Wednesday, September 22, 2021

AWS Certified Advanced Networking, 2021 Revision and Beyond

I’ve recertified at the time of writing this post – June 2021 – and wanted to share a bit of the experience and preparation for this one because it has been peculiar, to say the least.

My preparation is very particular because I tend to prepare my own materials using mostly my experience and the official resources available, which are quite good in general. So I checked out the certification site and the digital readiness training. It was almost the same as the last time. I took the sample questions; they were new but similar to the old ones, nothing really new there, except for Cloudwatch Insights.

My 2018 hard copy – completely worn out

I started preparing using the official guide – I bought it in London in 2018 – the docs, some videos from the digital readiness course and my notes from different projects that I’d been working on; I couldn’t help but thinking that the exam needed a refresh. After all, three years in “cloud-years” are a lot, maybe x2, due to the pace of current innovation. Also, many services were missing from the guide and exam outline, including Transit Gateway, AWS RAM, Global Accelerator … all very relevant for modern architectures.

Well, what do you know? I got an invitation to provide input on the new content outline of the exam!

The Certification

I’m sure that you are aware that AWS Certified Advanced Networking is regarded as one of the most challenging certifications, if not the most. It’s certainly very subjective, depending on many personal factors. In addition, the subject matter is complex, and the official guide it’s not for beginners. It doesn’t hold hands – no funny stories about pets or people – and there is no official practice exam, except for the ones provided with the official guide. Finally, the exam doesn’t take any prisoners; it’s really tough.

As with the other Specialties, you might get questions solely about the subject matter at hand, but many of them will be cross-domain: Security, Architecture, Cost, Compliance, DevOps … It’s not an exam for beginners, and you should hold, at the very least, an associate certification or the equivalent experience.

Don’t forget this exam – and the rest of the certifications – tests experience, not only technical knowledge, so if you don’t have it, you will need to make up for it.

The Exam

Sixty-five questions, multichoice, three hours – you know the drill.

A good surprise was waiting for me. I was expecting a new set of questions – one of my connections on LinkedIn mentioned it – and I got them. But I wasn’t expecting the exam to be so up-to-date! Really surprising, because I’d just finished a survey about the contents of the new revision of the exam.

Luckily, that wasn’t a problem because I prepare comprehensively, and networking seems to a big part of any project I work on.

The current revision goes beyond the official guide and updates services and scenarios. I have to say that the quality of the questions is higher than in previous incarnations: clearer and better wording and common real-life scenarios. Actually, I had faced most of them, so no unique special cases to trick you. However, that doesn’t mean they are easy. They are not. Some are lengthy, with similar responses, multi-choice …

The sample questions are very relevant, but (mostly) they don’t refer to the new services.

Sample question – Image property of aws.com

Happily, I passed and improved my score massively from last time, which it’s always nice 🙂

After the exam, I went online and found a post on the AWS certification blog about the exam, discussing the contents, from April’ 21. So I’d guess this update is quite recent.

Areas of Study

I got the outlines from the original post by Nigel Harris – kudos, mate 🙂 The contents are absolutely relevant for the exam. I’m adding my personal notes – in cursive – but check the original post for resources and the comments from the original author.

1. Edge network services

AWS LambdaLambda@Edge, Amazon CloudFront – Cloudfront is key; understand how it works with different origins. Remember, the RTMP distribution has been deprecated – mostly outdated content on the official guide – expand and review with other resources.

2. AWS global infrastructure and how to deploy foundational network elements

AWS Global Cloud Infrastructure, Virtual Private Cloud (VPC)

Dynamic Host Configuration Protocol (DHCP) configurations, route tables, network-access control lists (NACLs), and security groups.

NAT gateways (NGW), internet gateways (IGW), egress-only internet gateways (EIGW), and virtual gateways (VGW).

All basic stuff, you should know all that by heart if you are attempting the exam—good content on the official guide, but expand with other resources.

3. Hybrid network-connectivity options

VPNs, AWS Direct Connect – everything about them: technical specifications, scenarios, cost … good content on the official guide, but expand with other resources.

4. Inter-VPC connectivity options

VPC peering, AWS Transit Gateway – everything about them: technical specifications, scenarios, cost … outdated content on the official guide – expand and review with other resources. You should know about Transit VPC’s, though. It still appears on the exam, and you may have to deal with it in some project. If you don’t have real-life experience with the services, you should get some through laboratories or actual projects.

5. Automate network management using AWS CloudFormation

CloudFormation – got a few questions about it – good content on the official guide, but expand with other resources.

6.  Integrate VPC networks with other AWS services

AWS PrivateLink, Gateway Endpoints, Interface endpoints – everything about them: technical specifications, scenarios, cost … good content on the official guide, but expand with other resources. If you don’t have real-life experience with the services, you should get some through laboratories or actual projects.

7. Security and compliance

CloudFront and AWS Web Application Firewall (WAF)

IPAA, EU/US Privacy Shield, and PCI.

Mostly outdated content on the official guideexpand and review with other resources.

8. Methods to simplify network management and troubleshooting

VPC flow logs, access logs for your application load balancer, and CloudFront logs.

Traffic Mirroring

Mostly outdated content on the official guideexpand and review with other resources.

9.   Network configuration options for high performance applications

Placement groups, jumbo frames, and elastic network adapters.

Good content on the official guide, but expand with other resources.

10. Designs for reliability

AWS Well Architected Framework

Amazon Route 53 and AWS Global Accelerator 

Amazon VPC  AWS Elastic Load Balancing

Amazon CloudWatch

Mostly outdated content on the official guide, so expand with other resources. All those services are key, so make sure to get some real-life experience with them through laboratories or actual projects.

AWS Network Firewall, one of the latest additions – Image property of aws.com

New Revision is Coming

As I mentioned previously, while I was preparing for the recertification, I got an invitation to a survey about the contents of the new revision of the exam.

The thing is, the exam it’s updated. However, the official guide is not. So I’d guess this will be an opportunity to deliver a new guide and training content.

The new contents seem similar to the present incarnation, reducing the domains from five to four, adding new services, increasing security content, networking performance, reliability and monitoring. Potentially, there might be laboratories as well. The exam’s not getting any easier, that’s for sure 😉

I’d guess we may get a beta at the end of the year, looking forward to it!

Adolfo Estevez
A Estevezhttps://mnube.org
Cloud & Digital Evangelist | AWS x 13 Certified | GCP x 6 | Serverless | Machine Learning | Analytics |

Related Articles

Leave a Reply

Latest Articles

error:
%d bloggers like this: