Knowledge domains

The questions in the exam are broken down into knowledge domains. Each knowledge domain will have a defined percentage of questions in the exam. However, the exam blueprint specifies that the knowledge domains might not match the number of questions exactly, and the percentages are posted for orientation purposes only.

The following knowledge domains are defined for the AWS Certified Advanced Networking – Specialty exam:

• Domain 1: Design and implement hybrid IT network architectures at scale – 23%: The questions focus on assessing the exam taker's ability to demonstrate the understanding of external network connectivity options and their characteristics. Expect questions on Direct Connect, VPNs, IPSec, bandwith, BGP routing, and prioritizing traffic.
  

• Domain 2: Design and implement AWS networks – 29%: This domain represents the core of the exam and will assess the exam taker's ability to understand and design AWS network concepts. Expect questions on VPCs, subnets, gateways, routing, and NAT.
  
• Domain 3: Automate AWS tasks – 8%: Automation is a big part of AWS, and domain 3 will assess the exam taker's ability to use CloudFormation to automate the deployment and management of networks and their topologies at scale. Expect questions on CloudFormation, with a focus on networking.
• Domain 4: Configure network integration with application services – 15%: This domain assesses the exam taker's ability to implement and integrate networking components with applications running in AWS. Teams in the cloud will have to understand each other's components and responsibilities, meaning that network engineers will now be required to understand both the application and the services the application depends on to correctly and efficiently configure the network. Questions will require a general understanding of AWS services and their relationship to the network.
• Domain 5: Design and implement for security and compliance – 12%: This domain focuses on security. Questions will assess whether the exam taker is able to design and configure networks in a secure and compliant manner and apply AWS best practices to the network configuration. Expect questions on NACLs, security groups, DDoS prevention, WAF, CloudFront, and the API gateway.
  
• Domain 6: Manage, optimize, and troubleshoot the network – 13%: The last domain focuses on testing and assessing the exam taker's ability and understanding of management, optimization, and the troubleshooting tools that are available and practiced in AWS. Expect questions on network service configuration techniques and procedures, as well as tools for optimizing and troubleshooting networks, such as flow logs.