Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 91–100 of 468

Q91

What is the primary function of AWS Transit Gateway?

  • A Connect VPCs and on-premises networks
  • B Store data in S3
  • C Manage IAM users
  • D Backup EC2 instances
Explanation AWS Transit Gateway facilitates interconnectivity among VPCs and on-premises networks, while others do not serve the same purpose.
Q92

A company needs to ensure that all S3 bucket access logs are stored safely and securely. Which service should they use?

  • A S3 Cross-Region Replication
  • B CloudFront
  • C AWS Backup
  • D Lifecycle Policies
Explanation S3 Cross-Region Replication automatically replicates bucket contents, ensuring the logs are both available and secure across regions, unlike other options.
Q93

What happens when a resource is tagged with an IAM policy that denies all actions?

  • A All actions are allowed
  • B Only read actions are denied
  • C All actions are denied
  • D Actions are limited to certain users
Explanation A deny rule in IAM takes precedence over any allow rules, thereby denying all actions for the tagged resource while others are incorrect interpretations of IAM policy behavior.
Q94

Which service provides automatic scaling of resources based on utilization?

  • A AWS Auto Scaling
  • B AWS CloudFormation
  • C Amazon S3
  • D AWS IAM
Explanation AWS Auto Scaling adjusts resources based on demand; the others do not provide automatic scaling capabilities.
Q95

A company needs to securely handle user authentication without storing passwords. What should they use?

  • A AWS Cognito
  • B AWS Lambda
  • C AWS RDS
  • D AWS SES
Explanation AWS Cognito enables authentication without password storage, unlike the others which serve different functions.
Q96

What happens when a security group is deleted while instances still reference it?

  • A Instances refuse traffic completely
  • B Traffic flows normally
  • C Instances terminate automatically
  • D Network configurations reset
Explanation Instances retain old security group rules; deletion doesn’t impact them immediately, while the others are incorrect outcomes.
Q97

Which service provides DNS service for AWS resources?

  • A Amazon Route 53
  • B AWS CloudTrail
  • C Amazon VPC
  • D AWS Config
Explanation Amazon Route 53 is the DNS service for AWS resources, whereas the other options serve different purposes.
Q98

A company needs to connect its on-premises network to AWS securely. Which solution should they implement?

  • A AWS Direct Connect
  • B AWS Lambda
  • C Amazon S3
  • D Amazon EC2
Explanation AWS Direct Connect provides a dedicated connection for secure network integration, while the other services do not facilitate network connectivity.
Q99

You are configuring a Network ACL with both Allow and Deny rules. What happens if a packet matches a Deny rule?

  • A The packet is allowed
  • B The packet is dropped
  • C The packet is logged
  • D The packet is modified
Explanation A match to a Deny rule results in the packet being dropped, and it won't be processed further.
Q100

Which AWS service provides a Virtual Private Cloud (VPC)?

  • A Amazon VPC
  • B AWS Direct Connect
  • C AWS Route 53
  • D AWS IAM
Explanation Amazon VPC is specifically designed for creating isolated networks, while other options serve different purposes.