ANS-C01 Preparation Details
The AWS Certified Advanced Networking – Specialty (ANS-C01) is designed for networking specialists who design, implement, manage, and secure AWS and hybrid network architectures at scale. Earning this certification demonstrates deep expertise across routing protocols, DNS, load balancing, hybrid connectivity, and network security. The ANS-C01 exam covers four content domains, with a minimum passing score of 700 out of 1,000. If you’re building a structured study plan, this guide maps every task and objective to the official AWS documentation you need to master.
This resource is intended for candidates with five or more years of networking experience and two or more years of cloud and hybrid networking work. Each skill area below is linked directly to the relevant AWS documentation pages to support targeted, exam-focused preparation.
AWS Cert. Advanced Networking Specialty Prep
| Udemy | AWS Certified Advanced Networking Specialty |
| Coursera | AWS Cert. Advanced Networking Specialty Specialization |
Content Domain 1: Network Design (30% of scored content)
Task 1.1: Design a solution that incorporates edge network services to optimize user performance and traffic management for global architectures
Knowledge of: Design patterns for the usage of content distribution networks (for example, Amazon CloudFront)
What is AWS Global Accelerator?
Choosing an AWS networking and content delivery service
API endpoint types for REST APIs in API Gateway
Knowledge of: Design patterns for global traffic management (for example, AWS Global Accelerator)
What is AWS Global Accelerator?
Choosing an AWS networking and content delivery service
Knowledge of: Integration patterns for content distribution networks and global traffic management with other services (for example, Elastic Load Balancing [ELB], Amazon API Gateway)
What is Elastic Load Balancing?
API endpoint types for REST APIs in API Gateway
Set up an edge-optimized custom domain name in API Gateway
What is AWS Global Accelerator?
Skills in: Evaluating requirements of global inbound and outbound traffic from the internet to design an appropriate content distribution solution
What is AWS Global Accelerator?
What is Elastic Load Balancing?
Choosing an AWS networking and content delivery service
Task 1.2: Design DNS solutions that meet public, private, and hybrid requirements
Knowledge of: DNS protocol (for example, DNS records, TTL, DNSSEC, DNS delegation, zones)
Configuring DNSSEC signing in Amazon Route 53
Knowledge of: DNS logging and monitoring
Managing Resolver query logging configurations
Monitoring Route 53 VPC Resolver endpoints with Amazon CloudWatch
Knowledge of: Amazon Route 53 features (for example, alias records, traffic policies, resolvers, health checks)
What is Route 53 VPC Resolver?
Creating, updating, and deleting health checks
Best practices for Amazon Route 53 health checks
Knowledge of: Integration of Route 53 with other AWS networking services (for example, Amazon VPC)
Integration with other services
What is Route 53 VPC Resolver?
Knowledge of: Integration of Route 53 with hybrid, multi-account, and multi-Region options
Resolving DNS queries between VPCs and your network
What is Route 53 VPC Resolver?
Integration with other services
Knowledge of: Domain registration
Configuring DNSSEC for a domain
Skills in: Using Route 53 public hosted zones
Managing Resolver query logging configurations
Skills in: Using Route 53 private hosted zones
Considerations when working with a private hosted zone
What is Route 53 VPC Resolver?
Skills in: Using Route 53 Resolver endpoints in hybrid and AWS architectures
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Monitoring Route 53 VPC Resolver endpoints with Amazon CloudWatch
Skills in: Using Route 53 for global traffic management
Best practices for Amazon Route 53 health checks
Skills in: Creating and managing domain registrations
Configuring DNSSEC for a domain
Task 1.3: Design solutions that integrate load balancing to meet high availability, scalability, and security requirements
Knowledge of: How load balancing works at layer 3, layer 4, and layer 7 of the OSI model
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
What is a Gateway Load Balancer?
Knowledge of: Different types of load balancers and how they meet requirements for network design, high availability, and security
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
What is a Gateway Load Balancer?
Knowledge of: Connectivity patterns that apply to load balancing based on the use case (for example, internal load balancers, external load balancers)
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
Knowledge of: Scaling factors for load balancers
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
Knowledge of: Integrations of load balancers and other AWS services (for example, Global Accelerator, CloudFront, AWS WAF, Route 53, Amazon EKS, AWS Certificate Manager [ACM])
What is Elastic Load Balancing?
What is AWS Global Accelerator?
What is AWS Certificate Manager?
Knowledge of: Configuration options for load balancers (for example, proxy protocol, cross-zone load balancing, session affinity [sticky sessions], routing algorithms)
What is Elastic Load Balancing?
What is a Network Load Balancer?
What is an Application Load Balancer?
Knowledge of: Configuration options for load balancer target groups (for example, TCP, GENEVE, IP compared with instance)
What is a Network Load Balancer?
What is a Gateway Load Balancer?
What is an Application Load Balancer?
Knowledge of: AWS Load Balancer Controller for Kubernetes clusters
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
Knowledge of: Considerations for encryption and authentication with load balancers (for example, TLS termination, TLS passthrough)
What is an Application Load Balancer?
What is a Network Load Balancer?
What is AWS Certificate Manager?
Skills in: Selecting an appropriate load balancer based on the use case
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
What is a Gateway Load Balancer?
Skills in: Integrating auto scaling with load balancing solutions
What is Elastic Load Balancing?
What is an Application Load Balancer?
Skills in: Integrating load balancers with existing application deployments
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
Task 1.4: Define logging and monitoring requirements across AWS and hybrid networks
Knowledge of: Amazon CloudWatch metrics, agents, logs, alarms, dashboards, and insights in AWS architectures to provide visibility
Logging IP traffic using VPC Flow Logs
What is Reachability Analyzer?
Knowledge of: AWS Transit Gateway Network Manager in architectures to provide visibility
What is AWS Global Networks for Transit Gateways?
How AWS Global Networks for Transit Gateways works
Knowledge of: VPC Reachability Analyzer in architectures to provide visibility
What is Reachability Analyzer?
Knowledge of: Flow logs and traffic mirroring in architectures to provide visibility
Logging IP traffic using VPC Flow Logs
Publish flow logs to CloudWatch Logs
Publish flow logs to Amazon S3
Knowledge of: Access logging (for example, load balancers, CloudFront)
Logging IP traffic using VPC Flow Logs
Skills in: Identifying the logging and monitoring requirements
Logging IP traffic using VPC Flow Logs
What is Reachability Analyzer?
Skills in: Recommending appropriate metrics to provide visibility of the network status
What is AWS Global Networks for Transit Gateways?
Logging IP traffic using VPC Flow Logs
Skills in: Capturing baseline network performance
What is Reachability Analyzer?
What is AWS Global Networks for Transit Gateways?
Task 1.5: Design a routing strategy and connectivity architecture between on-premises networks and the AWS Cloud
Knowledge of: Routing fundamentals (for example, dynamic compared with static, BGP)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Layer 1 and layer 2 concepts for physical interconnects (for example, VLAN, link aggregation group [LAG], optics, jumbo frames)
Knowledge of: Encapsulation and encryption technologies (for example, Generic Routing Encapsulation [GRE], IPsec)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Resource sharing across AWS accounts
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Overlay networks
What is AWS Transit Gateway for Amazon VPC?
Skills in: Identifying the requirements for hybrid connectivity
What is AWS Transit Gateway for Amazon VPC?
Choosing an AWS networking and content delivery service
Skills in: Designing a redundant hybrid connectivity model with AWS services (for example, AWS Direct Connect, AWS Site-to-Site VPN)
What is AWS Transit Gateway for Amazon VPC?
Skills in: Designing BGP routing with BGP attributes to influence the traffic flows based on the desired traffic patterns (load sharing, active/passive)
Skills in: Designing for integration of a software-defined wide area network (SD-WAN) with AWS (for example, Transit Gateway Connect, overlay networks)
What is AWS Transit Gateway for Amazon VPC?
Task 1.6: Design a routing strategy and connectivity architecture that include multiple AWS accounts, AWS Regions, and VPCs to support different connectivity patterns
Knowledge of: Different connectivity patterns and use cases (for example, VPC peering, Transit Gateway, AWS PrivateLink)
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Capabilities and advantages of VPC sharing
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: IP subnets and solutions accounting for IP address overlaps
What is AWS Transit Gateway for Amazon VPC?
Skills in: Connecting multiple VPCs by using the most appropriate services based on requirements (for example, using VPC peering, Transit Gateway, PrivateLink)
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Using VPC sharing in a multi-account setup
What is AWS Transit Gateway for Amazon VPC?
Skills in: Managing IP overlaps by using different available services and options (for example, NAT, PrivateLink, Transit Gateway routing)
What is AWS Transit Gateway for Amazon VPC?
Content Domain 2: Network Implementation (26% of scored content)
Task 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud
Knowledge of: Routing protocols (for example, static, dynamic)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: VPNs (for example, security, accelerated VPN)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Layer 1 and types of hardware to use (for example, Letter of Authorization [LOA] documents, colocation facilities, Direct Connect)
Knowledge of: Layer 2 and layer 3 (for example, VLANs, IP addressing, gateways, routing, switching)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Traffic management and SD-WAN (for example, Transit Gateway Connect)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: DNS (for example, conditional forwarding, hosted zones, resolvers)
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Knowledge of: Security appliances (for example, firewalls)
What is a Gateway Load Balancer?
Knowledge of: Load balancing (for example, layer 4 compared with layer 7, reverse proxies, layer 3)
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
What is a Gateway Load Balancer?
Knowledge of: Infrastructure automation
Knowledge of: AWS Organizations and AWS Resource Access Manager (AWS RAM) (for example, multi-account Transit Gateway, Direct Connect, Amazon VPC, Route 53)
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Test connectivity (for example, Route Analyzer, Reachability Analyzer)
What is Reachability Analyzer?
What is AWS Global Networks for Transit Gateways?
Knowledge of: Networking services of VPCs
What is AWS Transit Gateway for Amazon VPC?
Skills in: Configuring the physical network requirements for hybrid connectivity solutions
Skills in: Configuring static or dynamic routing protocols to work with hybrid connectivity solutions
What is AWS Transit Gateway for Amazon VPC?
Skills in: Configuring existing on-premises networks to connect with the AWS Cloud
What is AWS Transit Gateway for Amazon VPC?
Skills in: Configuring existing on-premises name resolution with the AWS Cloud
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Skills in: Configuring and implementing load balancing solutions
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
What is a Gateway Load Balancer?
Skills in: Configuring network monitoring and logging for AWS services
Logging IP traffic using VPC Flow Logs
Skills in: Testing and validating connectivity between environments
What is Reachability Analyzer?
What is AWS Global Networks for Transit Gateways?
Task 2.2: Implement routing and connectivity across multiple AWS accounts, Regions, and VPCs to support different connectivity patterns
Knowledge of: Inter-VPC and multi-account connectivity (for example, VPC peering, Transit Gateway, VPN, third-party vendors, SD-WAN, multi-protocol label switching [MPLS])
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Private application connectivity (for example, PrivateLink)
Knowledge of: Methods of expanding AWS networking connectivity (for example, Organizations, AWS RAM)
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Host and service name resolution for applications and clients (for example, DNS)
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Knowledge of: Infrastructure automation
Knowledge of: Authentication and authorization (for example, SAML, Active Directory)
Knowledge of: Security (for example, security groups, network ACLs, AWS Network Firewall)
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Test connectivity (for example, Route Analyzer, Reachability Analyzer, tooling)
What is Reachability Analyzer?
What is AWS Global Networks for Transit Gateways?
Skills in: Configuring network connectivity architectures by using AWS services in a single-VPC or multi-VPC design (for example, DHCP, routing, security groups)
What is AWS Transit Gateway for Amazon VPC?
Skills in: Configuring hybrid connectivity with existing third-party vendor solutions
What is AWS Transit Gateway for Amazon VPC?
Skills in: Configuring a hub-and-spoke network architecture (for example, Transit Gateway, transit VPC)
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Configuring a DNS solution to make hybrid connectivity possible
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Skills in: Implementing security between network boundaries
Skills in: Configuring network monitoring and logging by using AWS solutions
Logging IP traffic using VPC Flow Logs
What is AWS Global Networks for Transit Gateways?
Task 2.3: Implement complex hybrid and multi-account DNS architectures
Knowledge of: When to use private hosted zones and public hosted zones
Considerations when working with a private hosted zone
What is Route 53 VPC Resolver?
Knowledge of: Methods to alter traffic management (for example, based on latency, geography, weighting)
Best practices for Amazon Route 53 health checks
What is AWS Global Accelerator?
Knowledge of: DNS delegation and forwarding (for example, conditional forwarding)
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Knowledge of: Different DNS record types (for example, A, AAAA, TXT, pointer records, alias records)
Knowledge of: DNSSEC
Configuring DNSSEC signing in Amazon Route 53
Configuring DNSSEC for a domain
Working with key-signing keys (KSKs)
Knowledge of: How to share DNS services between accounts (for example, AWS RAM)
Resolving DNS queries between VPCs and your network
What is AWS Global Networks for Transit Gateways?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Requirements and implementation options for outbound and inbound endpoints
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Monitoring Route 53 VPC Resolver endpoints with Amazon CloudWatch
Skills in: Configuring DNS zones and conditional forwarding
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Skills in: Configuring traffic management by using DNS solutions
Best practices for Amazon Route 53 health checks
What is AWS Global Accelerator?
Skills in: Configuring DNS for hybrid networks
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Skills in: Configuring appropriate DNS records
Skills in: Configuring DNSSEC on Route 53
Configuring DNSSEC signing in Amazon Route 53
Enabling DNSSEC signing and establishing a chain of trust
Working with key-signing keys (KSKs)
Skills in: Configuring DNS within a centralized or distributed network architecture
What is Route 53 VPC Resolver?
Resolving DNS queries between VPCs and your network
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Configuring DNS monitoring and logging on Route 53
Managing Resolver query logging configurations
Monitoring Route 53 VPC Resolver endpoints with Amazon CloudWatch
Task 2.4: Automate and configure network infrastructure
Knowledge of: Infrastructure as code (IaC) (for example, AWS Cloud Development Kit [AWS CDK], AWS CloudFormation, AWS CLI, AWS SDK, APIs)
Knowledge of: Event-driven network automation
Knowledge of: Common problems of using hardcoded instructions in IaC templates when provisioning cloud networking resources
Skills in: Creating and managing repeatable network configurations
Skills in: Integrating event-driven networking functions
Skills in: Integrating hybrid network automation options with AWS native IaC
What is AWS Transit Gateway for Amazon VPC?
Skills in: Eliminating risk and achieving efficiency in a cloud networking environment while maintaining the lowest possible cost
Choosing an AWS networking and content delivery service
Skills in: Automating the process of optimizing cloud network resources with IaC
Content Domain 3: Network Management and Operation (20% of scored content)
Task 3.1: Maintain routing and connectivity on AWS and hybrid networks
Knowledge of: Industry-standard routing protocols that are used in AWS hybrid networks (for example, BGP over Direct Connect)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Connectivity methods for AWS and hybrid networks (for example, Direct Connect gateway, Transit Gateway, VIFs)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: How limits and quotas affect AWS networking services (for example, bandwidth limits, route limits)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Available private and public access methods for custom services (for example, PrivateLink, VPC peering)
Knowledge of: Available inter-Regional and intra-Regional communication patterns
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Managing routing protocols for AWS and hybrid connectivity options (for example, over a Direct Connect connection, VPN)
What is AWS Transit Gateway for Amazon VPC?
Skills in: Maintaining private access to custom services (for example, PrivateLink, VPC peering)
Skills in: Using route tables to direct traffic appropriately (for example, automatic propagation, BGP)
What is AWS Transit Gateway for Amazon VPC?
Skills in: Setting up private access or public access to AWS services (for example, Direct Connect, VPN)
Skills in: Optimizing routing over dynamic and static routing protocols (for example, summarizing routes, CIDR overlap)
What is AWS Transit Gateway for Amazon VPC?
Task 3.2: Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns
Knowledge of: Network performance metrics and reachability constraints (for example, routing, packet size)
What is Reachability Analyzer?
Logging IP traffic using VPC Flow Logs
Knowledge of: Appropriate logs and metrics to assess network performance and reachability issues (for example, packet loss)
Logging IP traffic using VPC Flow Logs
Knowledge of: Tools to collect and analyze logs and metrics (for example, CloudWatch, VPC Flow Logs, VPC Traffic Mirroring)
Logging IP traffic using VPC Flow Logs
Publish flow logs to CloudWatch Logs
Knowledge of: Tools to analyze routing patterns and issues (for example, Reachability Analyzer, Transit Gateway Network Manager)
What is Reachability Analyzer?
What is AWS Global Networks for Transit Gateways?
How AWS Global Networks for Transit Gateways works
Skills in: Analyzing tool output to assess network performance and troubleshoot connectivity (for example, VPC Flow Logs, Amazon CloudWatch Logs)
Logging IP traffic using VPC Flow Logs
Publish flow logs to CloudWatch Logs
Skills in: Mapping or understanding network topology (for example, Transit Gateway Network Manager)
What is AWS Global Networks for Transit Gateways?
How AWS Global Networks for Transit Gateways works
Skills in: Analyzing packets to identify issues in packet shaping (for example, VPC Traffic Mirroring)
Logging IP traffic using VPC Flow Logs
Skills in: Troubleshooting connectivity issues that are caused by network misconfiguration (for example, Reachability Analyzer)
What is Reachability Analyzer?
Skills in: Verifying that a network configuration meets network design requirements (for example, Reachability Analyzer)
What is Reachability Analyzer?
What is AWS Global Networks for Transit Gateways?
Skills in: Automating the verification of connectivity intent as a network configuration changes (for example, Reachability Analyzer)
What is Reachability Analyzer?
Skills in: Troubleshooting packet size mismatches in a VPC to restore network connectivity
Logging IP traffic using VPC Flow Logs
Task 3.3: Optimize AWS networks for performance, reliability, and cost-effectiveness
Knowledge of: Situations in which a VPC peer or a transit gateway are appropriate
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Different methods to reduce bandwidth utilization (for example, unicast compared with multicast, CloudFront)
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Cost-effective connectivity options for data transfer between a VPC and on-premises environments
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Different types of network interfaces on AWS
Knowledge of: High-availability features in Route 53 (for example, DNS load balancing using health checks with latency and weighted record sets)
Best practices for Amazon Route 53 health checks
Creating, updating, and deleting health checks
Knowledge of: Availability of options from Route 53 that provide reliability
Best practices for Amazon Route 53 health checks
Knowledge of: Load balancing and traffic distribution patterns
What is Elastic Load Balancing?
What is an Application Load Balancer?
What is a Network Load Balancer?
What is AWS Global Accelerator?
Knowledge of: VPC subnet optimization
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Frame size optimization for bandwidth across different connection types
What is AWS Transit Gateway for Amazon VPC?
Skills in: Optimizing for network throughput
What is AWS Transit Gateway for Amazon VPC?
Skills in: Selecting the right network interface for the best performance (for example, elastic network interface, Elastic Network Adapter [ENA], Elastic Fabric Adapter [EFA])
Skills in: Choosing between VPC peering, proxy patterns, or a transit gateway connection based on analysis of the network requirements provided
What is AWS Transit Gateway for Amazon VPC?
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Implementing a solution on an appropriate network connectivity service (for example, VPC peering, Transit Gateway, VPN connection) to meet network requirements
What is AWS Transit Gateway for Amazon VPC?
Skills in: Implementing a multicast capability within a VPC and on-premises environments
What is AWS Transit Gateway for Amazon VPC?
Skills in: Creating Route 53 public hosted zones and private hosted zones and records to optimize application availability
Considerations when working with a private hosted zone
Best practices for Amazon Route 53 health checks
Skills in: Updating and optimizing subnets for auto scaling configurations to support increased application load
What is Elastic Load Balancing?
Skills in: Updating and optimizing subnets to prevent the depletion of available IP addresses within a VPC (for example, secondary CIDR)
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Configuring jumbo frame support across connection types
What is AWS Transit Gateway for Amazon VPC?
Skills in: Optimizing network connectivity by using Global Accelerator to improve network performance and application availability
What is AWS Global Accelerator?
What is Elastic Load Balancing?
Content Domain 4: Network Security, Compliance, and Governance (24% of scored content)
Task 4.1: Implement and maintain network features to meet security and compliance needs and requirements
Knowledge of: Different threat models based on application architecture
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Knowledge of: Common security threats
How AWS Shield and Shield Advanced work
Knowledge of: Mechanisms to secure different application flows
What is a Gateway Load Balancer?
Knowledge of: AWS network architecture that meets security and compliance requirements
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Securing inbound traffic flows into AWS (for example, AWS WAF, AWS Shield, Network Firewall)
How AWS Shield and Shield Advanced work
Skills in: Securing outbound traffic flows from AWS (for example, Network Firewall, proxies, Gateway Load Balancers)
What is a Gateway Load Balancer?
Skills in: Securing inter-VPC traffic within an account or across multiple accounts (for example, security groups, network ACLs, VPC endpoint policies)
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Implementing an AWS network architecture to meet security and compliance requirements (for example, untrusted network, perimeter VPC, three-tier architecture)
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Skills in: Developing a threat model and identifying appropriate mitigation strategies for a given network architecture
How AWS Shield and Shield Advanced work
Skills in: Testing compliance with the initial requirements (for example, failover test, resiliency)
What is Reachability Analyzer?
Best practices for Amazon Route 53 health checks
Skills in: Automating security incident reporting and alerting using AWS
Task 4.2: Validate and audit security by using network monitoring and logging services
Knowledge of: Network monitoring and logging services that are available in AWS (for example, CloudWatch, AWS CloudTrail, VPC Traffic Mirroring, VPC Flow Logs, Transit Gateway Network Manager)
Logging IP traffic using VPC Flow Logs
What is AWS Global Networks for Transit Gateways?
Knowledge of: Alert mechanisms (for example, CloudWatch alarms)
Knowledge of: Log creation in different AWS services (for example, VPC flow logs, load balancer access logs, CloudFront access logs)
Logging IP traffic using VPC Flow Logs
Knowledge of: Log delivery mechanisms (for example, Amazon Kinesis, Route 53, CloudWatch)
Publish flow logs to CloudWatch Logs
Publish flow logs to Amazon S3
Knowledge of: Mechanisms to audit network security configurations (for example, security groups, AWS Firewall Manager, AWS Trusted Advisor)
Skills in: Creating and analyzing a VPC flow log (including base and extended fields of flow logs)
Logging IP traffic using VPC Flow Logs
Publish flow logs to CloudWatch Logs
Publish flow logs to Amazon S3
Skills in: Creating and analyzing network traffic mirroring (for example, using VPC Traffic Mirroring)
Logging IP traffic using VPC Flow Logs
Skills in: Implementing automated alarms by using CloudWatch
Skills in: Implementing customized metrics by using CloudWatch
Logging IP traffic using VPC Flow Logs
Skills in: Correlating and analyzing information across single or multiple AWS log sources
Logging IP traffic using VPC Flow Logs
Skills in: Implementing log delivery solutions
Publish flow logs to CloudWatch Logs
Publish flow logs to Amazon S3
Managing Resolver query logging configurations
Skills in: Implementing a network audit strategy across single or multiple AWS network services and accounts (for example, Firewall Manager, security groups, network ACLs)
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Task 4.3: Implement and maintain confidentiality of data and communications of the network
Knowledge of: Network encryption options that are available on AWS
What is AWS Certificate Manager?
Knowledge of: VPN connectivity over Direct Connect
Knowledge of: Encryption methods for data in transit (for example, IPsec)
What is AWS Certificate Manager?
Knowledge of: Network encryption under the AWS shared responsibility model
What is AWS Certificate Manager?
What is AWS Transit Gateway for Amazon VPC?
Knowledge of: Security methods for DNS communications (for example, DNSSEC)
Configuring DNSSEC signing in Amazon Route 53
Configuring DNSSEC for a domain
Working with key-signing keys (KSKs)
Skills in: Implementing network encryption methods to meet application compliance requirements (for example, IPsec, TLS)
What is AWS Certificate Manager?
Skills in: Implementing encryption solutions to secure data in transit (for example, CloudFront, Application Load Balancers and Network Load Balancers, VPN over Direct Connect, AWS managed databases, Amazon S3, custom solutions on Amazon EC2, Transit Gateway)
What is AWS Certificate Manager?
What is AWS Transit Gateway for Amazon VPC?
Skills in: Implementing a certificate management solution by using a certificate authority (for example, ACM, AWS Private Certificate Authority [ACM PCA])
What is AWS Certificate Manager?
Certificate authorities in AWS Private CA
Skills in: Implementing secure DNS communications
Configuring DNSSEC signing in Amazon Route 53
Enabling DNSSEC signing and establishing a chain of trust
What is Route 53 VPC Resolver?
Wrapping Up
This guide has walked through all four content domains of the AWS Certified Advanced Networking – Specialty (ANS-C01) exam, covering Network Design, Network Implementation, Network Management and Operation, and Network Security, Compliance, and Governance. Every task and skill objective is mapped to the official AWS documentation so you can go deep on each topic with confidence.
Mastering the ANS-C01 requires more than reading — build labs, simulate hybrid connectivity scenarios, and practice interpreting flow logs and reachability results. For more AWS certification study guides covering the full range of associate and specialty exams, visit the AWS Certification category.
If this guide was helpful in your preparation, feel free to share it with others on the same journey, or leave a comment below with any questions.
Follow Me to Receive Updates on ANS-C01 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
