How I Passed the AWS Advanced Networking Specialty Exam
This post details the materials and methods I used to study for and pass the AWS Certified Advanced Networking Speciality ANS-C00 exam, and how you can save some money on the cost of the exam. I also include a mind map and flash cards I created while studying. The exam requires a lot of reading, with essentially 65 mini-scenarios to work through, so be prepared to take your time and pay close attention to detail!
This post is also available on LinkedIn and Medium.
Like many people in IT, and specifically in networking, I have been thinking about “the cloud” for many years. My website neckercube.com has been hosted on AWS since 2019 (as of this post). Cloud computing providers like AWS continue to release new services. This is in effort to abstract away the underlying physical (and increasingly, logical) infrastructure to make it easier for software developers and enterprise architects to build and run their applications. In some cases, you only need to upload some code and AWS takes care of everything else for you automatically!
The old joke is “the cloud is just somebody else’s data center”. Ironically, many topics on the AWS Certified Advanced Networking Specialty (ANS) exam establish that there is some truth to that joke. Several exam items dig deeper into the physical and logical components of networking to reveal how AWS interacts with the traditional data center to create and facilitate hybrid environments, in addition to networks fully-contained within the AWS ecosystem.
As an experienced network engineer and being curious about cloud networking, this exam seemed perfect for me. A few years ago, I looked into pursuing the AWS Solutions Architect Associate exam and studied for it briefly. While getting deeper into it, I realized that this particular exam focuses more on application architecture than I was interested in. Having a general overview of how applications are constructed is important, but as a network engineer, I am more concerned with getting your application’s packets from A to B in the most reliable and cost-effective way. How those packets get generated from your code is mostly outside my scope.
I still wanted an AWS certification to put on my resume, though. As more companies migrate to cloud computing, I want to demonstrate to potential future employers that I have the knowledge and skills to bridge their traditional networks to the cloud. Until recently, I was not aware of the ANS exam, and after looking over the blueprint I decided this is the perfect AWS exam for me!
AWS recommends one year of experience for the SAA, but they recommend a minimum of five years experience for the ANS. Indeed, this is not an introductory-level exam and many of the topics assume a deeper familiarity than you might have received from any associate-level studies, such as the Cisco CCNA or Juniper JNCIA. For example, the exam assumes you are very familiar with BGP. You don’t need to have all of the “nerd knobs” memorized, but at the very least you need to know offhand what steps are involved with BGP best-path selection and how various NLRI attributes like communities work.
A good portion of the topics revolve around various workarounds for networking issues that are common within enterprise application architectures, but are not permitted (or implemented) the same way natively in AWS. For example, many applications assume Layer 2 connectivity everywhere. In AWS, there is no native bridging. ARPs and other broadcast traffic are intercepted by a mapping service. Multicast was unsupported until recently. Designing for transitive traffic can be tricky.
Most of these networking restrictions put in place by AWS are to help ensure the underlying infrastructure remains as solid as possible while performing at scale. Indeed, AWS seems to have learned many of the lessons detailed in RFC 3439 to design a solid underlay. You can then design your overlay network to enable any “special” features required by your application developers.
My approach to studying for this exam (after reading the blueprint first, which I always do for any exam), was first to watch the free course from Amazon. In addition to being free, it is actually really good! It provides a very nice overview of the majority of the topics. If you have time, I recommend a second viewing before you take the exam to summarize and refresh everything you’ve learned.
Next, I watched all of the AWS Networking videos from Ivan Pepelnjak at IPspace.net. As always, Ivan does an excellent job of not only detailing how the technology actually works, but relates several design and use cases explaining when, where and why you would use a particular item. This webinar series is not centered around the ANS certification directly, but is more practical in nature. These are the videos you want to review before actually implementing anything in production. While this is paid content (and his subscription is well worth it for any network engineer!), you can sign up for a free account which provides direct links to all the relevant AWS documentation for the particular topics. As a bonus, if you sign up for a free account first, you get a discount if you decide to purchase a full subscription.
I then spent most of my time with the Official Study Guide. This book is included on O’Reilly if you have a subscription, and you can access the practice exams through Wiley. As I read the book, I would attempt the chapter quiz questions first so I knew what to expect and look out for as I was reading. I took notes by creating a mind map. As I progressed through the chapters, I did some light labbing (AWS gives you one year of access to their free tier when you create a new account). I would also re-review the previous chapters’ summaries and “exam essentials” to make sure they still made sense to me. After going through the entire book, I took one of the two included practice exams.
Next, I viewed the Clear and Simple AWS Advanced Networking course by Rick Crisci. I had heard good things about it, and it was on sale for a good price, so I gave it a go. This course is oriented toward the certification and really helps to narrow down the scope of what you need to know for the exam. He doesn’t go extremely deep (which is hard to do on a video series anyway), but all of his explanations are excellent. The course also includes a practice exam.
While studying, I also came across three blogs I wish to share. My friend Marina Ferreira wrote a post detailing her experience taking the exam (and provided some good links). Gian Paolo has a great post as well detailing study methods and resources. And third, Marwan Alshawi has a really good series on network design in AWS which provides some practical examples of architecting AWS networks.
At this point I felt pretty comfortable with what’s covered on the exam. I started making flash cards for some of the details that weren’t sticking with me and needed some spaced repetition. As of this writing, AWS has official practice tests for every exam they offer….except for the ANS. Since the exam costs a decent amount of money, and I’m paying for it myself, I decided it would be worth it to buy some practice tests.
The first practice test I took was from TutorialsDojo. Two full tests are included. I have to say, they really did a good job with these questions and answers! In fact, I will even say that outside of the OSG book, if you’re going to spend any money on materials, this is a must-have! The questions are extremely well-written and clear. The provided explanations really help you understand what is being asked and why the particular answers are right or wrong, along with relevant links for further details. I took one of the exams, made flash cards out of concepts I missed, and saved the second exam for later.
The next practice tests I took were from WhizLabs. Three full tests are included. Unfortunately, these tests were very disappointing, especially when compared to TutorialsDojo. The tests could have been much better if they were reviewed and edited, but it is apparent that English is not the test creator’s native language. This is very distracting because the experience is not like the real exam. For several questions, I believed I could tell what was being asked, but it was hard to be sure due to the bad grammar and unclear writing.
I encountered several other issues as well. The questions were not sufficiently randomized, so you could easily guess answers based on the surrounding questions. Terminology was occasionally used incorrectly. One question even asked which third-party tool you would use for a particular situation where the answers contained only a single third-party tool while the remaining options were AWS tools (and even prefixed with “AWS”!). Some questions and answers also contradicted others.
Perhaps the biggest sin of all, WhizLabs kept saying “on-premise”! Ugh!! Kudos to TutorialsDojo for using the correct “on-premises”. On the positive side, while most of the explanations were weak, they did provide some screen shots and relevant documentation links. I won’t go as far as saying the WhizLabs tests were worthless, but when you use substandard materials like these you really need to know your topics already so that you’re not constantly second-guessing yourself. Luckily, I felt like I was at that point in my studies when I took these tests.
I’m not trying to pick on WhizLabs specifically—I have seen this in all forms of training material over the years, including “official” training from various vendors. Likewise, many of the practice exam questions from the OSG were generally simplistic, occasionally unclear, and not reflective of the real exam. While I’m on the soap box, question writers: negative-style questions (which option is NOT…) are much less helpful than positive-style questions. Positive-style questions are better for memory retention, which is critical when you are still studying for the exam.
All content issues aside, all of the training videos and practice tests are very useful to show examples of things you might not have access to, like the various Direct Connect options. Some practice test questions focus on very limited (sometimes obscure) corner-case scenarios. This is great for learning and understanding the topics, but these kinds of specific obscure questions are unlikely to actually be on the exam.
My final bit of study was to take the second TutorialsDojo practice exam. My score gave me the confidence to schedule the exam. What’s interesting about an exam like this is that it is based on technology that is a constantly-moving target. There are several new features introduced by AWS since this exam version was created that change many of the rules and end up contradicting some of the training material. It made studying for this exam interesting because I had to balance wanting to know and understand the topics as much as possible, but not getting too deep into things that have been introduced since the exam was created. A perfect example is the AWS Transit Gateway, which was introduced after the OSG was written, and changes many of the tested network designs.
Shortly after I finished reading the OSG, I learned of the benefits of getting AWS certified. Two of the benefits are getting a free practice exam (which currently doesn’t matter for the ANS exam), and that you get 50% off your next AWS exam. The ANS-C00 exam is $300 USD. However, the entry-level AWS Certified Cloud Practitioner CLF-C01 exam is $100 USD. I looked at the blueprint and realized I was exposed to at least 80% of the topics already due to studying for the ANS. Since this is a foundational-level exam, I knew most of the topics would be covered at a high-level. AWS was running a promotion offering a free practice test, so I took it and scored 90%. After that, I scheduled, took and passed the CP exam, which gave me the 50% exam voucher toward the ANS-C00 exam. So for a total of $250 USD ($100 CP + $150 ANS), not only did I save $50, I earned two certifications!
Recently, I passed the Juniper JNCIA-Junos exam online through Pearson Vue. That was my first time taking an exam online. I had no issues with that delivery, and likewise I had no issues with taking the CP exam online either, though this time I did have to speak with the proctor first to show I wasn’t wearing a smartwatch or anything else. Based on my experience last time, this time I set a lower resolution on my laptop before signing in, which made the text larger and easier to read during the exam.
One disadvantage of the online tests for some people is that you are unable to write anything down, which means you cannot physically draw any network diagrams. While I was taking the practice tests, I had no problems visualizing all of the networking scenarios in my mind, and I did not feel the need to draw any diagrams. This added to my confidence to take the ANS exam online. This might not work for you, though. However, the Pearson OnVUE application does have a built-in whiteboard that you can use if you need it.
I heard stories about the proctor bugging you if you mouth the questions as you are reading them, which is a very common thing to do. I made a very conscious effort to not mouth the questions while I was taking all of the practice tests, which turned into a positive habit by the time I was through with all of the tests.
When I wrote about my online JNCIA experience, I said that I would probably still go to a testing center for a more expensive test. After my experience with the CP online, I became comfortable enough with the process to continue with the more expensive exams online. In fact, if I have the option of taking an exam online, I will probably continue to do so for all future certifications.
However, for the ANS exam, I waited for nearly 30 minutes after checking in, whereas the previous two exams were attended to within a few minutes. A message popped up saying to click for support, which stated the proctor may try to contact me on my cell phone. You’re not supposed to have your phone within reach, and I silenced it so I would not be disturbed. I waited five more minutes, and then said to my camera (hoping someone was listening) that the support said the proctor may be trying to call, and that my phone was out of reach and on mute, so I was going to show me on the camera reaching for my phone to check (nobody had tried to call, but I took off the mute), and then putting it back out of reach. Around three minutes later, my exam started without any interaction from anyone. So, across three online exams, I’ve had two great and one medium experience.
One thing I discovered this time when scheduling was that more time slots seem to become available either late at night or very early in the morning. If you don’t see any desired time slots, go ahead and schedule one that will be acceptable (just in case), but then check back a few times late at night or early in the morning to see if any new time slots have opened up. It is much faster to reschedule an already-booked exam than to try to secure the perfect time slot before you pay. At first, I had a great time slot, but by the time I entered my payment information, it was gone and I had to choose another time. Later I was able to reschedule for a better time.
As I wrote in my post when I passed the CISSP exam, I did my best to practice good test-taking skills. This includes slowing down and making sure you notice all of the key words. Carefully read everything—an answer may be correct in the technical sense, but does it really answer what the question was asking? A good example in this context is a question on network performance versus network security. One of the answers may be absolutely correct with regard to network performance, but the question was actually asking about network security.
The questions and answers on the ANS-C00 exam are mostly very well-written. As you would expect, there are several questions where multiple answers make sense, but they really test your knowledge of some of the finer details of the particular topic. If you forget those details or miss the part of the question indicating exactly what they are looking for, you may end up confidently choosing the wrong answer. This is why spaced repetitions with flash cards are extremely useful for memorizing some of those finer details.
Even though the exam has 65 questions, I spent nearly two hours taking it (even longer than it took me for the CISSP!) just because there is a lot to read, and I re-read each question and answer several times just to be sure I noticed everything. I felt very relieved when it was over (just like you might be feeling right now as this really long post is coming to an end!), and even more when I saw “PASS” on the screen! I scored 917 / 1000.
This exam is definitely challenging. There are a lot of technical details to remember, but even more important, you need to have excellent reading comprehension and the ability to imagine each scenario in your mind. With the whiteboard, you could draw out the scenarios when necessary, but that is really going to eat into your time. It’s good practice to be able to mentally assemble what is being asked anyway. Much of the exam focuses on hybrid connectivity to traditional data center networks, and having some real-world experience with operating enterprise networks will make a big difference when it comes to visualizing the exam questions.
Thank you for reading, and good luck with your studies!
Bonus 1: Here are about 100 flash cards I created for some of the topics that I wanted to make sure stuck with me. These cards might be a good starting point, or something to add to your own collection. This requires Anki (or software that can import that format). TutorialsDojo also has some really great AWS “cheat sheets” that could be a great source for building flash cards.
Bonus 2: This is a mind map I created while reading the OSG. While the flow mirrors the book, the map leaves are my own wording and not copied word-for-word from the book. This may be useful for a summary or review before taking the exam.
Overview without the details:
