AWS Certified Advanced Networking Specialty Exam (ANS-C01) Free Questions - Part 1
So, you're gearing up for the AWS Certified Advanced Networking Specialty Exam (ANS-C01)? That's fantastic! But let's be honest, preparing for any exam can feel like climbing a mountain. That's where AWS Certified Advanced Networking Specialty Exam (ANS-C01) free questions come into play—they're like your personal climbing gear, making the ascent a whole lot easier.
.jpg)
Why Free Questions Are Your Secret Weapon
Imagine trying to learn to swim without ever getting into the water. Sounds tricky, right? The same goes for exams. AWS Certified Advanced Networking Specialty Exam (ANS-C01) free questions give you a real taste of what's to come. They help you get comfortable with the exam format, question styles, and the types of topics that will be covered.
How AWS Certified Advanced Networking Specialty Exam (ANS-C01) Free Questions Can Help You Succeed
At ExamStudyZone, we provide a comprehensive set of AWS Certified Advanced Networking Specialty Exam (ANS-C01) free questions designed to mirror the actual exam. Each question comes with detailed explanations, turning each practice session into a powerful learning experience. By regularly practicing with these free questions, you'll build confidence and increase your chances of acing the exam.
AWS Certified Advanced Networking Specialty Exam (ANS-C01) Questions
Question No : 1) All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.
A. The NAT gateway does not support UDP traffic.
B. The authentication server is not accepting traffic.
C. The NAT gateway cannot allocate more ports.
D. The NAT gateway is launched in a private subnet.
Question No : 2) A company has recently established an AWS Direct Connect connection from its onpremises data center to AWS. A Network Engineer has blocked all traffic destined for Amazon S3 over the company's gateway to the internet from its on-premises firewall. S3 traffic should only traverse the Direct Connect connection. Currently, no one in the onpremises data center can access Amazon S3. Which solution will resolve this connectivity issue?
A. Configure a private virtual interface on the Direct Connect connection. Update the onpremises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
B. Establish an S3 VPC endpoint for the company's Amazon VPC. Configure a private virtual interface on the Direct Connect connection. Update the on-premises routing tables to choose Direct Connect as the preferred next hop
C. Configure a public virtual interface on the Direct Connect connection. Update the onpremises routing tables to choose Direct Connect as the preferred next hop for traffic destined for Amazon S3.
D. Configure a public virtual interface on the Direct Connect connection. Establish an AWS managed VPN over the connection. Update the on-premises routing tables to choose the VPN connection as the preferred next hop.
Question No : 3) You run a well-architected, multi-AZ application in the eu-central-1 (Frankfurt) AWS region. The application is hosted in a VPC and is only accessed from the corporate network. To support large volumes of data transfer and administration of the application, you use a single 10-Gbps AWS Direct Connect connection with multiple private virtual interfaces. As part of a review, you decide to improve the resilience of your connection to AWS and make sure that any additional connectivity does not share the same Direct Connect routers at AWS. You need to provide the best levels of resilience to meet the application’s needs. Which two options should you consider? (Select two.)
A. Install a second 10-Gbps Direct Connect connection to the same Direct Connection location.
B. Deploy an IPsec VPN over a public virtual interface on a new 10-Gbps Direct Connect connection.
C. Install a second 10-Gbps Direct Connect connection to a Direct Connect location in euwest-1.
D. Deploy an IPsec VPN over the Internet to the eu-west-1 region for diversity.
E. Install a second 10-Gbps Direct Connect connection to a second Direct Connect location for eu-central-1.
Question No : 4) Your company maintains an Amazon Route 53 private hosted zone. DNS resolution is restricted to a single, pre-existing VPC. For a new application deployment, you create an additional VPC in the same AWS account. Both this new VPC and your on-premises DNS infrastructure must resolve records in the existing private hosted zone. Which two activities are required to enable DNS resolution both within the new VPC and from the on-premises infrastructure? (Select two.)
A. Update the DHCP options set for the new VPC with the Route 53 nameserver IP addresses.
B. Update the Route 53 private hosted zone’s VPC associations to include the new VPC.
C. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies as forwarders in the on-premises DNS.
D. Update the on-premises DNS to include forwarders to the Route 53 nameserver IP addresses.
E. Launch Amazon EC2-based DNS proxies in the new VPC. Specify the proxies in the DHCP options set.
Question No : 5) Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS in multiple Availability Zones. You need to apply Geographic Restriction and identify the client’s IP address in your application to generate dynamic content.
How should you utilize AWS services in a scalable fashion to perform this task?
A. Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.
B. Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist.
C. Use X-Forwarded-For with security groups to apply the Geographic Restriction.
D. Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.
Question No : 6) A network architect is designing an internet website. It has web, application, and database tiers that will run in AWS. The website uses Amazon DynamoDB. Which architecture will minimize public exposure of the back-end instances?
A. A VPC with public subnets for the NLB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
B. A VPC with public subnets for the ALB, private subnets for the web tier, and private subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
C. A VPC with public subnets for the ALB, public subnets for the web tier, private subnets for the application tier, and private subnets for DynamoDB.
D. A VPC with public subnets for the NLB, private subnets for the web tier, and public subnets for the application tier. The application tier connects DynamoDB through a VPC endpoint.
Question No : 7) A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load Balancing for SSL offloading, health checks, and sticky sessions. What should be done to meet these requirements?
A. Create a Network Load Balancer pointing to the on-premises server's private IP address.
B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises servers as the origin.
C. Create a Network Load Balancer pointing to the on-premises server's public IP address.
D. Create an Application Load Balancer pointing to the on-premises server's private IP address.
Question No : 8) A company uses an Application Load Balancer (ALB) to provide access to a multi-tenant web application for 25 customers The company creates a unique hostname for each customer to use to access the application Hostnames use the format customer-name example.com. Each customer has a dedicated group of Amazon EC2 instances that run their own version of the web application. When a customer visits customer-name example com, the ALB should route the request to the correct group of EC2 instances The company requires a highly available solution that is easy to maintain Which solution meets these requirements at the LOWEST cost?
A. Create one ALB for all customers Create a listener rule that includes an HTTP header condition to match the URL Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB
B. Create one ALB for each customer Configure the listener to route requests to the customer target group Configure an NGINX proxy server to manage connections to each ALB Use Amazon Route 53 to create a CNAME record for each customer-name example com hostname that points to the NGINX proxy server
C. Create one ALB for ail customers Create a listener rule that includes a Host header condition to match the hostname Add a forward action to route the request to the customer target group Use Amazon Route 53 to create an alias record for each customer-name example com hostname that points to the ALB
D. Create one ALB for each customer Configure the listener to route requests to the customer target group Create an Amazon CloudFront distribution Add each ALB to the distribution as a custom origin Use Amazon Route 53 to create an alias for each customername example com hostname that points to the CloudFront distribution
Question No : 9) A company’s web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries. Which action should be taken to block more IP addresses, without compromising the existing security requirements?
A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.
Question No : 10) An application runs on a fleet of Amazon EC2 instances in a VPC. All instances can reach one another using private IP addresses. The application owner has a new requirement that the domain name received via DHCP should be different for a particular set of instances that are currently in one particular subnet. What changes should be made to meet this requirement while continuing to support the existing application requirements?
A. Modify the existing DHCP option set and specify the different domain name for the specified subnet.
B. Create a new DHCP option set with the different domain name, associate it with the specified subnet, and re-launch the Amazon EC2 instances.
C. Create a new subnet, configure the DHCP option set with the different domain name, and re-launch the required instances there.
D. Create a new peered VPC, configure the DHCP option set with the different domain name, and re-launch the required instances there.
Question No : 11) An IT company wants to securely perform an on-off migration of its on-premises VMs to the AWS Cloud by using AWS Server Migration Service {AWS SMS) For the first phase of the migration, the company must migrate 50 development VMs m batches during non-peak times over the next 7 days The VMs are between 2 GB and 5 GB in size The company has 1 Gbps of available bandwidth over the internet Which network connectivity option meets these requirements MOST cost-effectively?
A. Contact an AWS partner to order a hosted VIF
B. Use the existing internet connection
C. Order an AWS Direct Connect connection Provision a public VIF
D. Create a VPN connection to AWS.
Question No : 12) A company is connecting to a VPC over an AWS Direct Connect using a private VIF, and a dynamic VPN connection as a backup. The company's Reliability Engineering team has been running failover and resiliency tests on the network and the existing VPC by simulating an outage situation on the Direct Connect connection. During the resiliency tests, traffic failed to switch over to the backup VPN connection. How can this failure be troubleshot?
A. Ensure that Bidirectional Forwarding Detection is enabled on the Direct Connect connection
B. Confirm that the same routes are being advertised over both the VPN and Direct Connect.
C. Reconfigure the Direct Connect session from static routes to Border Gateway Protocol (BGP) peering.
D. Configure a virtual private gateway for the VPN and another virtual private gateway for Direct Connect.
Question No : 13) A company's application runs in a VPC and stores sensitive data in Amazon S3 The application's Amazon EC2 instances are located in a private subnet with a NAT gateway deployed in a public subnet to provide access to Amazon S3 The S3 bucket is located in the same AWS Region as the EC2 instances The company wants to ensure that this bucket can be accessed only from the VPC where the application resides Which changes should a network engineer make to the architecture to meet these requirements?
A. Delete the existing S3 bucket and create a new S3 bucket inside the VPC in the private subnet Configure the S3 security group to allow only the application instances to access the bucket
B. Deploy an S3 VPC endpoint in the VPC where the application resides Configure an S3 bucket policy with a condition to allow access only from the VPC endpoint
C. Configure an S3 bucket policy, and use an IP address condition to restrict access to the bucket Allow access only from the VPC CIDR range, and deny all other IP address ranges
D. Create a new 1AM role for the EC2 instances that provides access to the S3 bucket and assign the role to the application instances Configure an S3 bucket policy to allow access only from the role
Question No : 14) A company uses AWS Direct Connect lo connect its corporate network to multiple VPCs in the same AWS account and the same AVVS Region Each VPC uses its own private VIF and its own virtual LAN on the Direct Connect connection The company has grown and will soon surpass the limit of VPCs and private VIFs for each connection What is the MOST scalable way to add VPCs with on-premises connectivity?
A. Provision a new Direct Connect connection to handle the additional VPCs Use the new connection to connect additional VPCs.
B. Create virtual private gateways for each VPC that is over the service quota Use AWS Site-to-Site VPN to connect the virtual private gateways to the corporate network
C. Create a Direct Connect gateway, and add virtual private gateway associations to the VPCs. Configure a private VIF to connect to the corporate network
D. Create a transit gateway and attach the VPCs Create a Direct Connect gateway, and associate it with the transit gateway Create a transit VIF to the Direct Connect gateway
Question No : 15) Your organization leverages an IP Address Management (IPAM) product to manage IP address distribution. The IPAM exposes an API. Development teams use CloudFormation to provision approved reference architectures. At deployment time, IP addresses must be allocated to the VPC. When the VPC is deleted, the IPAM must reclaim the VPC’s IP allocation. Which method allows for efficient, automated integration of the IPAM with CloudFormation?
A. AWS CloudFormation parameters using the “Ref::” intrinsic function
B. AWS CloudFormation custom resource using an AWS Lambda invocation.
C. CloudFormation::OpsWorks::Stack with custom Chef configuration.
D. AWS CloudFormation parameters using the “Fn::FindInMap” intrinsic function.
ANS-C01 Answers