Multicloud Networking & Security (Specialty/Professional)

Course Outline

Prequisites

  • Basic Networking Knowledge: Familiarity with network fundamentals, including TCP/IP, DNS, VPNs, and firewalls.
  • Cloud Platform Basics: A foundational understanding of one or more cloud platforms (AWS, Azure, Google Cloud) is helpful, as this course will cover multicloud strategies.
  • Operating Systems Knowledge: Basic knowledge of operating systems (Windows/Linux), especially in cloud environments.
  • Networking and Security Concepts: Familiarity with core networking and security concepts, such as subnetting, VLANs, access control, encryption, and security best practices.
  • Experience with Cloud Services: Practical experience with cloud services or infrastructure-as-a-service (IaaS) would be advantageous but not mandatory.
  • Programming Fundamentals (Optional): While not strictly required, some programming knowledge (e.g., Python or Shell scripting) can aid in automating cloud networking and security tasks.

AWS Certified Advanced Networking Specialty

Domain 1: Network Design

  • Task Statement 1.1: Design a solution that incorporates edge network services to optimize user performance and traffic management for global architectures.
  • Task Statement 1.2: Design DNS solutions that meet public, private, and hybrid requirements.
  • Task Statement 1.3: Design solutions that integrate load balancing to meet high availability, scalability, and security requirements.
  • Task Statement 1.4: Define logging and monitoring requirements across AWS and hybrid networks.
  • Task Statement 1.5: Design a routing strategy and connectivity architecture between on-premises networks and the AWS Cloud.

Domain 2: Network Implementation

  • Task Statement 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud.
  • Task Statement 2.2: Implement routing and connectivity across multiple AWS accounts, Regions, and VPCs to support different connectivity patterns.
  • Task Statement 2.3: Implement complex hybrid and multi-account DNS architectures.
  • Task Statement 2.4: Automate and configure network infrastructure.

Domain 3: Network Management and Operation

  • Task Statement 3.1: Maintain routing and connectivity on AWS and hybrid networks.
  • Task Statement 3.2: Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns.
  • Task Statement 3.3: Optimize AWS networks for performance, reliability, and costeffectiveness.

Domain 4: Network Security, Compliance, and Governance

  • Task Statement 4.1: Implement and maintain network features to meet security and compliance needs and requirements.
  • Task Statement 4.2: Validate and audit security by using network monitoring and logging services
  • Task Statement 4.3: Implement and maintain confidentiality of data and communications of the network.

Google Professional Cloud Network Engineer

Domain 1: Designing and planning a Google Cloud network

  • 1.1 Designing an overall network architecture.
  • 1.2 Designing Virtual Private Cloud (VPC) networks.
  • 1.3 Designing a resilient and performant hybrid and multi-cloud network.
  • 1.4 Designing an IP addressing plan for Google Kubernetes Engine (GKE).

Domain 2: Implementing Virtual Private Cloud (VPC) networks

  • 2.1 Configuring VPCs.
  • 2.2 Configuring VPC routing.
  • 2.3 Configuring Network Connectivity Center.
  • 2.4 Configuring and maintaining Google Kubernetes Engine clusters.
  • 2.5 Configuring and managing Cloud Next Generation Firewall (NGFW) rules.

Domain 3: Configuring managed network services

  • 3.1 Configuring load balancing.
  • 3.2 Configuring Google Cloud Armor policies.
  • 3.3 Configuring Cloud CDN.
  • 3.4 Configuring and maintaining Cloud DNS.
  • 3.5 Configuring and securing internet egress traffic.
  • 3.6 Configuring network packet inspection.

Domain 4: Implementing hybrid network interconnectivity

  • 4.1 Configuring Cloud Interconnect.
  • 4.2 Configuring a site-to-site IPSec VPN.
  • 4.3 Configuring Cloud Router.
  • 4.4 Configuring Network Connectivity Center.

Domain 5: Managing, monitoring, and troubleshooting network operations

  • 5.1 Logging and monitoring with Google Cloud Observability.
  • 5.2 Maintaining and troubleshooting connectivity issues.
  • 5.3 Using Network Intelligence Center to monitor and troubleshoot common networking issues.

AWS Certified-Security Specialty

Domain 1: Threat Detection and Incident Response

  • Task Statement 1.1: Design and implement an incident response plan
  • Task Statement 1.2: Detect security threats and anomalies by using AWS services
  • Task Statement 1.3: Respond to compromised resources and workloads

Domain 2: Security Logging and Monitoring

  • Task Statement 2.1: Design and implement monitoring and alerting to address security events
  • Task Statement 2.2: Troubleshoot security monitoring and alerting
  • Task Statement 2.3: Design and implement a logging solution
  • Task Statement 2.4: Troubleshoot logging solutions
  • Task Statement 2.5: Design a log analysis solution

Domain 3: Infrastructure Security

  • Task Statement 3.1: Design and implement security controls for edge services
  • Task Statement 3.2: Design and implement network security controls
  • Task Statement 3.3: Design and implement security controls for compute workloads
  • Task Statement 3.4: Troubleshoot network security

Domain 4: Identity and Access Management

  • Task Statement 4.1: Design, implement, and troubleshoot authentication for AWS resources
  • Task Statement 4.2: Design, implement, and troubleshoot authorization for AWS resources

Domain 5: Data Protection

  • Task Statement 5.1: Design and implement controls that provide confidentiality and integrity for data in transit
  • Task Statement 5.2: Design and implement controls that provide confidentiality and integrity for data at rest
  • Task Statement 5.3: Design and implement controls to manage the lifecycle of data at rest
  • Task Statement 5.4: Design and implement controls to protect credentials, secrets, and cryptographic key materials

Domain 6: Management and Security Governance

  • Task Statement 6.1: Develop a strategy to centrally deploy and manage AWS accounts
  • Task Statement 6.2: Implement a secure and consistent deployment strategy for cloud resources
  • Task Statement 6.3: Evaluate the compliance of AWS resources
  • Task Statement 6.4: Identify security gaps through architectural reviews and cost analysis

Google Professional Cloud Security Engineer

Domain 1: Configuring access

  • 1.1 Managing Cloud Identity
  • 1.2 Managing service accounts
  • 1.3 Managing authentication
  • 1.4 Managing and implementing authorization controls
  • 1.5 Defining resource hierarchy

Domain 2: Securing communications and establishing boundary protection

  • 2.1 Designing and configuring perimeter security
  • 2.2 Configuring boundary segmentation
  • 2.3 Establishing private connectivity

Domain 3: Ensuring data protection

  • 3.1 Protecting sensitive data and preventing data loss
  • 3.2 Managing encryption at rest, in transit, and in use
  • 3.3 Planning for security and privacy in AI

Domain 4: Managing operations

  • 4.1 Automating infrastructure and application security
  • 4.2 Configuring logging, monitoring, and detection

Domain 5: Supporting compliance requirements

  • 5.1 Determining regulatory requirements for the cloud