Domain 4 · 24% of Exam

Network Security & Compliance

Implement and manage network security controls, encryption in transit, DDoS protection, and access governance.

What You'll Be Tested On

  • Implement defense-in-depth with security groups, NACLs, and Network Firewall
  • Configure encryption in transit using TLS, IPSec, and MACsec
  • Implement DDoS protection with Shield and WAF
  • Design network access controls using PrivateLink and endpoint policies
  • Monitor and audit network security with Flow Logs and GuardDuty

Key AWS Services in This Domain

🛡️Network Security🧱Network Firewall🔥WAF & ShieldCloudFront

Exam Tips for Domain 4

💡

Know the difference between stateful (SG) and stateless (NACL) filtering

💡

Understand Network Firewall rule evaluation order

💡

Practice designing WAF rules for common attack patterns

Practice Domain 4 Questions

Test your knowledge of Network Security & Compliance with practice questions from our ANS-C01 question bank.

Start Practice Quiz →

Other ANS-C01 Domains

Domain 1Network Design30%Domain 2Network Implementation26%Domain 3Network Management & Operations20%
← ANS-C01 Study HubFree Mock Exam30-Day Study Plan