam Essentials

Exercises

Review Questions

Chapter 10 Automation

Introduction to Network Automation

Infrastructure as Code

Templates and Stacks

Stack Dependencies

Errors and Rollbacks

Template Parameters

Verifying Changes with Change Sets

Retaining Resources

Configuring Non-AWS Resources

Security Best Practices

Configuration Management

Continuous Delivery

Pipeline Stages, Actions, and Artifacts

Approvals

Network Monitoring Tools

Monitoring Network Health Metrics

Creating Alarms for Unusual Events

Collecting Text Logs

Converting Logs to Metrics

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 11 Service Requirements

Introduction to Service Requirements

The Elastic Network Interface

AWS Cloud Services and Their Network Requirements

Amazon WorkSpaces

Amazon WorkSpaces Requirements

Amazon AppStream 2.0

Amazon AppStream 2.0 Requirements

AWS Lambda (Within a VPC)

AWS Lambda Requirements

Amazon EC2 Container Service (Amazon ECS)

Amazon ECS Requirements

Amazon EMR

Amazon EMR Requirements

Amazon Relational Database Service (Amazon RDS)

Amazon RDS Requirements

AWS Database Migration Service (AWS DMS)

AWS DMS Requirements

Amazon Redshift

Amazon Redshift Requirements

AWS Glue

AWS Glue Requirements

AWS Elastic Beanstalk

AWS Elastic Beanstalk Requirements

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 12 Hybrid Architectures

Introduction to Hybrid Architectures

Choices for Connectivity

Application Architectures

Three-Tier Web Application

Active Directory

Domain Name System (DNS)

Applications Requiring Consistent Network Performance

Hybrid Operations

Remote Desktop Application: Amazon Workspaces

Application Storage Access

Amazon Simple Storage Service (Amazon S3)

Amazon Elastic File System (Amazon EFS)

Hybrid Cloud Storage: AWS Storage Gateway

Application Internet Access

Access VPC Endpoints and Customer-Hosted Endpoints over AWS Direct Connect

Encryption on AWS Direct Connect

Use of Transitive Routing in Hybrid IT

Transit VPC Architecture Considerations

Transit VPC Scenarios

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 13 Network Troubleshooting

Introduction to Network Troubleshooting

Methodology for Troubleshooting

Network Troubleshooting Tools

Traditional Tools

Packet Captures

ping

traceroute

Telnet

nslookup

AWS-Native Tools

Amazon CloudWatch

Amazon VPC Flow Logs

AWS Config

AWS Trusted Advisor

AWS Identity and Access Management (IAM) Policy Simulator

Troubleshooting Common Scenarios

Internet Connectivity

Virtual Private Network

Internet Key Exchange (IKE) Phase 1 and Phase 2 Troubleshooting

AWS Direct Connect

Security Groups

Network Access Control Lists

Routing

Virtual Private Cloud (VPC) Peering Connections

Connectivity to AWS Cloud Services

Amazon CloudFront Connectivity

Elastic Load Balancing Functionality

Domain Name System

Hitting Service Limits

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 14 Billing

Billing Overview

Service and Port-Hour Fees

Virtual Private Network (VPN) Connections

AWS Direct Connect

AWS PrivateLink

NAT Gateway

Elastic Load Balancing

Types of Data Transfer

Data Transfer: Internet

Data Transfer: Region to Region

Amazon CloudFront

Data Transfer: Same Region via Public IP

Data Transfer: Inter-Availability Zone

Data Transfer: VPC Peering

Data Transfer: Intra-Availability Zone

Virtual Private Network (VPN) Endpoints (Virtual Private Gateways [VGWs])

AWS Direct Connect Public Virtual Interfaces (VIFs)

Scenarios

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Scenario 5

Scenario 6

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 15 Risk and Compliance

It All Begins with Threat Modeling

Compliance and Scoping

Audit Reports and Other Papers

Ownership Model and the Role of Network Management

Controlling Access to AWS

AWS Organizations

Amazon CloudFront Distributions

Encryption Options

AWS API Calls and Internet API Endpoints

Selecting Cipher Suites

Encryption in Transit Inside AWS Environments

Encryption in Load Balancers and Amazon CloudFront PoPs

Network Activity Monitoring

AWS CloudTrail

AWS Config

Amazon CloudWatch

Amazon CloudWatch Logs

Amazon VPC Flow Logs

Amazon CloudFront

Other Log Sources

Malicious Activity Detection

AWS Shield and Anti-DDoS Measures

Amazon VPC Flow Logs Analysis

Amazon CloudWatch Alerting and AWS Lambda

AWS Marketplace and Other Third-Party Offerings

Security Information and Event Management (SIEM)

Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)/AWS Web Application Firewall (AWS WAF)

Amazon Inspector

Other Compliance Tools

Penetration Testing and Vulnerability Assessment

Penetration Test Authorization Scope and Exceptions

Applying for and Receiving Penetration Test Authorization

Summary

Exam Essentials

Resources to Review

Exercises

Review Questions

Chapter 16 Scenarios and Reference Architectures

Introduction to Scenarios and Reference Architectures

Hybrid Networking Scenario

Multi-Location Resiliency

Summary

Resources to Review

Exam Essentials

Exercises

Review Questions

Appendix Answers to Review Questions

Chapter 1: Introduction to Advanced Networking

Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals

Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC)

Chapter 4: Virtual Private Networks

Chapter 5: AWS Direct Connect

Chapter 6: Domain Name System and Load Balancing

Chapter 7: Amazon CloudFront

Chapter 8: Network Security

Chapter 9: Network Performance

Chapter 10: Automation

Chapter 11: Service Requirements

Chapter 12: Hybrid Architectures

Chapter 13: Network Troubleshooting

Chapter 14: Billing

Chapter 15: Risk and Compliance

Chapter 16: Scenarios and Reference Architectures

Index

Advert

EULA

The users who browse this book also browse