Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 101–110 of 468

Q101

A company needs to connect its on-premises network to AWS but wants to avoid public internet exposure. What should they use?

  • A AWS Site-to-Site VPN
  • B AWS Direct Connect
  • C AWS VPN Client
  • D AWS Transit Gateway
Explanation AWS Direct Connect provides a private connection, whereas the VPN options still expose the connection to the internet.
Q102

What happens when you configure network ACLs and security groups for an EC2 instance?

  • A Only NACLs apply, security groups ignored
  • B Security groups only control outbound traffic
  • C Both must allow traffic for access
  • D Only security groups can block traffic
Explanation Both network ACLs and security groups must permit traffic for an EC2 instance to receive it.
Q103

Which service tracks resource usage and costs over time?

  • A AWS Cost Explorer
  • B AWS CloudFormation
  • C AWS CloudTrail
  • D AWS Config
Explanation AWS Cost Explorer helps visualize and manage costs, while the others serve different purposes.
Q104

A company needs to connect on-premises resources to AWS securely. Which service should they use?

  • A AWS Direct Connect
  • B Amazon CloudFront
  • C AWS Lambda
  • D Amazon S3
Explanation AWS Direct Connect provides a dedicated network connection, while the others do not facilitate such a connection.
Q105

What happens when an IAM user reporting to a role does not have permissions for that role?

  • A The user cannot assume the role.
  • B The role permissions override user permissions.
  • C The user is granted temporary access.
  • D The user gets denied access only.
Explanation An IAM user must have permission to assume a role, while the other options misrepresent IAM behavior.
Q106

Which service allows you to manage network connections between VPCs?

  • A AWS Direct Connect
  • B Amazon Route 53
  • C AWS VPN
  • D AWS Transit Gateway
Explanation AWS Transit Gateway simplifies interconnecting VPCs; others do not focus on VPC connection management.
Q107

A company needs to ensure that its EC2 instances are fault-tolerant across multiple Availability Zones. What should they implement?

  • A Single EC2 instance deployment
  • B Auto Scaling group
  • C Multiple VPCs
  • D Static IP allocation
Explanation An Auto Scaling group can automatically distribute EC2 instances across multiple AZs, while others do not ensure fault tolerance.
Q108

You are configuring a Security Group for your VPC. What happens when you specify both allow and deny rules?

  • A Only allow rules take effect
  • B Deny rules supersede allow rules
  • C No traffic is allowed
  • D Rules conflict, default denies traffic
Explanation Security Groups allow rules but do not support deny rules; only allow rules are processed.
Q109

Which service allows you to automate network configurations?

  • A AWS CloudFormation
  • B AWS Lambda
  • C Amazon EC2
  • D Amazon RDS
Explanation AWS CloudFormation automates resource provisioning, while others do not focus on configurations.
Q110

A company needs to securely connect its on-premises data center to AWS. What option should they consider?

  • A AWS Direct Connect
  • B AWS VPN
  • C AWS Snowball
  • D AWS Transit Gateway
Explanation AWS Direct Connect provides a dedicated connection, while a VPN is over the public internet and less optimal for secure connections.