AWS Certified Advanced Networking Study Guide

Specialty (ANS-C01) Exam

Häftad, Engelska, 2023

889 kr

Beställningsvara. Skickas inom 5-8 vardagar. Fri frakt för medlemmar vid köp för minst 249 kr.

The latest edition of the official study guide for the AWS Advanced Networking certification specialty exam The newly revised second edition of the AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam delivers an expert review of Amazon Web Services Networking fundamentals as they relate to the ANS-C01 exam. You’ll find detailed explanations of critical exam topics combined with real-world scenarios that will help you build the robust knowledge base you need for the test—and to succeed in the field as an AWS Certified Networking specialist. Learn about the design, implementation and deployment of AWS cloud-based Networking solutions, core services implementation, AWS service architecture design and maintenance (including architectural best practices), monitoring, Hybrid networks, security, compliance, governance, and network automation. The book also offers one year of free access to Sybex’s online interactive learning environment and expert study tools, featuring flashcards, a glossary of useful terms, chapter tests, practice exams, and a test bank to help you keep track of your progress and measure your exam readiness. The coveted AWS Advanced Networking credential proves your skills with Amazon Web Services and hybrid IT network architectures at scale. It assesses your ability to apply deep technical knowledge to the design and implementation of AWS Networking services. This book provides you with comprehensive review and practice opportunities so you can succeed on the challenging ANS-C01 exam the first time around. It also offers: Coverage of all relevant exam domains and competenciesExplanations of how to apply the AWS skills discussed within to the real world in the context of an AWS Certified Networking-related careerComplimentary access to the practical Sybex online learning environment, complete with practice exams, flashcards, a glossary, and test bankAWS certification proves to potential employers that you have the knowledge and practical skills you need to deliver forward-looking, resilient, cloud-based solutions. The AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam, 2nd Edition, is your ticket to the next big step in your career.

Produktinformation

Utgivningsdatum2023-10-24
Mått185 x 234 x 33 mm
Vikt998 g
FormatHäftad
SpråkEngelska
SerieSybex Study Guide
Antal sidor592
Upplaga2
FörlagJohn Wiley & Sons Inc
ISBN9781394171859

Tillhör följande kategorier

Introduction xxviiAssessment Test xxxiPart I Network Design 1Chapter 1 Edge Networking 3Content Distribution Networking 4CloudFront 4CloudFront Implementation 6Caching and Object Retention 6Invalidations 8Protocol Support 9CloudFront Encryption Using SSL/TLS and SNI 10CloudFront Security 11Billing 12Lambda@edge 13Geo- restriction and Geolocation 13Global Accelerator 15Global Accelerator Architecture 17Custom Routing Accelerator 18AWS Global Accelerator Pricing 18Elastic Load Balancers 19Load Balancer Architectures 19Listeners 19Target Groups 20Health Checking 20Sticky Connections 20Proxy Connections 21Load Balancing Across Different Availability Zones 22Connection Draining 22AWS Load Balancer Offerings 23Application Load Balancers 27Gateway Load Balancers 29Network Load Balancer 31Classic Load Balancers 32Configuring Elastic Load Balancers 32API Gateway 33Rest Api 33Http Api 34WebSocket Protocol 34API Gateway Configuration 34API Gateway Caching 35Endpoint Types 35Security 37Authentication and Authorization 37CloudFront Design Considerations 38Summary 39Exam Essentials 39Exercises 40Written Lab 41Written Lab 1.1: Create an HTTP API by Using the AWS Management Console 41Review Questions 42Chapter 2 Domain Name Services 47DNS and Route 53 48DNS Overview 49Architecture 50DNS Hierarchy 50Zones 51DNS Resolution Process 51Resource Records 52Timers 54Delegations 54DNSSEC Overview 54DNS Logging and Monitoring 55CloudTrail 55CloudWatch 57Artificial Intelligence and Machine Learning 57Redshift 58Route 53 Advanced Features and Policies 58Alias Records 58Resolvers 59Route 53 Resolver DNS Firewall 60Health Checks 60Traffic Routing Policies 61Simple Routing 61Multivalue Responses 63Latency- Based Routing 63Failover Routing 65Round- Robin Routing 65Weighted Routing 66Geo location 67Geo- proximity 68Route 53 Service Integrations 68Vpc 69CloudFront 69Load Balancers 69Route 53 Application Recovery Controller 70Hybrid Route 53 70Multi- account Route 53 71Multi-Region Route 53 72Using Route 53 Public Hosted Zones 72Using Route 53 Private Hosted Zones 73Using Route 53 Resolver Endpoints in Hybrid and AWS Architectures 73Using Route 53 for Global Traffic Management 74Route 53 Failover 75Domain Registration 75Required Information to Register a Domain 76Privacy Protection 78Route 53 Registration Information 78Renewing Your Domain 78Summary 79Exam Essentials 79Exercises 80Review Questions 82Chapter 3 Hybrid and Multi- account DNS 87Implementing Hybrid and Multi- account DNS Architectures 88Route 53 Hosted Zones 88Private Hosted Zones 89Public Hosted Zones 89Traffic Management 90Latency 93Geo location 94Weighted 95Failover 96Multivalue 97Health Checking 97Domain Delegation and Forwarding 99Delegating Domains 99Forwarding Rules 100Configuring Records in Route 53 100A Record 101AAAA Record 102Cname 102mx Record 104SOA Record 104TXT Record 106PTR Record 106Alias Record 106SRV Record 107SPF Record 107NAPTR Record 109CAA Record 109Configuring DNSSEC 109Multi- account Route 53 110DNS Endpoints 111Outbound Endpoints 112Inbound Endpoints 113Configuring Route 53 Monitoring and Logging 114CloudTrail API Logging 115CloudWatch Logging 116DNS Query Logging 116Resolver Query Logging 117Hosted Zone Monitoring 117Resolver Endpoints Monitoring 117Domain Registration Monitoring 118Summary 118Exam Essentials 119Written Labs 119Written Lab 3.1: Configure Logging for DNS Queries 119Written Lab 3.2: View DNS Query Metrics for a Public Hosted Zone in the CloudWatch Console 120Review Questions 121 Elastic Load Balancing 128Network Load Balancing 129Application Load Balancing 130Gateway Load Balancing 131Classic Load Balancing 132Network Design 132High Availability 133Security 133ELB Connectivity Patterns 134Internal Load Balancers 134External Load Balancers 135Autoscaling 136AWS Service Integrations 136Config 137Global Accelerator 137CloudFront 138Traffic Mirroring 138VPC Endpoint Services (PrivateLink) 139Web Application Firewall 139Route 53 139Amazon Elastic Kubernetes Service 139AWS Certificate Manager 140ELB Configuration Options 141Proxy Protocol 141X- Forwarded- For Protocol 142Cross- Zone Load Balancing 142Session Affinity and Sticky Sessions 143Target Groups 145Routing 146Target Types 146IP Address Type 146Protocol Version 146Registered Targets 147Routing Algorithms 147Deregistration and Connection Draining 147Deletion Protection 147Health Checking 149Slow Start 149The GENEVE Protocol 149Encryption and Authentication 151SSL/TLS Offload 151TLS Passthrough 151Summary 152Exam Essentials 153Exercises 154Written Labs 154Written Lab 4.1: Create a Network Load Balancer 154Written Lab 4.2: Use the Console to Enable Deletion Protection 155Written Lab 4.3: Use the Console to Disable Deletion Protection 156Written Lab 4.4: Enable Application- Based Stickiness 156Review Questions 157Chapter 5 Logging and Monitoring 163CloudWatch 164Metrics 164Monitoring Categories 165Agents 166Logging 167Alarms 168Metric Insights 170Dashboards 170Transit Gateway Network Manager 171VPC Reachability Analyzer 171Access Logs 173Elastic Load Balancing 174Route 53 Logs 175CloudFront Logs 175CloudTrail Logs 175X- Ray 176X- Ray Traces 176X- Ray Insights 177Flow Logs 178Baseline Network Performance 180Inspector 180Application Insights 181Config 181Summary 182Exam Essentials 183Written Labs 184Written Lab 5.1: Enable CloudWatch Detailed Monitoring for an Instance That Has Already Been Enabled 184Written Lab 5.2: Enable CloudWatch Logging from the Web Console 185Written Lab 5.3: Enable CloudWatch Alarms from the Web Console 185Written Lab 5.4: Create a VPC Reachability Analyzer from the Web Console 186Review Questions 187Part II Network Implementation 191Chapter 6 Hybrid Networking 193Hybrid Connectivity 194OSI Layer 1 194Optics 196OSI Layer 2 197VLANs 198Link Aggregation 199Jumbo Frames 200Encapsulation and Encryption 200Overlay and Underlay Networks 200VxLan 201Generic Routing Encapsulation 202IPSec 203Geneve 205Routing Fundamentals 205Static Routing 206Dynamic Routing 206The BGP Routing Protocol 206Direct Connect 211Direct Connect Gateway 217Virtual Private Gateway 219Site- to- Site VPN 220VPN CloudHub 221AWS Account Resource Sharing 222Summary 222Exam Essentials 223Exercises 223Written Labs 224Written Lab 6.1: Simulate Creating a Direct Connection 224Written Lab 6.2: Simulate Creating a Site- to- Site VPN Connection 224Review Questions 226Chapter 7 Connecting On- Premises Networks 231On- Premises Network Connectivity 232VPNs 232VPN Security 232Accelerated Site- to- Site VPN Connections 233Layer 1 and Types of Hardware to Use 235Direct Connect 235Direct Connect Locations 235Letter of Authorization Documents 236Layer 2 and Layer 3 236Switching 236Routing 237Gateways 238Software- Defined Networking 239Transit Gateway 241PrivateLink 241Resource Access Manager 241Testing and Validating Connectivity Between Environments 243Route Analyzer 243Reachability Analyzer 243ICMP ping 243traceroute 245Summary 246Exam Essentials 247Written Labs 248Written Lab 7.1: Create a VPN Attachment on a Transit Gateway Using the Console 248Written Lab 7.2: Perform a traceroute 250Written Lab 7.3: Use ping 250Review Questions 251Chapter 8 Inter- VPC and Multi- account Networking 255Networking Services of VPCs 256VPC Sharing 256VPC Peering 257Multi- account VPC Sharing 260PrivateLink 260Hub- and- Spoke VPC Architectures 261Transit Gateway 262Transit Gateway Connect 265transit VPCs 266Wide- Area Networking 266Software- Defined Wide Area Networking 267Multi Protocol Label Switching 268Expanding AWS Networking Connectivity 270Organizations 271Resource Access Manager 273Authentication and Authorization 274Security Association Markup Language 275Active Directory 275Summary 278Exam Essentials 279Exercises 280Review Questions 281Chapter 9 Hybrid Network Routing and Connectivity 287Industry- Standard Routing Protocols Used in AWS Hybrid Networks 288Optimizing Routing 288Optimizing Dynamic Routing 289Optimizing Static Routing 290Route Priorities and Administrative Distance 290Route Summarization 291Route Propagation 292Overlapping Routes 292BGP Over Direct Connect 294Connectivity Methods for AWS and Hybrid Networks 294Direct Connect and Direct Connect Gateway 295Direct Connect Virtual Interfaces 295Site- to- Site VPN 296App Mesh 296AWS Networking Limits and Quotas 297Available Private and Public Access Methods for Custom Services 304PrivateLink 305VPC Peering 305Available Inter- Regional and Intra- Regional Communication Patterns 306Summary 307Exam Essentials 307Written Lab 308Written Lab 9.1: Enable Route Propagation in a VPC 308Exercises 308Review Questions 309Part III Network Management and Operations 315Chapter 10 Network Automation 317Network Automation 318Infrastructure as Code 318AWS Cloud Development Kit 319AWS CloudFormation 320EventBridge 322AWS Command- Line Interface 322AWS Software Development Kit 323Application Programming Interfaces 326Integrating Network Automation Using Infrastructure as Code 327Event- Driven Network Automation 328Automating the Process of Optimizing Cloud Network Resources with IaC 329Common Problems When Using Hard- Coded Instructions in IaC Templates 330Creating and Managing Repeatable Network Configurations 330Integrating Event- Driven Networking Functions 331Integrating Hybrid Network Automation Options with AWS Native IaC 332Eliminating Risk and Achieving Efficiency in a Cloud Networking Environment 333Summary 334Exam Essentials 335Exercises 336Review Questions 337Chapter 11 Monitor, Analyze, and Optimize Network Traffic 341Monitoring, Analyzing, and Optimizing AWS Networks 342Monitor and Analyze Network Traffic to Troubleshoot and Optimize Connectivity Patterns 342Network Performance Metrics and Reachability Constraints 344Appropriate Logs and Metrics to Assess Network Performance and Reachability Issues 345AWS Tools to Collect and Analyze Logs and Metrics 345AWS Tools to Analyze Routing Patterns and Issues 346Analyzing Logging Output to Assess Network Performance and Troubleshoot Connectivity 347Network Topology Mapping 348Analyzing Packets to Identify Issues 349Using the Reachability Analyzer for Troubleshooting, Validating, and Automating Connectivity Issues 350Optimize AWS Networks for Performance, Reliability, and Cost- Effectiveness 351VPC Peering vs. Transit Gateways 351Reducing Bandwidth Utilization with Multicast 352Implementing Multicast Capability Within a VPC and On- Premises Environments 352Optimizing Route 53 354Frame Size Optimization Across Different Connection Types 355Jumbo Frame Support Across Different Connection Types 356Optimizing Network Throughput 357Selecting a Network Interface for Best Performance 357Select Network Connectivity Services That Meet Requirements 358VPC Subnet Optimization 359Updating and Optimizing Subnets to Prevent the Depletion of Available IP Addresses in a VPC 360Updating and Optimizing Subnets for Autoscaling 361Optimizing Network Performance and Availability Using Caching and Compression 361Summary 363Exam Essentials 365Written Labs 367Written Lab 11.1: Create a VPC Flow Log 367Written Lab 11.2: Add a New Subnet to a VPC 367Written Lab 11.3: Change the MTU on a Linux EC 2Interface 368Exercises 368Review Questions 370Part IV Network Security, Compliance, and Governance 375Chapter 12 Security, Compliance and Governance 377Security, Compliance, and Governance 378 Threat Models 380Common Security Threats 384Securing Application Flows 385Network Architectures That Meet Security and Compliance Requirements 386Securing Inbound Traffic Flows 388Web Application Firewall 388Network Firewall 389Shield 390Security Groups 391Network Access Control Lists 391Securing Outbound Traffic Flows 392Network Firewall 393Proxies 393Gateway Load Balancers 394Route 53 Resolvers 394Virtual Private Networks 395VPC Endpoint Services: PrivateLink 395Securing Inter- VPC Traffic 396Network ACLs 396VPC Endpoint Policies 396Security Groups 396Transit Gateway 397VPC Peering 397Implementing an AWS Network Architecture to Meet Security and Compliance Requirements 397Untrusted Networks 397Perimeter VPC 398Three- Tier Architecture 399Hub- and- Spoke Architecture 399Develop a Threat Model and Identify Mitigation Strategies 399Compliance Testing 401Automating Security Incident Reporting and Alerting 402Summary 403Exam Essentials 407Exercises 408Written Labs 409Written Lab 12.1: Download an Artifact Report 409Written Lab 12.2: Request a Public SSL/TLS Certificate from the AWS Console 409Written Lab 12.3: Review a Security Group Configuration from the AWS Console 410Review Questions 411Chapter 13 Network Monitoring and Logging 417Network Monitoring and Logging Services in AWS 418AWS CloudTrail 419VPC Traffic Mirroring 420VPC Flow Logs 421Transit Gateway Logging 423Alerting Mechanisms 426CloudWatch Alarms 426Simple Notification Service 427Log Creation with Different AWS Services 428Load Balancer Access Logs 429CloudFront Access Logs 430Log Delivery Mechanisms 431Kinesis 432Route 53 433CloudWatch 434Mechanisms to Audit Network Security Configurations 435Security Groups 436Firewall Manager 437Trusted Advisor 437Traffic Mirroring and Flow Logs 438Creating and Analyzing VPC Flow Logs 439Creating and Analyzing Network Traffic Mirroring 441CloudWatch 441Implementing Automated Alarms Using CloudWatch 442Implementing Customized Metrics Using CloudWatch 443Correlating and Analyzing Information Across Single or Multiple AWS Log Sources 444Implementing Log Delivery Solutions 445Implementing a Network Audit Strategy 446Summary 447Exam Essentials 448Exercises 450Review Questions 452Chapter 14 Confidentiality and Encryption 457Confidentiality and Encryption 458Network Encryption Options Available on AWS 459VPN Connectivity Over Direct Connect 460Encryption Methods for Data in Transit 461Network Encryption and the AWS Shared Responsibility Model 462Security Methods for DNS Communications 464Implementing Network Encryption Methods to Meet Application Compliance Requirements 465IPSec 466Tls 468Implementing Encryption Solutions to Secure Data in Transit 470CloudFront 471Application Load Balancers and Network Load Balancers 472Securing AWS Managed Databases 472Securing Amazon S3 Buckets 475Securing EC2 Instances 476Transit Gateway 477Certificate Management Using a Certificate Authority 479AWS Certificate Manager and Private Certificate Authority 480Summary 481Exam Essentials 483Exercises 484Review Questions 485Appendix Answers to Review Questions 491Chapter 1: Edge Networking 492Chapter 2: Domain Name Services 494Chapter 3: Hybrid and Multi- account DNS 497Chapter 4: Load Balancing 499Chapter 5: Logging and Monitoring 502Chapter 6: Hybrid Networking 505Chapter 7: Connecting On- Premises Networks 507Chapter 8: Inter- VPC and Multi- account Networking 509Chapter 9: Hybrid Network Routing and Connectivity 512Chapter 10: Network Automation 515Chapter 11: Monitor, Analyze, and Optimize Network Traffic 518Chapter 12: Security, Compliance and Governance 520Chapter 13: Network Monitoring and Logging 524Chapter 14: Confidentiality and Encryption 527Index 531