Domain 2: Network Implementation (26% of the exam content)

This domain accounts for 26% of the exam content.

Task 2.1: Implement routing and connectivity between on-premises networks and the Cloud

Knowledge of:

Routing protocols (for example, static, dynamic)
VPNs (for example, security, accelerated VPN)
Layer 1 and types of hardware to use (for example, Letter of Authorization [LOA] documents, colocation facilities, Direct Connect)
Layer 2 and layer 3 (for example, VLANs, IP addressing, gateways, routing, switching)
Traffic management and SD-WAN (for example, Transit Gateway Connect)
DNS (for example, conditional forwarding, hosted zones, resolvers)
Security appliances (for example, firewalls)
Load balancing (for example, layer 4 compared with layer 7, reverse proxies, layer 3)
Infrastructure automation
Organizations and Resource Access Manager ( RAM) (for example, multi-account Transit Gateway, Direct Connect, Amazon VPC, Route 53)
Test connectivity (for example, Route Analyzer, Reachability Analyzer)
Networking services of VPCs

Skills in:

Configuring the physical network requirements for hybrid connectivity solutions
Configuring static or dynamic routing protocols to work with hybrid connectivity solutions
Configuring existing on-premises networks to connect with the Cloud
Configuring existing on-premises name resolution with the Cloud
Configuring and implementing load balancing solutions
Configuring network monitoring and logging for services
Testing and validating connectivity between environments

Knowledge of:

Inter-VPC and multi-account connectivity (for example, VPC peering, Transit Gateway, VPN, third-party vendors, SD-WAN, multi-protocol label switching [MPLS])
Private application connectivity (for example, PrivateLink)
Methods of expanding networking connectivity (for example, Organizations, RAM)
Host and service name resolution for applications and clients (for example, DNS)
Infrastructure automation
Authentication and authorization (for example, SAML, Active Directory)
Security (for example, security groups, network ACLs, Network Firewall)
Test connectivity (for example, Route Analyzer, Reachability Analyzer, tooling)

Skills in:

Configuring network connectivity architectures by using services in a single-VPC or multi-VPC design (for example, DHCP, routing, security groups)
Configuring hybrid connectivity with existing third-party vendor solutions
Configuring a hub-and-spoke network architecture (for example, Transit Gateway, transit VPC)
Configuring a DNS solution to make hybrid connectivity possible
Implementing security between network boundaries
Configuring network monitoring and logging by using solutions

Knowledge of:

When to use private hosted zones and public hosted zones
Methods to alter traffic management (for example, based on latency, geography, weighting)
DNS delegation and forwarding (for example, conditional forwarding)
Different DNS record types (for example, A, AAAA, TXT, pointer records, alias records)
DNSSEC
How to share DNS services between accounts (for example, RAM)
Requirements and implementation options for outbound and inbound endpoints

Skills in:

Knowledge of:

Infrastructure as code (IaC) (for example, Cloud Development Kit [ CDK], CloudFormation, CLI, SDK, APIs)
Event-driven network automation
Common problems of using hardcoded instructions in IaC templates when provisioning cloud networking resources

Skills in:

Creating and managing repeatable network configurations
Integrating event-driven networking functions
Integrating hybrid network automation options with native IaC
Eliminating risk and achieving efficiency in a cloud networking environment while maintaining the lowest possible cost
Automating the process of optimizing cloud network resources with IaC

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Domain 1: Network Design (30% of the exam content)

Domain 3: Network Management and Operation (20% of the exam content)