AWS Certified Advanced Networking - Specialty Exam Guide电子书

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Section 1: Introduction

Overview of AWS Certified Advanced Networking - Specialty Certification

Technical requirements

The exam blueprint

The exam requirements

The exam structure

Scoring

Knowledge domains

Taking the exam

Summary

Section 2: Managing Networks in AWS

Networking with the Virtual Private Cloud

Technical requirements

Introduction to the VPC

VPC networks

Private and public subnets

Public, elastic, and private IPs

Working with VPCs

Creating a VPC

Configuring DHCP options

VPC networking components

ENI

Routing, NAT, and internet access

Connecting public subnets to the internet

Connecting private subnets to the internet

VPC endpoints and PrivateLink

Gateway endpoint

Interface endpoint – powered by AWS PrivateLink

Configuring an endpoint

VPC peering

Limitations of VPC peering

Best practices

Network and VPC sizing

High availability

Routing

VPC peering recommendations

VPC limitations

Summary

Questions

Further reading

VPC Network Security

Technical requirements

An overview of network security

Understanding network security vulnerabilities

Network layer attacks

Service layer attacks

Exploiting vulnerabilities

Application layer attacks

Security in the OSI model

Layer 2

Layer 3

Layer 4

Layer 7

WAN to LAN access patterns

Controlling port-based traffic

Controlling access to applications

Securing the VPC

Security groups

NACLs

Controlling access

VPC Flow Logs

VPC Flow Log examples

Securing EC2 instance operating systems

EC2 network adapter characteristics

Controlling traffic to and from EC2 instances

Controlling access with the OS firewall

Advanced EC2 operating system security

Delivering advanced network security in AWS

Threats to modern applications

AWS WAF concepts

DDoS mitigation

Packet security

Advanced network security patterns

Summary

Questions

Further reading

Connecting On-Premises and AWS

Technical requirements

An overview of on-premises connectivity

Connecting VPCs and private networks

Connectivity across networks

Public IPv4 and IPv6 traffic patterns

IPv4

IPv6

Public routing and BGP

VPN with the virtual private gateway

Working with VPN

The VGW service limits

Securing VPNs

Connecting with Direct Connect

Working with Direct Connect

Direct Connect requirements

Securing Direct Connect

Designing highly available and secure WAN links

Reliability

Routing

Encryption

Summary

Questions

Further reading

Section 3: Managing and Securing Network-Attached Platform Services in AWS

Managing and Securing Servers with ELB

Technical requirements

Introduction to ELB

Types of ELB

Classic Load Balancer (CLB)

Application Load Balancer (ALB)

Network Load Balancing (NLB)

Working with the ELB

Cross-zone load balancing

Securing traffic on the ELB

Security controls on the ELB

Security of the traffic contents with encryption

Protection against DoS attacks

Summary

Questions

Further reading

Managing and Securing Content Distribution with CloudFront

Technical requirements

Introducing CloudFront

Working with CloudFront

Securing content delivery

Encryption

DDoS mitigation

Summary

Questions

Further reading

Managing and Securing the Route 53 Domain Name System

Technical requirements

Introduction to Route 53

DNS resource record types

Routing policies

Simple routing

Multi-value response

Latency-based routing

Failover routing

Weighted routing

Geo-location routing

Geo-proximity routing

Health checking

Registering a domain name

Best practices

Summary

Questions

Further reading

Managing and Securing API Gateway

Technical requirements

Introduction to API Gateway

How API Gateway works

Pricing

Securing API Gateway

Authentication and authorization

Cognito and IAM

Resource policies

Lambda authorizers

Usage plans

Encryption

DoS mitigation and enhanced security

Summary

Questions

Further reading

Section 4: Monitoring and Operating the AWS Networks

Monitoring and Troubleshooting Networks in AWS

Technical requirements

Introducing CloudWatch

How CloudWatch works

Metrics, logs, and alarms

Metrics

Logs

Alarms

Monitoring types – standard and detailed

Creating a CloudWatch alarm

AWS CloudTrail

Working with VPC Flow Logs

Flow logs recommendations and limitations

Monitoring network components

Monitoring ELB

Monitoring CloudFront

Monitoring the API gateway

Monitoring Route 53

Troubleshooting

EC2 instance not accessible

ELB not responding or responding with 503

CloudFront connectivity issues

Route 53 issues

Summary

Questions

Further reading

Section 5: Network automation in AWS

Network Automation with CloudFormation

Technical requirements

Introduction to CloudFormation

IaC versus the traditional approach

Benefits of IaC

CloudFormation basic elements

Templates

Template sections

Template policies

CreationPolicy

DeletionPolicy

UpdatePolicy and UpdateReplacePolicy

DependsOn

Stacks

Change sets

How CloudFormation works

Creating network services with CloudFormation

The VPC

Public subnets

Private subnets

Network access control lists

Trying out the template

Best practices

Summary

Questions

Further reading

Section 6: The Exam

Exam Tips and Tricks

Technical requirements

Introduction to the exam

Domain 1 – Design and implement hybrid IT network architectures at scale

Domain 2 – Design and implement AWS networks

Domain 3 – Automate AWS tasks

Domain 4 – Configure network integration with application services

Domain 5 – Design and implement for security and compliance

Domain 6 – Manage, optimize, and troubleshoot the network

Summary

Further reading

Mock Tests

Mock Test 1

Mock Test 2

Assessments

Chapter 2 – Networking with the Virtual Private Cloud

Chapter 3 – VPC Network Security

Chapter 4 – Connecting On-Premises and AWS

Chapter 5 – Managing and Securing Servers with ELB

Chapter 6 – Managing and Securing Content Distribution with CloudFront

Chapter 7 – Managing and Securing the Route 53 Domain Name System

Chapter 8 – Managing and Securing API Gateways

Chapter 9 – Monitoring and Troubleshooting Networks in AWS

Chapter 10 – Network Automation with CloudFormation

Mock test 1

Mock test 2

Other Books You May Enjoy

Leave a review - let other readers know what you think