{"product_id":"aws-certified-advanced-networking-study-guide-9781394171859","title":"AWS Certified Advanced Networking Study Guide","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eThe latest edition of the official study guide for the AWS Advanced Networking certification specialty exam\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eThe newly revised second edition of the \u003ci\u003eAWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam\u003c\/i\u003e delivers an expert review of Amazon Web Services Networking fundamentals as they relate to the ANS-C01 exam. You'll find detailed explanations of critical exam topics combined with real-world scenarios that will help you build the robust knowledge base you need for the testand to succeed in the field as an AWS Certified Networking specialist. \u003c\/p\u003e\u003cp\u003eLearn about the design, implementation and deployment of AWS cloud-based Networking solutions, core services implementation, AWS service architecture design and maintenance (including architectural best practices), monitoring, Hybrid networks, security, compliance, governance, and network automation. The book also offers one year of free access to Sybex's online interactive learning environment and expert stu\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eIntroduction xxvii\u003c\/p\u003e \u003cp\u003eAssessment Test xxxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Network Design 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Edge Networking 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eContent Distribution Networking 4\u003c\/p\u003e \u003cp\u003eCloudFront 4\u003c\/p\u003e \u003cp\u003eCloudFront Implementation 6\u003c\/p\u003e \u003cp\u003eCaching and Object Retention 6\u003c\/p\u003e \u003cp\u003eInvalidations 8\u003c\/p\u003e \u003cp\u003eProtocol Support 9\u003c\/p\u003e \u003cp\u003eCloudFront Encryption Using SSL\/TLS and SNI 10\u003c\/p\u003e \u003cp\u003eCloudFront Security 11\u003c\/p\u003e \u003cp\u003eBilling 12\u003c\/p\u003e \u003cp\u003eLambda@edge 13\u003c\/p\u003e \u003cp\u003eGeo- restriction and Geolocation 13\u003c\/p\u003e \u003cp\u003eGlobal Accelerator 15\u003c\/p\u003e \u003cp\u003eGlobal Accelerator Architecture 17\u003c\/p\u003e \u003cp\u003eCustom Routing Accelerator 18\u003c\/p\u003e \u003cp\u003eAWS Global Accelerator Pricing 18\u003c\/p\u003e \u003cp\u003eElastic Load Balancers 19\u003c\/p\u003e \u003cp\u003eLoad Balancer Architectures 19\u003c\/p\u003e \u003cp\u003eListeners 19\u003c\/p\u003e \u003cp\u003eTarget Groups 20\u003c\/p\u003e \u003cp\u003eHealth Checking 20\u003c\/p\u003e \u003cp\u003eSticky Connections 20\u003c\/p\u003e \u003cp\u003eProxy Connections 21\u003c\/p\u003e \u003cp\u003eLoad Balancing Across Different Availability Zones 22\u003c\/p\u003e \u003cp\u003eConnection Draining 22\u003c\/p\u003e \u003cp\u003eAWS Load Balancer Offerings 23\u003c\/p\u003e \u003cp\u003eApplication Load Balancers 27\u003c\/p\u003e \u003cp\u003eGateway Load Balancers 29\u003c\/p\u003e \u003cp\u003eNetwork Load Balancer 31\u003c\/p\u003e \u003cp\u003eClassic Load Balancers 32\u003c\/p\u003e \u003cp\u003eConfiguring Elastic Load Balancers 32\u003c\/p\u003e \u003cp\u003eAPI Gateway 33\u003c\/p\u003e \u003cp\u003eRest Api 33\u003c\/p\u003e \u003cp\u003eHttp Api 34\u003c\/p\u003e \u003cp\u003eWebSocket Protocol 34\u003c\/p\u003e \u003cp\u003eAPI Gateway Configuration 34\u003c\/p\u003e \u003cp\u003eAPI Gateway Caching 35\u003c\/p\u003e \u003cp\u003eEndpoint Types 35\u003c\/p\u003e \u003cp\u003eSecurity 37\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization 37\u003c\/p\u003e \u003cp\u003eCloudFront Design Considerations 38\u003c\/p\u003e \u003cp\u003eSummary 39\u003c\/p\u003e \u003cp\u003eExam Essentials 39\u003c\/p\u003e \u003cp\u003eExercises 40\u003c\/p\u003e \u003cp\u003eWritten Lab 41\u003c\/p\u003e \u003cp\u003eWritten Lab 1.1: Create an HTTP API by Using the AWS Management Console 41\u003c\/p\u003e \u003cp\u003eReview Questions 42\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Domain Name Services 47\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDNS and Route 53 48\u003c\/p\u003e \u003cp\u003eDNS Overview 49\u003c\/p\u003e \u003cp\u003eArchitecture 50\u003c\/p\u003e \u003cp\u003eDNS Hierarchy 50\u003c\/p\u003e \u003cp\u003eZones 51\u003c\/p\u003e \u003cp\u003eDNS Resolution Process 51\u003c\/p\u003e \u003cp\u003eResource Records 52\u003c\/p\u003e \u003cp\u003eTimers 54\u003c\/p\u003e \u003cp\u003eDelegations 54\u003c\/p\u003e \u003cp\u003eDNSSEC Overview 54\u003c\/p\u003e \u003cp\u003eDNS Logging and Monitoring 55\u003c\/p\u003e \u003cp\u003eCloudTrail 55\u003c\/p\u003e \u003cp\u003eCloudWatch 57\u003c\/p\u003e \u003cp\u003eArtificial Intelligence and Machine Learning 57\u003c\/p\u003e \u003cp\u003eRedshift 58\u003c\/p\u003e \u003cp\u003eRoute 53 Advanced Features and Policies 58\u003c\/p\u003e \u003cp\u003eAlias Records 58\u003c\/p\u003e \u003cp\u003eResolvers 59\u003c\/p\u003e \u003cp\u003eRoute 53 Resolver DNS Firewall 60\u003c\/p\u003e \u003cp\u003eHealth Checks 60\u003c\/p\u003e \u003cp\u003eTraffic Routing Policies 61\u003c\/p\u003e \u003cp\u003eSimple Routing 61\u003c\/p\u003e \u003cp\u003eMultivalue Responses 63\u003c\/p\u003e \u003cp\u003eLatency- Based Routing 63\u003c\/p\u003e \u003cp\u003eFailover Routing 65\u003c\/p\u003e \u003cp\u003eRound- Robin Routing 65\u003c\/p\u003e \u003cp\u003eWeighted Routing 66\u003c\/p\u003e \u003cp\u003eGeo location 67\u003c\/p\u003e \u003cp\u003eGeo- proximity 68\u003c\/p\u003e \u003cp\u003eRoute 53 Service Integrations 68\u003c\/p\u003e \u003cp\u003eVpc 69\u003c\/p\u003e \u003cp\u003eCloudFront 69\u003c\/p\u003e \u003cp\u003eLoad Balancers 69\u003c\/p\u003e \u003cp\u003eRoute 53 Application Recovery Controller 70\u003c\/p\u003e \u003cp\u003eHybrid Route 53 70\u003c\/p\u003e \u003cp\u003eMulti- account Route 53 71\u003c\/p\u003e \u003cp\u003eMulti-Region Route 53 72\u003c\/p\u003e \u003cp\u003eUsing Route 53 Public Hosted Zones 72\u003c\/p\u003e \u003cp\u003eUsing Route 53 Private Hosted Zones 73\u003c\/p\u003e \u003cp\u003eUsing Route 53 Resolver Endpoints in Hybrid and AWS Architectures 73\u003c\/p\u003e \u003cp\u003eUsing Route 53 for Global Traffic Management 74\u003c\/p\u003e \u003cp\u003eRoute 53 Failover 75\u003c\/p\u003e \u003cp\u003eDomain Registration 75\u003c\/p\u003e \u003cp\u003eRequired Information to Register a Domain 76\u003c\/p\u003e \u003cp\u003ePrivacy Protection 78\u003c\/p\u003e \u003cp\u003eRoute 53 Registration Information 78\u003c\/p\u003e \u003cp\u003eRenewing Your Domain 78\u003c\/p\u003e \u003cp\u003eSummary 79\u003c\/p\u003e \u003cp\u003eExam Essentials 79\u003c\/p\u003e \u003cp\u003eExercises 80\u003c\/p\u003e \u003cp\u003eReview Questions 82\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Hybrid and Multi- account DNS 87\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing Hybrid and Multi- account DNS Architectures 88\u003c\/p\u003e \u003cp\u003eRoute 53 Hosted Zones 88\u003c\/p\u003e \u003cp\u003ePrivate Hosted Zones 89\u003c\/p\u003e \u003cp\u003ePublic Hosted Zones 89\u003c\/p\u003e \u003cp\u003eTraffic Management 90\u003c\/p\u003e \u003cp\u003eLatency 93\u003c\/p\u003e \u003cp\u003eGeo location 94\u003c\/p\u003e \u003cp\u003eWeighted 95\u003c\/p\u003e \u003cp\u003eFailover 96\u003c\/p\u003e \u003cp\u003eMultivalue 97\u003c\/p\u003e \u003cp\u003eHealth Checking 97\u003c\/p\u003e \u003cp\u003eDomain Delegation and Forwarding 99\u003c\/p\u003e \u003cp\u003eDelegating Domains 99\u003c\/p\u003e \u003cp\u003eForwarding Rules 100\u003c\/p\u003e \u003cp\u003eConfiguring Records in Route 53 100\u003c\/p\u003e \u003cp\u003eA Record 101\u003c\/p\u003e \u003cp\u003eAAAA Record 102\u003c\/p\u003e \u003cp\u003eCname 102\u003c\/p\u003e \u003cp\u003emx Record 104\u003c\/p\u003e \u003cp\u003eSOA Record 104\u003c\/p\u003e \u003cp\u003eTXT Record 106\u003c\/p\u003e \u003cp\u003ePTR Record 106\u003c\/p\u003e \u003cp\u003eAlias Record 106\u003c\/p\u003e \u003cp\u003eSRV Record 107\u003c\/p\u003e \u003cp\u003eSPF Record 107\u003c\/p\u003e \u003cp\u003eNAPTR Record 109\u003c\/p\u003e \u003cp\u003eCAA Record 109\u003c\/p\u003e \u003cp\u003eConfiguring DNSSEC 109\u003c\/p\u003e \u003cp\u003eMulti- account Route 53 110\u003c\/p\u003e \u003cp\u003eDNS Endpoints 111\u003c\/p\u003e \u003cp\u003eOutbound Endpoints 112\u003c\/p\u003e \u003cp\u003eInbound Endpoints 113\u003c\/p\u003e \u003cp\u003eConfiguring Route 53 Monitoring and Logging 114\u003c\/p\u003e \u003cp\u003eCloudTrail API Logging 115\u003c\/p\u003e \u003cp\u003eCloudWatch Logging 116\u003c\/p\u003e \u003cp\u003eDNS Query Logging 116\u003c\/p\u003e \u003cp\u003eResolver Query Logging 117\u003c\/p\u003e \u003cp\u003eHosted Zone Monitoring 117\u003c\/p\u003e \u003cp\u003eResolver Endpoints Monitoring 117\u003c\/p\u003e \u003cp\u003eDomain Registration Monitoring 118\u003c\/p\u003e \u003cp\u003eSummary 118\u003c\/p\u003e \u003cp\u003eExam Essentials 119\u003c\/p\u003e \u003cp\u003eWritten Labs 119\u003c\/p\u003e \u003cp\u003eWritten Lab 3.1: Configure Logging for DNS Queries 119\u003c\/p\u003e \u003cp\u003eWritten Lab 3.2: View DNS Query Metrics for a Public Hosted Zone in the CloudWatch Console 120\u003c\/p\u003e \u003cp\u003eReview Questions 121\u003c\/p\u003e \u003cp\u003e\u003cb\u003e                \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eElastic Load Balancing 128\u003c\/p\u003e \u003cp\u003eNetwork Load Balancing 129\u003c\/p\u003e \u003cp\u003eApplication Load Balancing 130\u003c\/p\u003e \u003cp\u003eGateway Load Balancing 131\u003c\/p\u003e \u003cp\u003eClassic Load Balancing 132\u003c\/p\u003e \u003cp\u003eNetwork Design 132\u003c\/p\u003e \u003cp\u003eHigh Availability 133\u003c\/p\u003e \u003cp\u003eSecurity 133\u003c\/p\u003e \u003cp\u003eELB Connectivity Patterns 134\u003c\/p\u003e \u003cp\u003eInternal Load Balancers 134\u003c\/p\u003e \u003cp\u003eExternal Load Balancers 135\u003c\/p\u003e \u003cp\u003eAutoscaling 136\u003c\/p\u003e \u003cp\u003eAWS Service Integrations 136\u003c\/p\u003e \u003cp\u003eConfig 137\u003c\/p\u003e \u003cp\u003eGlobal Accelerator 137\u003c\/p\u003e \u003cp\u003eCloudFront 138\u003c\/p\u003e \u003cp\u003eTraffic Mirroring 138\u003c\/p\u003e \u003cp\u003eVPC Endpoint Services (PrivateLink) 139\u003c\/p\u003e \u003cp\u003eWeb Application Firewall 139\u003c\/p\u003e \u003cp\u003eRoute 53 139\u003c\/p\u003e \u003cp\u003eAmazon Elastic Kubernetes Service 139\u003c\/p\u003e \u003cp\u003eAWS Certificate Manager 140\u003c\/p\u003e \u003cp\u003eELB Configuration Options 141\u003c\/p\u003e \u003cp\u003eProxy Protocol 141\u003c\/p\u003e \u003cp\u003eX- Forwarded- For Protocol 142\u003c\/p\u003e \u003cp\u003eCross- Zone Load Balancing 142\u003c\/p\u003e \u003cp\u003eSession Affinity and Sticky Sessions 143\u003c\/p\u003e \u003cp\u003eTarget Groups 145\u003c\/p\u003e \u003cp\u003eRouting 146\u003c\/p\u003e \u003cp\u003eTarget Types 146\u003c\/p\u003e \u003cp\u003eIP Address Type 146\u003c\/p\u003e \u003cp\u003eProtocol Version 146\u003c\/p\u003e \u003cp\u003eRegistered Targets 147\u003c\/p\u003e \u003cp\u003eRouting Algorithms 147\u003c\/p\u003e \u003cp\u003eDeregistration and Connection Draining 147\u003c\/p\u003e \u003cp\u003eDeletion Protection 147\u003c\/p\u003e \u003cp\u003eHealth Checking 149\u003c\/p\u003e \u003cp\u003eSlow Start 149\u003c\/p\u003e \u003cp\u003eThe GENEVE Protocol 149\u003c\/p\u003e \u003cp\u003eEncryption and Authentication 151\u003c\/p\u003e \u003cp\u003eSSL\/TLS Offload 151\u003c\/p\u003e \u003cp\u003eTLS Passthrough 151\u003c\/p\u003e \u003cp\u003eSummary 152\u003c\/p\u003e \u003cp\u003eExam Essentials 153\u003c\/p\u003e \u003cp\u003eExercises 154\u003c\/p\u003e \u003cp\u003eWritten Labs 154\u003c\/p\u003e \u003cp\u003eWritten Lab 4.1: Create a Network Load Balancer 154\u003c\/p\u003e \u003cp\u003eWritten Lab 4.2: Use the Console to Enable Deletion Protection 155\u003c\/p\u003e \u003cp\u003eWritten Lab 4.3: Use the Console to Disable Deletion Protection 156\u003c\/p\u003e \u003cp\u003eWritten Lab 4.4: Enable Application- Based Stickiness 156\u003c\/p\u003e \u003cp\u003eReview Questions 157\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Logging and Monitoring 163\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCloudWatch 164\u003c\/p\u003e \u003cp\u003eMetrics 164\u003c\/p\u003e \u003cp\u003eMonitoring Categories 165\u003c\/p\u003e \u003cp\u003eAgents 166\u003c\/p\u003e \u003cp\u003eLogging 167\u003c\/p\u003e \u003cp\u003eAlarms 168\u003c\/p\u003e \u003cp\u003eMetric Insights 170\u003c\/p\u003e \u003cp\u003eDashboards 170\u003c\/p\u003e \u003cp\u003eTransit Gateway Network Manager 171\u003c\/p\u003e \u003cp\u003eVPC Reachability Analyzer 171\u003c\/p\u003e \u003cp\u003eAccess Logs 173\u003c\/p\u003e \u003cp\u003eElastic Load Balancing 174\u003c\/p\u003e \u003cp\u003eRoute 53 Logs 175\u003c\/p\u003e \u003cp\u003eCloudFront Logs 175\u003c\/p\u003e \u003cp\u003eCloudTrail Logs 175\u003c\/p\u003e \u003cp\u003eX- Ray 176\u003c\/p\u003e \u003cp\u003eX- Ray Traces 176\u003c\/p\u003e \u003cp\u003eX- Ray Insights 177\u003c\/p\u003e \u003cp\u003eFlow Logs 178\u003c\/p\u003e \u003cp\u003eBaseline Network Performance 180\u003c\/p\u003e \u003cp\u003eInspector 180\u003c\/p\u003e \u003cp\u003eApplication Insights 181\u003c\/p\u003e \u003cp\u003eConfig 181\u003c\/p\u003e \u003cp\u003eSummary 182\u003c\/p\u003e \u003cp\u003eExam Essentials 183\u003c\/p\u003e \u003cp\u003eWritten Labs 184\u003c\/p\u003e \u003cp\u003eWritten Lab 5.1: Enable CloudWatch Detailed Monitoring for an Instance That Has Already Been Enabled 184\u003c\/p\u003e \u003cp\u003eWritten Lab 5.2: Enable CloudWatch Logging from the Web Console 185\u003c\/p\u003e \u003cp\u003eWritten Lab 5.3: Enable CloudWatch Alarms from the Web Console 185\u003c\/p\u003e \u003cp\u003eWritten Lab 5.4: Create a VPC Reachability Analyzer from the Web Console 186\u003c\/p\u003e \u003cp\u003eReview Questions 187\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Network Implementation 191\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Hybrid Networking 193\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHybrid Connectivity 194\u003c\/p\u003e \u003cp\u003eOSI Layer 1 194\u003c\/p\u003e \u003cp\u003eOptics 196\u003c\/p\u003e \u003cp\u003eOSI Layer 2 197\u003c\/p\u003e \u003cp\u003eVLANs 198\u003c\/p\u003e \u003cp\u003eLink Aggregation 199\u003c\/p\u003e \u003cp\u003eJumbo Frames 200\u003c\/p\u003e \u003cp\u003eEncapsulation and Encryption 200\u003c\/p\u003e \u003cp\u003eOverlay and Underlay Networks 200\u003c\/p\u003e \u003cp\u003eVxLan 201\u003c\/p\u003e \u003cp\u003eGeneric Routing Encapsulation 202\u003c\/p\u003e \u003cp\u003eIPSec 203\u003c\/p\u003e \u003cp\u003eGeneve 205\u003c\/p\u003e \u003cp\u003eRouting Fundamentals 205\u003c\/p\u003e \u003cp\u003eStatic Routing 206\u003c\/p\u003e \u003cp\u003eDynamic Routing 206\u003c\/p\u003e \u003cp\u003eThe BGP Routing Protocol 206\u003c\/p\u003e \u003cp\u003eDirect Connect 211\u003c\/p\u003e \u003cp\u003eDirect Connect Gateway 217\u003c\/p\u003e \u003cp\u003eVirtual Private Gateway 219\u003c\/p\u003e \u003cp\u003eSite- to- Site VPN 220\u003c\/p\u003e \u003cp\u003eVPN CloudHub 221\u003c\/p\u003e \u003cp\u003eAWS Account Resource Sharing 222\u003c\/p\u003e \u003cp\u003eSummary 222\u003c\/p\u003e \u003cp\u003eExam Essentials 223\u003c\/p\u003e \u003cp\u003eExercises 223\u003c\/p\u003e \u003cp\u003eWritten Labs 224\u003c\/p\u003e \u003cp\u003eWritten Lab 6.1: Simulate Creating a Direct Connection 224\u003c\/p\u003e \u003cp\u003eWritten Lab 6.2: Simulate Creating a Site- to- Site VPN Connection 224\u003c\/p\u003e \u003cp\u003eReview Questions 226\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Connecting On- Premises Networks 2\u003c\/b\u003e31\u003c\/p\u003e \u003cp\u003eOn- Premises Network Connectivity 232\u003c\/p\u003e \u003cp\u003eVPNs 232\u003c\/p\u003e \u003cp\u003eVPN Security 232\u003c\/p\u003e \u003cp\u003eAccelerated Site- to- Site VPN Connections 233\u003c\/p\u003e \u003cp\u003eLayer 1 and Types of Hardware to Use 235\u003c\/p\u003e \u003cp\u003eDirect Connect 235\u003c\/p\u003e \u003cp\u003eDirect Connect Locations 235\u003c\/p\u003e \u003cp\u003eLetter of Authorization Documents 236\u003c\/p\u003e \u003cp\u003eLayer 2 and Layer 3 236\u003c\/p\u003e \u003cp\u003eSwitching 236\u003c\/p\u003e \u003cp\u003eRouting 237\u003c\/p\u003e \u003cp\u003eGateways 238\u003c\/p\u003e \u003cp\u003eSoftware- Defined Networking 239\u003c\/p\u003e \u003cp\u003eTransit Gateway 241\u003c\/p\u003e \u003cp\u003ePrivateLink 241\u003c\/p\u003e \u003cp\u003eResource Access Manager 241\u003c\/p\u003e \u003cp\u003eTesting and Validating Connectivity Between Environments 243\u003c\/p\u003e \u003cp\u003eRoute Analyzer 243\u003c\/p\u003e \u003cp\u003eReachability Analyzer 243\u003c\/p\u003e \u003cp\u003eICMP ping 243\u003cbr\u003e traceroute 245\u003c\/p\u003e \u003cp\u003eSummary 246\u003c\/p\u003e \u003cp\u003eExam Essentials 247\u003c\/p\u003e \u003cp\u003eWritten Labs 248\u003c\/p\u003e \u003cp\u003eWritten Lab 7.1: Create a VPN Attachment on a Transit Gateway Using the Console 248\u003c\/p\u003e \u003cp\u003eWritten Lab 7.2: Perform a traceroute 250\u003c\/p\u003e \u003cp\u003eWritten Lab 7.3: Use ping 250\u003c\/p\u003e \u003cp\u003eReview Questions 251\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Inter- VPC and Multi- account Networking 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetworking Services of VPCs 256\u003c\/p\u003e \u003cp\u003eVPC Sharing 256\u003c\/p\u003e \u003cp\u003eVPC Peering 257\u003c\/p\u003e \u003cp\u003eMulti- account VPC Sharing 260\u003c\/p\u003e \u003cp\u003ePrivateLink 260\u003c\/p\u003e \u003cp\u003eHub- and- Spoke VPC Architectures 261\u003c\/p\u003e \u003cp\u003eTransit Gateway 262\u003c\/p\u003e \u003cp\u003eTransit Gateway Connect 265\u003c\/p\u003e \u003cp\u003etransit VPCs 266\u003c\/p\u003e \u003cp\u003eWide- Area Networking 266\u003c\/p\u003e \u003cp\u003eSoftware- Defined Wide Area Networking 267\u003c\/p\u003e \u003cp\u003eMulti Protocol Label Switching 268\u003c\/p\u003e \u003cp\u003eExpanding AWS Networking Connectivity 270\u003c\/p\u003e \u003cp\u003eOrganizations 271\u003c\/p\u003e \u003cp\u003eResource Access Manager 273\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization 274\u003c\/p\u003e \u003cp\u003eSecurity Association Markup Language 275\u003c\/p\u003e \u003cp\u003eActive Directory 275\u003c\/p\u003e \u003cp\u003eSummary 278\u003c\/p\u003e \u003cp\u003eExam Essentials 279\u003c\/p\u003e \u003cp\u003eExercises 280\u003c\/p\u003e \u003cp\u003eReview Questions 281\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Hybrid Network Routing and Connectivity 287\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIndustry- Standard Routing Protocols Used in AWS Hybrid Networks 288\u003c\/p\u003e \u003cp\u003eOptimizing Routing 288\u003c\/p\u003e \u003cp\u003eOptimizing Dynamic Routing 289\u003c\/p\u003e \u003cp\u003eOptimizing Static Routing 290\u003c\/p\u003e \u003cp\u003eRoute Priorities and Administrative Distance 290\u003c\/p\u003e \u003cp\u003eRoute Summarization 291\u003c\/p\u003e \u003cp\u003eRoute Propagation 292\u003c\/p\u003e \u003cp\u003eOverlapping Routes 292\u003c\/p\u003e \u003cp\u003eBGP Over Direct Connect 294\u003c\/p\u003e \u003cp\u003eConnectivity Methods for AWS and Hybrid Networks 294\u003c\/p\u003e \u003cp\u003eDirect Connect and Direct Connect Gateway 295\u003c\/p\u003e \u003cp\u003eDirect Connect Virtual Interfaces 295\u003c\/p\u003e \u003cp\u003eSite- to- Site VPN 296\u003c\/p\u003e \u003cp\u003eApp Mesh 296\u003c\/p\u003e \u003cp\u003eAWS Networking Limits and Quotas 297\u003c\/p\u003e \u003cp\u003eAvailable Private and Public Access Methods for Custom Services 304\u003c\/p\u003e \u003cp\u003ePrivateLink 305\u003c\/p\u003e \u003cp\u003eVPC Peering 305\u003c\/p\u003e \u003cp\u003eAvailable Inter- Regional and Intra- Regional Communication Patterns 306\u003c\/p\u003e \u003cp\u003eSummary 307\u003c\/p\u003e \u003cp\u003eExam Essentials 307\u003c\/p\u003e \u003cp\u003eWritten Lab 308\u003c\/p\u003e \u003cp\u003eWritten Lab 9.1: Enable Route Propagation in a VPC 308\u003c\/p\u003e \u003cp\u003eExercises 308\u003c\/p\u003e \u003cp\u003eReview Questions 309\u003c\/p\u003e \u003cp\u003ePart III Network Management and Operations 315\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Network Automation 317\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetwork Automation 318\u003c\/p\u003e \u003cp\u003eInfrastructure as Code 318\u003c\/p\u003e \u003cp\u003eAWS Cloud Development Kit 319\u003c\/p\u003e \u003cp\u003eAWS CloudFormation 320\u003c\/p\u003e \u003cp\u003eEventBridge 322\u003c\/p\u003e \u003cp\u003eAWS Command- Line Interface 322\u003c\/p\u003e \u003cp\u003eAWS Software Development Kit 323\u003c\/p\u003e \u003cp\u003eApplication Programming Interfaces 326\u003c\/p\u003e \u003cp\u003eIntegrating Network Automation Using Infrastructure as Code 327\u003c\/p\u003e \u003cp\u003eEvent- Driven Network Automation 328\u003c\/p\u003e \u003cp\u003eAutomating the Process of Optimizing Cloud Network Resources with IaC 329\u003c\/p\u003e \u003cp\u003eCommon Problems When Using Hard- Coded Instructions in IaC Templates 330\u003c\/p\u003e \u003cp\u003eCreating and Managing Repeatable Network Configurations 330\u003c\/p\u003e \u003cp\u003eIntegrating Event- Driven Networking Functions 331\u003c\/p\u003e \u003cp\u003eIntegrating Hybrid Network Automation Options with AWS Native IaC 332\u003c\/p\u003e \u003cp\u003eEliminating Risk and Achieving Efficiency in a Cloud Networking Environment 333\u003c\/p\u003e \u003cp\u003eSummary 334\u003c\/p\u003e \u003cp\u003eExam Essentials 335\u003c\/p\u003e \u003cp\u003eExercises 336\u003c\/p\u003e \u003cp\u003eReview Questions 337\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Monitor, Analyze, and Optimize Network Traffic 341\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMonitoring, Analyzing, and Optimizing AWS Networks 342\u003c\/p\u003e \u003cp\u003eMonitor and Analyze Network Traffic to Troubleshoot and Optimize Connectivity Patterns 342\u003c\/p\u003e \u003cp\u003eNetwork Performance Metrics and Reachability Constraints 344\u003c\/p\u003e \u003cp\u003eAppropriate Logs and Metrics to Assess Network Performance and Reachability Issues 345\u003c\/p\u003e \u003cp\u003eAWS Tools to Collect and Analyze Logs and Metrics 345\u003c\/p\u003e \u003cp\u003eAWS Tools to Analyze Routing Patterns and Issues 346\u003c\/p\u003e \u003cp\u003eAnalyzing Logging Output to Assess Network Performance and Troubleshoot Connectivity 347\u003c\/p\u003e \u003cp\u003eNetwork Topology Mapping 348\u003c\/p\u003e \u003cp\u003eAnalyzing Packets to Identify Issues 349\u003c\/p\u003e \u003cp\u003eUsing the Reachability Analyzer for Troubleshooting, Validating, and Automating Connectivity Issues 350\u003c\/p\u003e \u003cp\u003eOptimize AWS Networks for Performance, Reliability, and Cost- Effectiveness 351\u003c\/p\u003e \u003cp\u003eVPC Peering vs. Transit Gateways 351\u003c\/p\u003e \u003cp\u003eReducing Bandwidth Utilization with Multicast 352\u003c\/p\u003e \u003cp\u003eImplementing Multicast Capability Within a VPC and On- Premises Environments 352\u003c\/p\u003e \u003cp\u003eOptimizing Route 53 354\u003c\/p\u003e \u003cp\u003eFrame Size Optimization Across Different Connection Types 355\u003c\/p\u003e \u003cp\u003eJumbo Frame Support Across Different Connection Types 356\u003c\/p\u003e \u003cp\u003eOptimizing Network Throughput 357\u003c\/p\u003e \u003cp\u003eSelecting a Network Interface for Best Performance 357\u003c\/p\u003e \u003cp\u003eSelect Network Connectivity Services That Meet Requirements 358\u003c\/p\u003e \u003cp\u003eVPC Subnet Optimization 359\u003c\/p\u003e \u003cp\u003eUpdating and Optimizing Subnets to Prevent the Depletion of Available IP Addresses in a VPC 360\u003c\/p\u003e \u003cp\u003eUpdating and Optimizing Subnets for Autoscaling 361\u003c\/p\u003e \u003cp\u003eOptimizing Network Performance and Availability Using Caching and Compression 361\u003c\/p\u003e \u003cp\u003eSummary 363\u003c\/p\u003e \u003cp\u003eExam Essentials 365\u003c\/p\u003e \u003cp\u003eWritten Labs 367\u003c\/p\u003e \u003cp\u003eWritten Lab 11.1: Create a VPC Flow Log 367\u003c\/p\u003e \u003cp\u003eWritten Lab 11.2: Add a New Subnet to a VPC 367\u003c\/p\u003e \u003cp\u003eWritten Lab 11.3: Change the MTU on a Linux EC 2\u003c\/p\u003e \u003cp\u003eInterface 368\u003c\/p\u003e \u003cp\u003eExercises 368\u003c\/p\u003e \u003cp\u003eReview Questions 370\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV Network Security, Compliance, and Governance 375\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Security, Compliance and Governance 377\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity, Compliance, and Governance 378                          \u003c\/p\u003e \u003cp\u003eThreat Models 380\u003c\/p\u003e \u003cp\u003eCommon Security Threats 384\u003c\/p\u003e \u003cp\u003eSecuring Application Flows 385\u003c\/p\u003e \u003cp\u003eNetwork Architectures That Meet Security and Compliance Requirements 386\u003c\/p\u003e \u003cp\u003eSecuring Inbound Traffic Flows 388\u003c\/p\u003e \u003cp\u003eWeb Application Firewall 388\u003c\/p\u003e \u003cp\u003eNetwork Firewall 389\u003c\/p\u003e \u003cp\u003eShield 390\u003c\/p\u003e \u003cp\u003eSecurity Groups 391\u003c\/p\u003e \u003cp\u003eNetwork Access Control Lists 391\u003c\/p\u003e \u003cp\u003eSecuring Outbound Traffic Flows 392\u003c\/p\u003e \u003cp\u003eNetwork Firewall 393\u003c\/p\u003e \u003cp\u003eProxies 393\u003c\/p\u003e \u003cp\u003eGateway Load Balancers 394\u003c\/p\u003e \u003cp\u003eRoute 53 Resolvers 394\u003c\/p\u003e \u003cp\u003eVirtual Private Networks 395\u003c\/p\u003e \u003cp\u003eVPC Endpoint Services: PrivateLink 395\u003c\/p\u003e \u003cp\u003eSecuring Inter- VPC Traffic 396\u003c\/p\u003e \u003cp\u003eNetwork ACLs 396\u003c\/p\u003e \u003cp\u003eVPC Endpoint Policies 396\u003c\/p\u003e \u003cp\u003eSecurity Groups 396\u003c\/p\u003e \u003cp\u003eTransit Gateway 397\u003c\/p\u003e \u003cp\u003eVPC Peering 397\u003c\/p\u003e \u003cp\u003eImplementing an AWS Network Architecture to Meet Security and Compliance Requirements 397\u003c\/p\u003e \u003cp\u003eUntrusted Networks 397\u003c\/p\u003e \u003cp\u003ePerimeter VPC 398\u003c\/p\u003e \u003cp\u003eThree- Tier Architecture 399\u003c\/p\u003e \u003cp\u003eHub- and- Spoke Architecture 399\u003c\/p\u003e \u003cp\u003eDevelop a Threat Model and Identify Mitigation Strategies 399\u003c\/p\u003e \u003cp\u003eCompliance Testing 401\u003c\/p\u003e \u003cp\u003eAutomating Security Incident Reporting and Alerting 402\u003c\/p\u003e \u003cp\u003eSummary 403\u003c\/p\u003e \u003cp\u003eExam Essentials 407\u003c\/p\u003e \u003cp\u003eExercises 408\u003c\/p\u003e \u003cp\u003eWritten Labs 409\u003c\/p\u003e \u003cp\u003eWritten Lab 12.1: Download an Artifact Report 409\u003c\/p\u003e \u003cp\u003eWritten Lab 12.2: Request a Public SSL\/TLS Certificate from the AWS Console 409\u003c\/p\u003e \u003cp\u003eWritten Lab 12.3: Review a Security Group Configuration from the AWS Console 410\u003c\/p\u003e \u003cp\u003eReview Questions 411\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Network Monitoring and Logging 417\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetwork Monitoring and Logging Services in AWS 418\u003c\/p\u003e \u003cp\u003eAWS CloudTrail 419\u003c\/p\u003e \u003cp\u003eVPC Traffic Mirroring 420\u003c\/p\u003e \u003cp\u003eVPC Flow Logs 421\u003c\/p\u003e \u003cp\u003eTransit Gateway Logging 423\u003c\/p\u003e \u003cp\u003eAlerting Mechanisms 426\u003c\/p\u003e \u003cp\u003eCloudWatch Alarms 426\u003c\/p\u003e \u003cp\u003eSimple Notification Service 427\u003c\/p\u003e \u003cp\u003eLog Creation with Different AWS Services 428\u003c\/p\u003e \u003cp\u003eLoad Balancer Access Logs 429\u003c\/p\u003e \u003cp\u003eCloudFront Access Logs 430\u003c\/p\u003e \u003cp\u003eLog Delivery Mechanisms 431\u003c\/p\u003e \u003cp\u003eKinesis 432\u003c\/p\u003e \u003cp\u003eRoute 53 433\u003c\/p\u003e \u003cp\u003eCloudWatch 434\u003c\/p\u003e \u003cp\u003eMechanisms to Audit Network Security Configurations 435\u003c\/p\u003e \u003cp\u003eSecurity Groups 436\u003c\/p\u003e \u003cp\u003eFirewall Manager 437\u003c\/p\u003e \u003cp\u003eTrusted Advisor 437\u003c\/p\u003e \u003cp\u003eTraffic Mirroring and Flow Logs 438\u003c\/p\u003e \u003cp\u003eCreating and Analyzing VPC Flow Logs 439\u003c\/p\u003e \u003cp\u003eCreating and Analyzing Network Traffic Mirroring 441\u003c\/p\u003e \u003cp\u003eCloudWatch 441\u003c\/p\u003e \u003cp\u003eImplementing Automated Alarms Using CloudWatch 442\u003c\/p\u003e \u003cp\u003eImplementing Customized Metrics Using CloudWatch 443\u003c\/p\u003e \u003cp\u003eCorrelating and Analyzing Information Across Single or Multiple AWS Log Sources 444\u003c\/p\u003e \u003cp\u003eImplementing Log Delivery Solutions 445\u003c\/p\u003e \u003cp\u003eImplementing a Network Audit Strategy 446\u003c\/p\u003e \u003cp\u003eSummary 447\u003c\/p\u003e \u003cp\u003eExam Essentials 448\u003c\/p\u003e \u003cp\u003eExercises 450\u003c\/p\u003e \u003cp\u003eReview Questions 452\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Confidentiality and Encryption 457\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eConfidentiality and Encryption 458\u003c\/p\u003e \u003cp\u003eNetwork Encryption Options Available on AWS 459\u003c\/p\u003e \u003cp\u003eVPN Connectivity Over Direct Connect 460\u003c\/p\u003e \u003cp\u003eEncryption Methods for Data in Transit 461\u003c\/p\u003e \u003cp\u003eNetwork Encryption and the AWS Shared Responsibility Model 462\u003c\/p\u003e \u003cp\u003eSecurity Methods for DNS Communications 464\u003c\/p\u003e \u003cp\u003eImplementing Network Encryption Methods to Meet Application Compliance Requirements 465\u003c\/p\u003e \u003cp\u003eIPSec 466\u003c\/p\u003e \u003cp\u003eTls 468\u003c\/p\u003e \u003cp\u003eImplementing Encryption Solutions to Secure Data in Transit 470\u003c\/p\u003e \u003cp\u003eCloudFront 471\u003c\/p\u003e \u003cp\u003eApplication Load Balancers and Network Load Balancers 472\u003c\/p\u003e \u003cp\u003eSecuring AWS Managed Databases 472\u003c\/p\u003e \u003cp\u003eSecuring Amazon S3 Buckets 475\u003c\/p\u003e \u003cp\u003eSecuring EC2 Instances 476\u003c\/p\u003e \u003cp\u003eTransit Gateway 477\u003c\/p\u003e \u003cp\u003eCertificate Management Using a Certificate Authority 479\u003c\/p\u003e \u003cp\u003eAWS Certificate Manager and Private Certificate Authority 480\u003c\/p\u003e \u003cp\u003eSummary 481\u003c\/p\u003e \u003cp\u003eExam Essentials 483\u003c\/p\u003e \u003cp\u003eExercises 484\u003c\/p\u003e \u003cp\u003eReview Questions 485\u003c\/p\u003e \u003cp\u003eAppendix Answers to Review Questions 491\u003c\/p\u003e \u003cp\u003eChapter 1: Edge Networking 492\u003c\/p\u003e \u003cp\u003eChapter 2: Domain Name Services 494\u003c\/p\u003e \u003cp\u003eChapter 3: Hybrid and Multi- account DNS 497\u003c\/p\u003e \u003cp\u003eChapter 4: Load Balancing 499\u003c\/p\u003e \u003cp\u003eChapter 5: Logging and Monitoring 502\u003c\/p\u003e \u003cp\u003eChapter 6: Hybrid Networking 505\u003c\/p\u003e \u003cp\u003eChapter 7: Connecting On- Premises Networks 507\u003c\/p\u003e \u003cp\u003eChapter 8: Inter- VPC and Multi- account Networking 509\u003c\/p\u003e \u003cp\u003eChapter 9: Hybrid Network Routing and Connectivity 512\u003c\/p\u003e \u003cp\u003eChapter 10: Network Automation 515\u003c\/p\u003e \u003cp\u003eChapter 11: Monitor, Analyze, and Optimize Network Traffic 518\u003c\/p\u003e \u003cp\u003eChapter 12: Security, Compliance and Governance 520\u003c\/p\u003e \u003cp\u003eChapter 13: Network Monitoring and Logging 524\u003c\/p\u003e \u003cp\u003eChapter 14: Confidentiality and Encryption 527\u003c\/p\u003e \u003cp\u003eIndex 531\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48738661204311,"sku":"9781394171859","price":47.5,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781394171859.jpg?v=1720049811","url":"https:\/\/bookcurl.com\/products\/aws-certified-advanced-networking-study-guide-9781394171859","provider":"Book Curl","version":"1.0","type":"link"}