AREA RISERVATA
 800-177596
 CHI SIAMO
 CONTATTACI
 AREA RISERVATA
 CONTATTACI
 800-177596

Vega Training

Formazione Certificata Ovunque

Certificazione AWS Certified Advanced Networking – Specialty

Corsi e Certificazioni Amazon AWS - Amazon Web Service - AWS Certification - Formazione AWS - Cloud Practtioner - Solution Architect - DevOps Engineer - Developer - SysOps Administrator - Aws Machine Learning - AWS Security - AWS Database - AWS Data Analytics - AWS Specialty

Certificazione AWS Certified Advanced Networking – Specialty

Panoramica | Svolgimento e Durata | Prerequisiti
Argomenti D’esame   |  Corsi di Preparazione

Panoramica   Svolgimento e Durata
Prerequisiti
Argomenti D’esame    Corsi di Preparazione

PANORAMICA

AWS Certified Advanced Networking - Specialty

Esame AWS Certified Advanced Networking – Specialty;

L’esame di certificazione AWS Certified Advanced Networking – Specialty (ANS-C01) mira a valutare le competenze avanzate dei candidati nella progettazione e nell’implementazione di soluzioni di rete su AWS. L’esame copre tematiche come l’architettura di rete, la sicurezza, la gestione delle prestazioni, l’automazione e l’ottimizzazione dei costi relativi alle soluzioni di rete.
L’obiettivo principale è garantire che i candidati dimostrino una conoscenza approfondita delle best practice e delle soluzioni avanzate AWS per la progettazione e la gestione di reti complesse. Durante l’esame, i candidati affronteranno argomenti quali la progettazione di reti ibride, l’integrazione di servizi AWS e di terze parti per la connettività e la sicurezza, e l’ottimizzazione delle prestazioni di rete.

Per conseguire la Certificazione AWS Certified Advanced Networking – Specialty è necessario sostenere con successo il seguente esame:
AWS ANS-C01;

Corsi propedeutici alla certificazione

Corsi di Preparazione:

– AWS Security Best Practices

– Exam Readiness: AWS Certified Advanced Networking – Specialty

Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri Docenti CLICCA QUI.
Oppure chiamaci subito al nostro numero verde  800-177596.

 SVOLGIMENTO E DURATA

Esame AWS Certified Advanced Networking – Specialty Durata 170 minuti circa 65 quesiti;

Negli esami sono presenti quesiti formulati in lingua inglese in forme differenti: Risposta Multipla; completamento di testo, collegamenti concettuali Drag and Drop; vere e proprie simulazioni laboratoriali.

 PREREQUISITI

Si consiglia la frequentazione dei seguenti corsi:

ARGOMENTI D’ESAME

Esame AWS Certified Advanced Networking – Specialty – ANS-C01

Domain 1: Network Design

  • Task Statement 1.1: Design a solution that incorporates edge network services to optimize user
  • performance and traffic management for global architectures.
  • Design patterns for the usage of content distribution networks (for example, Amazon CloudFront)
  • Design patterns for global traffic management (for example, AWS Global Accelerator)
  • Integration patterns for content distribution networks and global traffic management with other services (for example, Elastic Load Balancing, Amazon API Gateway)
  • Evaluating requirements of global inbound and outbound traffic from the internet to design an appropriate content distribution solution
  • Task Statement 1.2: Design DNS solutions that meet public, private, and hybrid requirements.
  • DNS protocol (for example, DNS records, timers, DNSSEC, DNS delegation, zones)
  • DNS logging and monitoring
  • Amazon Route 53 features (for example, alias records, traffic policies, resolvers, health checks)
  • Integration of Route 53 with other AWS networking services (for example, Amazon VPC)
  • Integration of Route 53 with hybrid, multi-account, and multi-Region options
  • Domain registration
  • Using Route 53 public hosted zones
  • Using Route 53 private hosted zones
  • Using Route 53 Resolver endpoints in hybrid and AWS architectures
  • Using Route 53 for global traffic management
  • Creating and managing domain registrations
  • Task Statement 1.3: Design solutions that integrate load balancing to meet high availability, scalability, and security requirements.
  • How load balancing works at layer 3, layer 4, and layer 7 of the OSI model
  • Different types of load balancers and how they meet requirements for network design, high availability, and security
  • Connectivity patterns that apply to load balancing based on the use case (for example, internal load balancers, external load balancers)
  • Scaling factors for load balancers
  • Integrations of load balancers and other AWS services (for example, Global Accelerator,
  • CloudFront, AWS WAF, Route 53, Amazon Elastic Kubernetes Service [Amazon EKS], AWS
  • Certificate Manager [ACM])
  • Configuration options for load balancers (for example, proxy protocol, cross-zone load balancing, session affinity [sticky sessions], routing algorithms)
  • Configuration options for load balancer target groups (for example, TCP, GENEVE, IP compared with instance)
  • AWS Load Balancer Controller for Kubernetes clusters
  • Considerations for encryption and authentication with load balancers (for example, TLS termination, TLS passthrough)
  • Selecting an appropriate load balancer based on the use case
  • Integrating auto scaling with load balancing solutions
  • Integrating load balancers with existing application deployments
  • Task Statement 1.4: Define logging and monitoring requirements across AWS and hybrid networks.
  • Amazon CloudWatch metrics, agents, logs, alarms, dashboards, and insights in AWS architectures to provide visibility
  • AWS Transit Gateway Network Manager in architectures to provide visibility
  • VPC Reachability Analyzer in architectures to provide visibility
  • Flow logs and traffic mirroring in architecture to provide visibility
  • Access logging (for example, load balancers, CloudFront)
  • Identifying the logging and monitoring requirements
  • Recommending appropriate metrics to provide visibility of the network status
  • Capturing baseline network performance
  • Task Statement 1.5: Design a routing strategy and connectivity architecture between on-premises networks and the AWS Cloud.
  • Routing fundamentals (for example, dynamic compared with static, BGP)
  • Layer 1 and layer 2 concepts for physical interconnects (for example, VLAN, link aggregation group [LAG], optics, jumbo frames)
  • Encapsulation and encryption technologies (for example, Generic Routing Encapsulation [GRE], IPsec)
  • Resource sharing across AWS accounts
  • Overlay networks
  • Identifying the requirements for hybrid connectivity
  • Designing a redundant hybrid connectivity model with AWS services (for example, AWS Direct
  • Connect, AWS Site-to-Site VPN)
  • Designing BGP routing with BGP attributes to influence the traffic flows based on the desired traffic patterns (load sharing, active/passive)
  • Designing for integration of a software-defined wide area network (SD-WAN) with AWS (for example, Transit Gateway Connect, overlay networks)
  • Task Statement 1.6: Design a routing strategy and connectivity architecture that include multiple AWS accounts, AWS Regions, and VPCs to support different connectivity patterns.
  • Different connectivity patterns and use cases (for example, VPC peering, Transit Gateway, AWS PrivateLink)
  • Capabilities and advantages of VPC sharing
  • IP subnets and solutions accounting for IP address overlaps
  • Connecting multiple VPCs by using the most appropriate services based on requirements (for example, using VPC peering, Transit Gateway, PrivateLink)
  • Using VPC sharing in a multi-account setup
  • Managing IP overlaps by using different available services and options (for example, NAT, PrivateLink, Transit Gateway routing)

 

Domain 2: Network Implementation

  • Task Statement 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud.
  • Routing protocols (for example, static, dynamic)
  • VPNs (for example, security, accelerated VPN)
  • Layer 1 and types of hardware to use (for example, Letter of Authorization [LOA] documents, colocation facilities, Direct Connect)
  • Layer 2 and layer 3 (for example, VLANs, IP addressing, gateways, routing, switching)
  • Traffic management and SD-WAN (for example, Transit Gateway Connect)
  • DNS (for example, conditional forwarding, hosted zones, resolvers)
  • Security appliances (for example, firewalls)
  • Load balancing (for example, layer 4 compared with layer 7, reverse proxies, layer 3)
  • Infrastructure automation
  • AWS Organizations and AWS Resource Access Manager (AWS RAM) (for example, multiaccount Transit Gateway, Direct Connect, Amazon VPC, Route 53)
  • Version 1.0 ANS-C01 6 | PAGE
  • Test connectivity (for example, Route Analyzer, Reachability Analyzer)
  • Networking services of VPCs
  • Configuring the physical network requirements for hybrid connectivity solutions
  • Configuring static or dynamic routing protocols to work with hybrid connectivity solutions
  • Configuring existing on-premises networks to connect with the AWS Cloud
  • Configuring existing on-premises name resolution with the AWS Cloud
  • Configuring and implementing load balancing solutions
  • Configuring network monitoring and logging for AWS services
  • Testing and validating connectivity between environments
  • Task Statement 2.2: Implement routing and connectivity across multiple AWS accounts, Regions, and
  • VPCs to support different connectivity patterns.
  • Inter-VPC and multi-account connectivity (for example, VPC peering, Transit Gateway, VPN, third-party vendors, SD-WAN, multiprotocol label switching [MPLS])
  • Private application connectivity (for example, PrivateLink)
  • Methods of expanding AWS networking connectivity (for example, Organizations, AWS RAM)
  • Host and service name resolution for applications and clients (for example, DNS)
  • Infrastructure automation
  • Authentication and authorization (for example, SAML, Active Directory)
  • Security (for example, security groups, network ACLs, AWS Network Firewall)
  • Test connectivity (for example, Route Analyzer, Reachability Analyzer, tooling)
  • Configuring network connectivity architectures by using AWS services in a single-VPC or multiVPC design (for example, DHCP, routing, security groups)
  • Configuring hybrid connectivity with existing third-party vendor solutions
  • Configuring a hub-and-spoke network architecture (for example, Transit Gateway, transit VPC)
  • Configuring a DNS solution to make hybrid connectivity possible
  • Implementing security between network boundaries
  • Configuring network monitoring and logging by using AWS solutions
  • Task Statement 2.3: Implement complex hybrid and multi-account DNS architectures.
  • When to use private hosted zones and public hosted zones
  • Methods to alter traffic management (for example, based on latency, geography, weighting)
  • DNS delegation and forwarding (for example, conditional forwarding)
  • Different DNS record types (for example, A, AAAA, TXT, pointer records, alias records)
  • DNSSEC
  • How to share DNS services between accounts (for example, AWS RAM)
  • Requirements and implementation options for outbound and inbound endpoints
  • Configuring DNS zones and conditional forwarding
  • Configuring traffic management by using DNS solutions
  • Configuring DNS for hybrid networks
  • Configuring appropriate DNS records
  • Configuring DNSSEC on Route 53
  • Configuring DNS within a centralized or distributed network architecture
  • Configuring DNS monitoring and logging on Route 53
  • Task Statement 2.4: Automate and configure network infrastructure.
  • Infrastructure as code (IaC) (for example, AWS Cloud Development Kit [AWS CDK], AWS
  • CloudFormation, AWS CLI, AWS SDK, APIs)
  • Event-driven network automation
  • Common problems of using hardcoded instructions in IaC templates when provisioning cloud networking resources
  • Creating and managing repeatable network configurations
  • Integrating event-driven networking functions
  • Integrating hybrid network automation options with AWS native IaC
  • Eliminating risk and achieving efficiency in a cloud networking environment while maintaining the lowest possible cost
  • Automating the process of optimizing cloud network resources with IaC

 

Domain 3: Network Management and Operations

  • Task Statement 3.1: Maintain routing and connectivity on AWS and hybrid networks.
  • Industry-standard routing protocols that are used in AWS hybrid networks (for example, BGP over Direct Connect)
  • Connectivity methods for AWS and hybrid networks (for example, Direct Connect gateway,
  • Transit Gateway, VIFs)
  • How limits and quotas affect AWS networking services (for example, bandwidth limits, route limits)
  • Available private and public access methods for custom services (for example, PrivateLink, VPC peering)
  • Available inter-Regional and intra-Regional communication patterns
  • Managing routing protocols for AWS and hybrid connectivity options (for example, over a
  • Direct Connect connection, VPN)
  • Maintaining private access to custom services (for example, PrivateLink, VPC peering)
  • Using route tables to direct traffic appropriately (for example, automatic propagation, BGP)
  • Setting up private access or public access to AWS services (for example, Direct Connect, VPN)
  • Optimizing routing over dynamic and static routing protocols (for example, summarizing routes, CIDR overlap)
  • Task Statement 3.2: Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns.
  • Network performance metrics and reachability constraints (for example, routing, packet size)
  • Appropriate logs and metrics to assess network performance and reachability issues (for example, packet loss)
  • Tools to collect and analyze logs and metrics (for example, CloudWatch, VPC Flow Logs, VPC
  • Traffic Mirroring)
  • Tools to analyze routing patterns and issues (for example, Reachability Analyzer, Transit
  • Gateway Network Manager)
  • Analyzing tool output to assess network performance and troubleshoot connectivity (for example, VPC Flow Logs, Amazon CloudWatch Logs)
  • Mapping or understanding network topology (for example, Transit Gateway Network Manager)
  • Analyzing packets to identify issues in packet shaping (for example, VPC Traffic Mirroring)
  • Troubleshooting connectivity issues that are caused by network misconfiguration (for example,
  • Reachability Analyzer)
  • Verifying that a network configuration meets network design requirements (for example,
  • Reachability Analyzer)
  • Automating the verification of connectivity intent as a network configuration changes (for example, Reachability Analyzer)
  • Troubleshooting packet size mismatches in a VPC to restore network connectivity
  • Task Statement 3.3: Optimize AWS networks for performance, reliability, and cost-effectiveness.
  • Situations in which a VPC peer or a transit gateway are appropriate
  • Different methods to reduce bandwidth utilization (for example, unicast compared with multicast, CloudFront)
  • Cost-effective connectivity options for data transfer between a VPC and on-premises environments
  • Different types of network interfaces on AWS
  • High-availability features in Route 53 (for example, DNS load balancing using health checks
  • with latency and weighted record sets)
  • Availability of options from Route 53 that provide reliability
  • Load balancing and traffic distribution patterns
  • VPC subnet optimization
  • Frame size optimization for bandwidth across different connection types
  • Optimizing for network throughput
  • Selecting the right network interface for the best performance (for example, elastic network interface, Elastic Network Adapter [ENA], Elastic Fabric Adapter [EFA])
  • Choosing between VPC peering, proxy patterns, or a transit gateway connection based on analysis of the network requirements provided
  • Implementing a solution on an appropriate network connectivity service (for example, VPC peering, Transit Gateway, VPN connection) to meet network requirements
  • Implementing a multicast capability within a VPC and on-premises environments
  • Creating Route 53 public hosted zones and private hosted zones and records to optimize application availability (for example, private zonal DNS entry to route traffic to multiple Availability Zones)
  • Updating and optimizing subnets for auto scaling configurations to support increased application load
  • Updating and optimizing subnets to prevent the depletion of available IP addresses within a
  • VPC (for example, secondary CIDR)
  • Configuring jumbo frame support across connection types
  • Optimizing network connectivity by using Global Accelerator to improve network performance and application availability

 

Domain 4: Network Security, Compliance, and Governance

  • Task Statement 4.1: Implement and maintain network features to meet security and compliance needs and requirements.
  • Different threat models based on application architecture
  • Common security threats
  • Mechanisms to secure different application flows
  • AWS network architecture that meets security and compliance requirements
  • Securing inbound traffic flows into AWS (for example, AWS WAF, AWS Shield, Network
  • Firewall)
  • Securing outbound traffic flows from AWS (for example, Network Firewall, proxies, Gateway
  • Load Balancers)
  • Securing inter-VPC traffic within an account or across multiple accounts (for example, security groups, network ACLs, VPC endpoint policies)
  • Implementing an AWS network architecture to meet security and compliance requirements (for example, untrusted network, perimeter VPC, three-tier architecture)
  • Developing a threat model and identifying appropriate mitigation strategies for a given network architecture
  • Testing compliance with the initial requirements (for example, failover test, resiliency)
  • Automating security incident reporting and alerting using AWS
  • Task Statement 4.2: Validate and audit security by using network monitoring and logging services.
  • Network monitoring and logging services that are available in AWS (for example, CloudWatch,
  • AWS CloudTrail, VPC Traffic Mirroring, VPC Flow Logs, Transit Gateway Network Manager)
  • Alert mechanisms (for example, CloudWatch alarms)
  • Log creation in different AWS services (for example, VPC flow logs, load balancer access logs,
  • CloudFront access logs)
  • Log delivery mechanisms (for example, Amazon Kinesis, Route 53, CloudWatch)
  • Mechanisms to audit network security configurations (for example, security groups, AWS
  • Firewall Manager, AWS Trusted Advisor)
  • Creating and analyzing a VPC flow log (including base and extended fields of flow logs)
  • Creating and analyzing network traffic mirroring (for example, using VPC Traffic Mirroring)
  • Implementing automated alarms by using CloudWatch
  • Implementing customized metrics by using CloudWatch
  • Correlating and analyzing information across single or multiple AWS log sources
  • Implementing log delivery solutions
  • Implementing a network audit strategy across single or multiple AWS network services and accounts (for example, Firewall Manager, security groups, network ACLs)
  • Task Statement 4.3: Implement and maintain confidentiality of data and communications of the network.
  • Network encryption options that are available on AWS
  • VPN connectivity over Direct Connect
  • Encryption methods for data in transit (for example, IPsec)
  • Network encryption under the AWS shared responsibility model
  • Security methods for DNS communications (for example, DNSSEC)
  • Implementing network encryption methods to meet application compliance requirements (for example, IPsec, TLS)
  • Implementing encryption solutions to secure data in transit (for example, CloudFront,
  • Application Load Balancers and Network Load Balancers, VPN over Direct Connect, AWS managed databases, Amazon S3, custom solutions on Amazon EC2, Transit Gateway
  • Implementing a certificate management solution by using a certificate authority (for example,
  • ACM, AWS Certificate Manager Private Certificate Authority [ACM PCA]) Implementing secure DNS communications

 CORSI DI PREPARAZIONE

CONTATTACI
UN NOSTRO CONSULENTE
TECNICO

Servizio attivo dal lunedì al giovedì 09.00-13.00 e 15.00-19.00 e Il venerdì dalle 09.00-13.00.

FORMAZIONE A DISTANZA

APPROFONDISCI

FORMAZIONE AZIENDALE

APPROFONDISCI

LABORATORIO LAVORO

APPROFONDISCI

LABORATORIO REMOTO

APPROFONDISCI

RICHIEDI CONSULENZA

APPROFONDISCI
ALTRE CERTIFICAZIONI
Cisco CCNA
DevNet Associate
CCNP Enterprise
Huawei HCIA R&S
CCNP Service Provider
CCNP Collaboration
Cisco Cybersecurity
CompTIA PenTest+
Fortinet NSE4
Fortinet NSE5
CCNP Security
Check Point CCSA
Palo Alto PCNSA
Check Point CCSE
CompTIA Linux+
Docker DCA
Kubernetes CKA
CompTIA A+
Windows Server 2019
Azure Administrator
AWS Solutions Architect
Google Cloud Engineer
Alibaba Cloud Computing
Azure Developer
VMware VCP-DCV
CCNP Data Center
Oracle SQL
Azure Database Admin
Azure Data Scientist Associate
Power BI
Java OCA
Programming C#
Python PCAP Associate
Altre Certificazioni