AWS Certified Advanced Networking Specialty - My Continued Journey Into AWS Cloud Networking

Earlier this month I achieved the AWS Certified Advanced Networking – Specialty (ANS) certification. View my verified achievement from Amazon Web Services Training and Certification!

Here are some of my notes, observations and preparation tips for the AWS Certified Advanced Networking – Specialty (ANS-C00) exam.

Context

But first let me provide some context such that you can properly gauge my assessment of the exam difficulty. During my exam preparation I read several blog posts on the topic of ANS exam preparation and the majority of these blogs indicated the ANS exam was the hardest AWS exam. But these blog posts also lacked clear information regarding the writer’s prior networking knowledge and experience. So for me it was not clear in which context to view these statements and I want to avoid this situation for the readers of this blog post.

At the time of writing I am AWS Certified Solutions Architect - Associate (SAA) and Cisco Certified Network Professional (CCNP) Enterprise certified with extensive cloud & networking knowledge and experience. Before pursuing the AWS Certified Advanced Networking – Specialty (ANS) certification I was already actively involved with AWS and cloud networking, e.g.:

• In 2018 and 2019 I helped train 60+ colleagues during their preparation for the AWS Certified Solutions Architect - Associate certification. I myself achieved this certification in Jan. 2019;
• In 2020 I followed the excellent Networking in Public Cloud Deployments online course, in which I learned about AWS and Azure networking and deploying cloud networking infrastructures using infrastructure as code (IaC) tools;
• In the past couple of years I’ve been involved with designing and building enterprise-scale hybrid and multi-cloud networking infrastructures, providing a seamless connectivity experience between cloud and on-premises infrastructure;

I hope this context helps you to put the rest of this blog post in perspective.

My Take On The Certification And Exam

Even though I had prior AWS networking knowledge and experience I still learned a lot preparing for the exam. My prior knowledge and experience was more focussed on hybrid networking services such as Direct Connect (DX), Direct Connect Gateway (DXGW), Transit Gateway (TGW), Virtual Private Cloud (VPC), Virtual Private Gateway (VGW), NAT Gateway, PrivateLink, Route 53, etc. I learned a lot in areas in which my pre-existing knowledge was lacking, e.g. edge networking (CloudFront, CloudFront Functions and Lambda@Edge), enhanced networking on Linux and Windows, Client VPN, Site-to-Site VPN and the different service-related network requirements, e.g. for Elastic Container Service (ECS), Redshift, WorkSpaces, etc.

Preparing for the ANS certification allowed me to deepen and broaden my AWS networking knowledge and skills. For me, certification is a bonus and a consequence of acquired knowledge and skills. And although you can acquire knowledge and skills without pursuing a certification, I like the fact that there is vendor validation of the gained knowledge and skills. Preparing for certification also helps me to structure and guide my learning. To me, the goal is not the certification itself but the knowledge gained along the learning journey towards certification. The certification is just the cherry on top and being certified does not mean the learning journey has ended.

Overall, I found the exam neither easy nor too difficult. Maybe I was lucky with a “not so difficult” version of the exam. But I think my assessment of the ANS exam difficulty is mainly influenced by the combination of having cloud infrastructure and networking as core competencies, being well read beforehand on (parts of) the subject matter, and being well prepared for the exam. I suspect that a cloud DevOps engineer, with little to no networking knowledge and experience, will find the ANS exam one of the hardest AWS exams. But the same would apply for me with the AWS Certified Developer - Associate and AWS Certified DevOps Engineer - Professional exam as I lack a developer background and experience.

Overall, I think it is easier for a network professional to obtain the ANS certification than it is for a cloud professional without meaningful networking knowledge and experience.

Pre-Requisite Knowledge

Although networking is not radically different in the cloud, in my experience, it is still different enough to bamboozle both networking and cloud professionals alike:

• Networking professionals are typically struggling with mapping the purpose-built, bounded and virtual, AWS networking services and abstracted cloud constructs to traditional networking and infrastructure constructs. On top of that the required knowledge of the cloud context, in which the network services are to be applied, may be lacking;
• Cloud professionals are typically struggling with understanding networking concepts altogether and have difficulty selecting the appropriate cloud networking services to adequately support their workload goals. For cloud professionals the cloud context itself is not the problem, but the network services and how to apply them;

Pre-Requisite Knowledge For Network Professionals

It definitely helps to have basic knowledge on, and experience with, the core AWS services. AWS products and services are like lego blocks that you need to assemble in a proper manner in order to build the needed infrastructure, applications and services in the cloud. It helps to be at least familiar with the main core AWS services and this is assumed pre-requisite knowledge for the ANS exam. This is particularly important for network professionals, as I assume cloud professionals will already have this knowledge and experience.

My advise is, if not already done, to pursue the AWS Certified Solutions Architect - Associate (SAA) certification or at least study its required material before pursuing the ANS certification. The ANS exam validates advanced technical skills and experience for design and implementation of AWS and hybrid IT network architectures at scale, e.g. how to apply, integrate and troubleshoot networking services and solutions in the context of a described AWS cloud environment/workload and/or on-premises infrastructure. The SAA required study material addresses the core AWS services that are required AWS knowledge for the ANS certification.

Pre-Requisite Knowledge For Cloud Professionals

For cloud professionals, I assume they already are familiar with the core AWS services but need to level up on their networking knowledge. A great and open-source resource to level up on networking basics and principles is: Computer Networking: Principles, Protocols and Practice, (c) 2011-2021, Olivier Bonaventure, Universite catholique de Louvain (Belgium). If you also want to pursue a networking certification then I would advise the CCNP Enterprise certification or at least the required study material for the Implementing Cisco Enterprise Network Core Technologies (ENCOR). The official CCNP Enterprise Core study guide is a great resource.

My Exam Preparation Approach

Here is my ANS certification preparation approach. This approach works well for me and I’ve successfully used a similar approach for achieving other certifications, e.g. AWS Certified Solutions Architect - Associate, Cisco Certified Network Professional (CCNP) Enterprise and CISSP. I created my ANS study plan primarily based on, the bit dated but still relevant, AWS Certified Advanced Networking Official Study Guide: Specialty Exam. The reason to based my plan on the official study guide is because I prefer reading-based learning over video-based. However, my approach should also work for video-based learning.

My ANS study plan includes the following:

• Study time: reading the official study guide and taking notes, setting intermediate goals for chapters read by week, e.g. chapters 1-3 in week x, chapter 4-5 in week x+1, etc. I find that taking notes helps me to better memorize the information I just read. Furthermore, it allows for easier review later on in the learning journey. See also this article on the benefits of taking notes while reading;
• Time to perform hands-on exercises and labs. Hands-on exercises and labs help me to solidify my understanding of the AWS networking services, especially when performed immediately after reading about the service/topic. I took the opportunity to expand my Terraform knowledge and skills (as a side project as Terraform is outside the scope of the ANS exam) by labbing up the official study guide’s hands-on exercises and some interesting AWS Networking & Content Delivery Technical How-To’s, such as Simulating Site-to-Site VPN Customer Gateways Using strongSwan, using Terraform;
• I carefully reviewed the latest ANS-C00 exam guide and Networking and Content Delivery Ramp-Up Guide for services and exam content that is not covered by the official study guide. Here are some examples of gaps I identified with the official study guide:
  • Global Accelerator;
  • Local Zones;¹
  • Transit Gateway;
  • Wavelength; ¹
  • The study guide talks about the “24x7 AWS DDoS Response Team (DRT)” while practice exams and the latest AWS documentation talks about the “24x7 AWS Shield Response Team (SRT)";
• Time to review the ANS recommended AWS networking whitepapers;
• Time for practice exams. The result of a practice exam will identify knowledge gaps to be addressed in the next item;
• Time to review my notes, AWS service documentation and FAQ pages to address gaps in knowledge and understanding. Rinse and repeat with previous item with a new practice exam;
• Add some slack time to accommodate for periods that you are not able to study for whatever (incidental) reason, e.g. family & friends, work, sickness, holidays, fed up with studying, etc.;

My exam preparation through time was about 12 weeks (3 months) including slack time. The 12 week exam prep duration was more than enough for me. I had periods in which I did not study at all and/or spend too much time on hands-on exercises because I wanted to increase my Terraform knowledge and skills. But in doing so, I deepened my knowledge of both AWS networking services and Terraform. So in the end it was worth it.

I later found this McKinsey blog post on intentional learning that has some overlap with how I approach learning including a set, 3 month, period to achieve development goals. Depending on your ANS pre-requisite knowledge situation you may need another 3 months to satisfy this required knowledge before proceeding with ANS.

Exam Preparation Tips

Before The Exam

• In my case nothing works better than working towards a deadline. Based on the study plan already set a preliminary exam date in your calendar without scheduling the exam just yet. Work towards that planned date and reassess halfway through your preparation if you are on track. If on track, proceed to schedule the exam for the planned exam date. At a later stage you can always reschedule the exam when you find your progress is not what it needs to be and/or you feel you are not ready to take the exam. You can reschedule an exam up to 24 hours before the originally scheduled date;
• Perform hands-on labs using a (free tier) AWS account. Hands-on labs deepen your knowledge and understanding of the services. The majority of the hands-on exercises in the official study guide can performed for a very low cost (<$5-10), just make sure to clean-up after yourself and terminate unused resources. IaC tools, e.g. Terraform or CloudFormation, make cleaning up a lot easier through automation;
• Non-native English speakers can request a 30 minute English as a second language (ESL +30) extension when taking the exam in English. You need to request this exam accommodation before scheduling the exam, see AWS Before Testing - Requesting Accommodations for details. This extra time may come in handy when reviewing long and detailed questions & answers;

During The Exam

• Read each exam question, and corresponding answers, carefully and in full before answering.
  • The answers can contain multiple technically correct answers but may not necessarily be the best answer to the question. So you may still answer incorrectly if simply pick the first technically correct answer. Read all answers in full and pick the one(s) that best satisfy the criteria laid out in the question;
  • I had a couple of questions that I marked for review and for several of them it appeared I did not read the question/answers carefully enough the first time round. After rereading these marked questions, and corresponding answers, I came to a different conclusion on more than a couple of occasions;
• Do not panic when you get long, detailed, and exhaustive questions and answers. My experience is that these type of long questions and answers are in the minority;
• Do not spend too much time on any single question and make sure you have the opportunity to answer all questions. An unanswered question is scored the same as an incorrect answer, so why not guess if you do not know the correct answer. It would be a shame to fail the exam because you did not answer all questions. If you are unsure of the correct answer, try eliminating all obvious wrong answers and guess between the remaining potentially correct answers. Mark these questions for later review. In this way, you at least have the possibility to answer all questions first and, time permitting, you can spend more time and attention to questions you are unsure of;

Resources

I used the following resources to prepare for the ANS exam:

• AWS Certified Advanced Networking Official Study Guide: Specialty Exam: I used this book as my main learning resource. Although the book is a bit dated, the foundational elements are still relevant. The book also contains some very useful hands-on, and low-cost, exercises. However, newer services and features such as Local Zones, Transit Gateway and Wavelength are not covered;
• ANS recommended resources: to prepare for the exam, e.g. the latest exam guide, recommended whitepapers, etc. Great as supplement to the official study guide;
• Stéphane Maarek & Chetan Agrawal - AWS Certified Advanced Networking Specialty 2021: great course, which I mainly used for newer AWS networking services and topics that are not covered by the official study guide. I only used the slides and did not watch the videos;
• Exam Readiness: AWS Certified Advanced Networking - Specialty (Digital): for (final) tips to navigate the exam and review key concepts and topics;
• Last year’s AWS re:Invent Networking & Content Delivery sessions: I checked out a select set of re:Invent sessions on AWS network services, design patterns, best practices and deep dives in order to fill knowledge gaps. I understood that the AWS exam content only contains AWS products/services that have been generally available (GA) for more than one year. For example, during my Dec. 2021 exam I got questions regarding Transit Gateway (GA in 2018), Local Zones and Wavelength (GA in 2019), but none regarding Gateway Load Balancer and Network Firewall (GA in Nov. 2020), or Transit Gateway Connect (GA in Dec. 2020). The services that may be included in the exam will depend on your exam date, so be sure to keep an eye on this and check-out the re:Invent sessions for these services;
• Tutorials Dojo - AWS Certified Advanced Networking – Specialty Practice Exams 2021: good practice exams that provide a realistic exam experience, both in how questions/answers are formulated and in question difficulty. Furthermore, the explanation of the answers are elaborate. I used these practice exams to gauge my knowledge/understanding and identify weak spots, allowing me to focus on my weak spots during the final weeks before the exam;

Here are some supplemental resources. I did not use these resources for my ANS exam preparation but you may find them useful to address (pre-requisite) knowledge gaps and/or for hands-on labs:

• ipSpace - Cloud Computing and Networking: Great (paid) resource on AWS and Azure cloud networking services. Network professionals may find this resource useful to level up on cloud networking;
• Computer Networking: Principles, Protocols and Practice, (c) 2011-2021, Olivier Bonaventure, Universite catholique de Louvain (Belgium): Great open-source resource on networking basics and principles. Non-networking professionals may find this resource useful to level up on (traditional) networking;
• AWS Networking Immersion Day: a 300 level AWS networking workshop;
• AWS Skill Builder - Networking Learning Plan: 18 hours of self-paced e-learning to help prepare you for the ANS certification exam;

In Closing

Overall, I learned a lot by preparing for the AWS Certified Advanced Networking – Specialty (ANS) certification. Pursuing the ANS certification was definitely worth it and helped me deepen and broaden my AWS networking knowledge and skills. Along the way I also broadened and deepened my Terraform skills by performing the hands-on exercises in the ANS official study guide, as well as some interesting AWS Networking & Content Delivery Technical How-To’s, using Terraform.

A future blog post will be dedicated to one of the hands-on exercises/labs I did using Terraform.

P.S.

While finalizing this blog post I learned that AWS is making updates to the AWS Certified Advanced Networking - Specialty exam (new exam version: ANS-C01):

The new version has updated content across all domains, as well as new topics aligned with AWS Networking innovations. The updated content supports complex networking scenarios including global and hybrid networks, network security, operational efficiency, and governance. The updated exam will be in beta from February 22 to April 4, 2022.

The expected availability of this new ANS-C01 exam will be July 2022.

I quickly reviewed the new (beta) ANS-C01 exam guide (Version 1.0) and compared it to the current ANS-C00 exam guide (Version 2.1). Here are my observations:

• The ANS-C01 target candidate is now more aptly described

  “The target candidate is expected to have 5 or more years of networking experience with 2 or more years of cloud and hybrid networking experience.”

• The ANS-C01 exam content has changed compared to ANS-C00 in terms of more condensed domain content and weighting. Notable changes are a more balanced weighting between the design & implement topics on one side and management, operate, security, compliance & governance topics on the other. See this high-level comparison between domain contents:

• The ANS-C01 exam guide lists domain tasks in terms of the associated knowledge and skills, while the ANS-C00 exam content does not make this distinction. In my view explicitly listing the required knowledge & skills comes across less cluttered than the long list of (sub)tasks and makes it easier to determine what is expected of the exam candidate;

• Unlike the ANS-C00 exam guide, the ANS-C01 exam guide explicitly lists the services in scope of the exam. The ANS-C01 exam guide contains an appendix with a non-exhaustive list of AWS services and features that may be a part of the exam content. This list not only contains the AWS networking services but also the expected AWS pre-requisite knowledge I previously referred to in the Pre-Requisite Knowledge section, i.e. AWS core services. Listing the services that may be part of the exam is a major improvement as it is now a lot clearer what is and isn’t in scope of the exam. However, do not simply rely on the appendix but also carefully review the content online and domain task statements for services and features that may not be listed in the appendix, e.g. Cloud Development Kit (CDK), Gateway Load Balancer (GWLB) (inferred from the presence of the GENEVE protocol), Load Balancer Controller for Kubernetes clusters, VPC Reachability Analyzer, Transit Gateway Connect, Transit Gateway Network Manager, etc. The appendix also contains a non-exhaustive list of out-of-scope services;

• Notable services that I would have expected to be part of the ANS-C01 exam but are missing from the exam guide are: Local Zones, Outposts, and Wavelength.

• All-in-all I think that, beyond the exam content updates to include new AWS networking services, the new exam guide is a big improvement in terms of clarity and a more balanced domain weighting;

• ← Previous Post