Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 141–150 of 468

Q141

You are configuring interface VPC endpoints for your services. What is a key limitation you should be aware of?

  • A Limited to specific AWS services
  • B Cannot connect across multiple regions
  • C Only supports IPv4 addresses
  • D No support for private subnets
Explanation Interface VPC endpoints are limited to specific AWS services; the other options incorrectly state technical capabilities.
Q142

Which service is recommended for real-time logging of AWS resources?

  • A Amazon CloudWatch
  • B AWS S3
  • C AWS Lambda
  • D Amazon RDS
Explanation Amazon CloudWatch is designed to monitor and log real-time resources, unlike the other options which serve different purposes.
Q143

A company needs to securely connect their on-premises data center to AWS. Which solution should they use?

  • A VPC Peering
  • B AWS Direct Connect
  • C AWS VPN
  • D Elastic Load Balancing
Explanation AWS Direct Connect provides a dedicated connection, ensuring a stable and secure link unlike VPN which relies on the internet.
Q144

You are configuring a VPC with two subnets. What happens if one subnet is a public subnet with a NAT gateway while the other is private?

  • A Private subnet gets direct internet access
  • B Public subnet loses internet access
  • C Private subnet accesses internet via NAT
  • D Both subnets are isolated from each other
Explanation The private subnet accesses the internet through the NAT gateway in the public subnet, enabling outgoing connections only.
Q145

A company needs to connect multiple VPCs in different regions. Which service should they use?

  • A AWS Transit Gateway
  • B Direct Connect
  • C VPC Peering
  • D VPN Connection
Explanation AWS Transit Gateway allows inter-region VPC connections; VPC Peering is limited to one region.
Q146

What happens when a security group allows all outbound traffic and denies inbound traffic by default?

  • A All traffic is allowed.
  • B No traffic is possible.
  • C Outbound connections can succeed.
  • D Inbound connections are still permitted.
Explanation Outbound connections succeed as they are allowed, while inbound is denied.
Q147

You are configuring a Route 53 public hosted zone. What must you do to route traffic to multiple resources?

  • A Create multiple A records.
  • B Use a single CNAME record.
  • C Employ health checks only.
  • D Only one Alias record allowed.
Explanation Multiple A records can route traffic each to distinct resources; a single CNAME won't suffice.
Q148

Which service is best for global application routing?

  • A Amazon Route 53
  • B AWS CloudFront
  • C Amazon S3
  • D AWS DataSync
Explanation Route 53 provides DNS service and global routing.
Q149

A company needs to connect a large number of on-premises datacenters to AWS securely. Which service should they utilize?

  • A AWS Transit Gateway
  • B AWS Direct Connect
  • C AWS VPN
  • D AWS PrivateLink
Explanation Direct Connect provides a dedicated network connection.
Q150

What happens when you disable a security group in AWS?

  • A All in-bound traffic is allowed
  • B All out-bound traffic is disallowed
  • C The security group is completely removed
  • D Traffic is still managed by rules
Explanation Disabling a security group does not remove its rules.