CertLabProAWS Certified Advanced Networking Specialty
275 perguntas de prática
Última revisão: April 2026
Notas pessoais e links de recursos para sua jornada de estudo
Filtrar por Certificação
The AWS Certified Advanced Networking Specialty (ANS-C01) is the deepest networking credential AWS offers and is widely considered one of the more challenging certifications across any cloud provider. It validates the ability to design, implement, and operate complex AWS network architectures — including hybrid connectivity, multi-region transit, advanced DNS, edge services, and security at the network layer. The exam targets senior network engineers, cloud network architects, and infrastructure engineers with multi-year AWS and traditional networking experience. Expect long, scenario-heavy questions that combine VPC, Transit Gateway, Direct Connect, Route 53, CloudFront, Global Accelerator, and Network Firewall in ways that often have one objectively correct answer. ANS-C01 launched in July 2022, replacing ANS-C00, and is conceptual (no hands-on labs).
The largest domain at 30%. VPC topology choices, hub-and-spoke with Transit Gateway, multi-region patterns, hybrid connectivity selection (Direct Connect vs. Site-to-Site VPN vs. Cloud WAN), and DNS architecture with Route 53 Resolver. Tests architectural judgment more than service knowledge.
BGP configuration on Direct Connect and Site-to-Site VPN, transit gateway route tables and propagation, VPC peering and PrivateLink, and IPv6 deployment. Common stumbling block: nuanced BGP path selection and AS-PATH prepending.
VPC Flow Logs, Reachability Analyzer, Network Access Analyzer, Transit Gateway Network Manager, and CloudWatch metrics for networking. Tests practical operational fluency.
AWS Network Firewall, security groups vs. NACLs, WAF, Shield, Resolver DNS Firewall, and centralized inspection patterns with Gateway Load Balancer. Often missed: the precise traffic-flow sequence through GWLB-based inspection VPCs.
$135k–$190k–$280k USD annual
Range covers US-based mid-to-senior cloud networking roles where AWS proficiency is required. Top-tier financial services, FAANG, and large enterprise hub teams frequently exceed $330k TC. Entry "network engineer" titles in non-coastal markets fall below the low end. The advanced networking specialty reliably commands a premium because the candidate pool is small.
Source: levels.fyi 2025–2026 cloud network engineer roles, U.S. BLS OEWS May 2024 (15-1241 computer network architects, 15-1244 network and computer systems architects). Figures are approximate; actual compensation depends on role, region, and experience.
Cloud networking is one of the smaller but most premium specialty fields in AWS hiring. Demand is concentrated at large enterprises, financial services, regulated industries, and cloud-native SaaS companies with complex multi-region or hybrid architectures. Recruiters use ANS-C01 as a credible signal that a candidate can design and operate non-trivial AWS networks — the candidate pool with both AWS depth and BGP/DNS fluency is genuinely small. It pairs naturally with SAA-C03 or SAP-C02 and with the Security Specialty (SCS-C03) for senior infrastructure roles. The cert does NOT by itself qualify candidates for chief-architect-level positions; those expect broader system-design and leadership experience.
There are no formal prerequisites. AWS recommends at least 5 years of networking experience (including hands-on production networking with both routing and switching), and at least 2 years of hands-on AWS experience.
Most candidates approach ANS-C01 after SAA-C03 or SAP-C02 for the AWS architectural foundation. The harder gap to close is traditional networking depth: candidates without strong BGP, OSPF, IPSec, and DNS backgrounds should expect substantial extra study because the exam assumes baseline networking fluency well beyond what the associate exams test. A working personal Direct Connect simulation (using Site-to-Site VPN with BGP), a multi-region Transit Gateway lab, and a Gateway Load Balancer inspection-VPC build are the highest-ROI preparation artifacts.
ANS-C01 is rated Specialty and is widely considered one of the hardest AWS exams. Plan 100–160 hours over 12–16 weeks for candidates with strong traditional networking backgrounds and AWS experience; 200–280+ hours for candidates missing one of those foundations. The exam is 65 scored questions in 170 minutes — multiple-choice and multiple-response, no labs. Time pressure is real because reading and tracing network diagrams in scenario questions is slow.
Common stumbling blocks include nuanced BGP behavior over Direct Connect (LOCAL_PREF, AS_PATH, MED, communities), Transit Gateway route-table propagation vs. association, hybrid DNS resolution edge cases involving Route 53 Resolver inbound and outbound endpoints, and centralized inspection traffic flows with Gateway Load Balancer. Subtle PrivateLink and VPC endpoint policy interactions also recur.
Current version. Modernized coverage of Transit Gateway, Cloud WAN, Network Firewall, Gateway Load Balancer, and modern hybrid-DNS patterns. Replaced ANS-C00.
Original Advanced Networking Specialty. Retired in 2022; pre-Transit-Gateway-mature era.
ANS-C01 (AWS Certified Advanced Networking Specialty) is a a deeply specialized exam covering advanced topics in a narrow domain — expect hands-on experience to be a prerequisite Specialty-level exam. Most candidates need 100–200 hours of study spread over 2–4 months for specialty exams. These assume hands-on experience in the specialty domain. Most candidates who score consistently above the passing threshold on practice exams pass on their first attempt.