Updates to the AWS Certified Advanced Networking – Specialty Exam (ANS-C01)

AWS Networking Specialty Cert Exam Updates

In December 2021, AWS announced a new beta exam for the AWS Certified Advanced Networking – Specialty certification. As part of this announcement, AWS also indicated that it would be retiring the current version of the exam (ANS-C00) in July 2022. 

AWS frequently updates its exams to ensure they continue to validate your knowledge of current AWS service offerings, which are constantly evolving as AWS implements hundreds of updates across its platform every month. Given that the current (ANS-C00) version of the exam was first released in 2019, this particular certification was certainly due for an update! 

In this blog post, I will review what has changed between the current (ANS-C00) and updated (ANS-C01) exam blueprints, detail my experience sitting both the ANS-C00 and beta ANS-C01 exam in the span of four days, and offer some advice to anyone who may be studying to take this exam over the next several months.

Comparing the two exam blueprints

The current ANS-C00 exam assesses your knowledge across 6 content domains, broken down as follows:

Domain% of Exam
Domain 1: Design and implement hybrid IT network architectures at scale24%
Domain 2: Design and implement AWS networks28%
Domain 3: Automate AWS tasks8%
Domain 4: Configure network integration with application services14%
Domain 5: Design and implement for security and compliance12%
Domain 6: Manage, optimize, and troubleshoot the network14%
Total100%

The updated ANS-C01 exam guide references the following 4 domains:

Domain% of Exam
Domain 1: Network Design30%
Domain 2: Network Implementation26%
Domain 3: Network Management and Operation20%
Domain 4: Network Security, Compliance, and Governance24%
Total100%

In most cases, it is fairly straightforward to map the content from each of the 6 domains in the ANS-C00 exam guide to the 4 domains reflected in the updated ANS-C01 exam guide. A closer examination of the various task statements and lists of services and features in the ANS-C01 exam guide reveals that the vast majority of content from the ANS-C00 exam is still fair game to be assessed on the ANS-C01 exam as well.

It goes without saying that an AWS Advanced Networking – Specialty exam is going to test your knowledge of AWS networking services such as VPC, Direct Connect, Transit Gateway, Site-to-Site VPN, Route 53, and Elastic Load Balancing. 

However, there have also been several new AWS networking service offerings over the past couple of years that you should definitely know about before taking the updated exam. These include:

  • Gateway Load Balancers
  • Transit Gateway Network Manager
  • VPC Reachability Analyzer
  • AWS Load Balancer Controller

Let’s quickly run through some of the concepts and services you might be expected to know for each domain.

Domain 1: Network Design

This domain covers 30% of the exam content, so you can expect about 20 questions involving network design. This covers everything from edge network service architectures using Amazon CloudFront and AWS Global Accelerator to advanced DNS solutions for public, private, and hybrid scenarios using Route 53 and Route 53 Resolver. 

Understanding how to integrate elastic load balancing into your solutions is also important, along with knowledge of how load balancing works at different layers of the OSI model. You’ll definitely want to know the difference between Application, Network, and Gateway Load Balancers and when to use each one.

This domain also covers designing routing strategies and connectivity architectures that span across multiple VPCs, Regions, and AWS accounts. You’ll be expected to know how to configure resource sharing across accounts using AWS Resource Access Manager, as well as when to use VPC peering, AWS Direct Connect, AWS Site-to-Site VPN, Transit Gateway, and AWS PrivateLink to facilitate communication between VPCs and networks.

Domain 2: Network Implementation

This domain covers 26% of the exam content, so you can expect about 17 questions involving network implementation. This domain applies your knowledge of network design principles as discussed in the previous domain to address the actual implementation of routing and connectivity between on-premises networks and the AWS Cloud using AWS Direct Connect, AWS Site-to-Site VPN, and Transit Gateway. You must also understand how to implement complex DNS architectures using Route 53 hosted zones, subdomain delegation, and conditional forwarding.

Although there is no longer a domain specifically for automating AWS tasks like there was in the ANS-C00 exam, you can still expect to see some questions around automating the configuration of network infrastructure using services like AWS CloudFormation here as well.

Domain 3: Network Management and Operation

This domain covers 20% of the exam content, so you can expect about 13 questions involving network management and operation. Here you will apply your knowledge of network design and implementation to define and configure VPC subnets, manage routing protocols over Direct Connect and VPN connections, define and configure route tables to direct network traffic, and understand how to enable public and/or private access to AWS services. You should also understand the purpose of VPC Traffic Mirroring and its associated use cases.

You should expect to see a few questions that require you to troubleshoot networking issues by analyzing logs such as VPC Flow Logs or Amazon CloudWatch Logs, and also optimize existing network configurations to improve performance and reduce cost.

Domain 4: Network Security, Compliance, and Governance

This domain covers 24% of the exam content, so you can expect about 15 questions involving network security, compliance, and governance. Here you must have an understanding of how to secure AWS resources using security groups and network ACLs, implement AWS security tools and services such as WAF, Shield, and Network Firewall, and configure network monitoring and logging using services such as CloudWatch, CloudTrail, and Kinesis.

The updated AWS Certified Advanced Networking – Specialty certification exam does not include any hands-on labs.

Are there any hands-on labs in the updated AWS Certified Advanced Networking – Specialty certification exam?

It is worth noting that the updated AWS Certified Advanced Networking – Specialty certification exam does not include any hands-on labs like there are in the AWS Certified SysOps Administrator – Associate (SOA-C02) certification exam that was released in July 2021.

Like the ANS-C00 exam, the ANS-C01 exam will consist only of 65 multiple choice and multiple response questions. Most questions will have 4 possible answer options where you must select one correct answer, while others may have 5 or 6 answer options from which you must select two or three correct answers. Of these 65 questions, only 50 questions will count towards your score. The other 15 questions are used by AWS for evaluation purposes and do not affect your score in any way. There is no way to tell which questions are scored or unscored but there is no penalty for guessing, so always be sure to answer every question, even if it’s just an educated guess!

My experience sitting both exams

I sat the ANS-C00 exam on a Friday, took the weekend off, and then sat the ANS-C01 beta exam the following Monday. The beta exam consists of 85 questions, which is 20 questions more than you will see on the standard exam (and at half the price of the standard exam, what a deal!). Having now fully experienced 150 AWS Certified Advanced Networking – Specialty exam questions, I’m happy to share the following observations with you.

Most of the questions involve lengthy scenarios that are usually several sentences to a couple paragraphs in length.

What are the questions like on the exam?

I found the overall length, complexity, and difficulty of the questions to be comparable on both the ANS-C00 and ANS-C01 exams. In fact, I even saw a few of the exact same questions on both exams! Given that this is a Specialty exam, the questions tended to be longer and presented more complicated scenarios than what you might expect from an Associate-level certification exam (and were much closer to what you might expect to see on a Professional-level certification exam). You can get a feel for the types of questions that will be asked on this exam by taking a look at these sample questions from AWS.

Most of the questions involve lengthy scenarios that are usually several sentences to a couple paragraphs in length, and most of the answer choices will be several sentences long as well. Take your time as you’re reading through these longer questions and be sure to process every word and detail that you read. 

Be on the lookout for repeated sentences across all of the possible answers with just a word or two changed. Those one or two words can make all the difference when it comes to determining which answer is correct and which answer might be a distractor. Always do your best to eliminate these distractors as early as possible to allow you to focus more on the plausible answers and select the best possible answer (or answers) to each question.

Advice to anyone studying for the AWS Certified Advanced Networking – Specialty certification

After taking both exams in such a short period of time, I can confidently say that all of the effort I spent studying for the ANS-C00 exam was useful and relevant in helping me to prepare for the ANS-C01 exam as well. That being said, if you are already planning to take the current ANS-C00 exam before it is retired in July, you should still absolutely do so. Your certification will remain valid for three years no matter which version of the exam you take, and I’ve yet to encounter an employer who has insisted that a candidate take a specific version of an AWS certification exam. However, if your timeline for obtaining this certification extends beyond July for any reason, you should feel confident knowing that your efforts right now are still preparing you to take the updated ANS-C01 exam as well.

There’s no penalty for guessing, so always be sure to answer every question, even if it’s just an educated guess!

Updates to the Cloud Academy AWS Advanced Networking – Specialty Certification Preparation Learning Path

As soon as the AWS Certified Advanced Networking – Specialty beta exam was announced, we here at Cloud Academy began assessing the content in our current AWS Advanced Networking – Specialty Certification Preparation learning path to ensure we have fully covered all aspects of the updated ANS-C01 exam guide

Over the coming weeks and months, we will be refreshing this learning path to include several new courses, hands-on labs, and assessments covering topics that are emphasized in the updated ANS-C01 exam such as AWS Network Firewalls, AWS Routing, VPC Sharing, Direct Connect, AWS PrivateLink, and much more!

To find out the latest information about this exam, as well as to learn more about updates to other AWS certification exams, you can visit the Coming Soon to AWS Certification page. From there, you can also learn more about the upcoming August 2022 update to the AWS Certified Solutions Architect – Associate exam, which our very own Stuart Scott recently blogged about here.

For training preparation on all AWS certifications, I encourage you to take a look at our entire library of AWS certification content.

Best of luck with your studying! If you have any questions, please feel free to reach out to me and I’ll be happy to help!

Danny

Cloud Academy