# Content Domain 1: Design Solutions for Organizational Complexity
**Topics**
+ [Task 1.1: Architect network connectivity strategies.](#solutions-architect-professional-02-domain1-task1)
+ [Task 1.2: Prescribe security controls.](#solutions-architect-professional-02-domain1-task2)
+ [Task 1.3: Design reliable and resilient architectures.](#solutions-architect-professional-02-domain1-task3)
+ [Task 1.4: Design a multi-account AWS environment.](#solutions-architect-professional-02-domain1-task4)
+ [Task 1.5: Determine cost optimization and visibility strategies.](#solutions-architect-professional-02-domain1-task5)
## Task 1.1: Architect network connectivity strategies.
Knowledge of:
+ AWS Global Infrastructure
+ AWS networking concepts (for example, Amazon Virtual Private Cloud [Amazon VPC], AWS Direct Connect, AWS VPN, transitive routing, AWS container services)
+ Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration)
+ Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs)
+ Network traffic monitoring
Skills in:
+ Evaluating connectivity options for multiple VPCs
+ Evaluating connectivity options for on-premises, co-location, and cloud integration
+ Selecting AWS Regions and Availability Zones based on network and latency requirements
+ Troubleshooting traffic flows by using AWS tools
+ Using service endpoints for service integrations
## Task 1.2: Prescribe security controls.
Knowledge of:
+ AWS Identity and Access Management (IAM) and AWS IAM Identity Center
+ Route tables, security groups, and network ACLs
+ Encryption keys and certificate management (for example, AWS Key Management Service [AWS KMS], AWS Certificate Manager [ACM])
+ AWS security, identity, and compliance tools (for example, AWS CloudTrail, AWS Identity and Access Management Access Analyzer, AWS Security Hub, Amazon Inspector)
Skills in:
+ Evaluating cross-account access management
+ Integrating with third-party identity providers
+ Deploying encryption strategies for data at rest and data in transit
+ Developing a strategy for centralized security event notifications and auditing
## Task 1.3: Design reliable and resilient architectures.
Knowledge of:
+ Recovery time objectives (RTOs) and recovery point objectives (RPOs)
+ Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery, pilot light, warm standby, and multi-site)
+ Data backup and restoration
Skills in:
+ Designing disaster recovery solutions based on RTO and RPO requirements
+ Implementing architectures to automatically recover from failure
+ Developing the optimal architecture by considering scale-up and scale-out options
+ Designing an effective backup and restoration strategy
## Task 1.4: Design a multi-account AWS environment.
Knowledge of:
+ AWS Organizations and AWS Control Tower
+ Multi-account event notifications
+ AWS resource sharing across environments
Skills in:
+ Evaluating the most appropriate account structure for organizational requirements
+ Recommending a strategy for central logging and event notifications
+ Developing a multi-account governance model
## Task 1.5: Determine cost optimization and visibility strategies.
Knowledge of:
+ AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)
+ AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances)
+ AWS rightsizing visibility tools (for example, AWS Compute Optimizer, Amazon Simple Storage Service [Amazon S3] Storage Lens)
Skills in:
+ Monitoring cost and usage with AWS tools
+ Developing an effective tagging strategy that maps costs to business units
+ Understanding how purchasing options affect cost and performance