Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 161–170 of 468

Q161

A company needs to ensure its public-facing web application can handle traffic spikes. Which architectural pattern should they adopt?

  • A Monolithic architecture
  • B Microservices architecture
  • C Database replication
  • D Static content delivery
Explanation Microservices architecture allows for scaling individual components of an application to efficiently handle traffic spikes. Monolithic is less scalable, database replication helps with data but not traffic, and static content does not address application architecture.
Q162

You are configuring an EC2 instance with a security group allowing inbound traffic on port 80. What happens if you associate an outbound rule allowing all traffic?

  • A No existing inbound rules apply
  • B Only HTTP traffic is allowed
  • C All outbound traffic is permitted
  • D Inbound rules block large traffic
Explanation Outbound rules allowing all traffic permit outgoing connections regardless of inbound rules. Inbound rules do not get overridden, and we do not block based on size.
Q163

What does AWS Direct Connect provide?

  • A Private network connection to AWS
  • B Load balancing in VPC
  • C VPN connectivity for IPsec
  • D Public access point for S3
Explanation Direct Connect offers a dedicated private connection, while other options pertain to different services or uses.
Q164

A company needs increased throughput for their AWS Lambda function. What should they adjust?

  • A Increase function memory size
  • B Change execution role permissions
  • C Add a VPC endpoint
  • D Use a different runtime
Explanation Increasing memory size also increases CPU, effectively boosting throughput; the others don't directly impact performance.
Q165

What happens when a user attempts to access an AWS resource without the proper IAM permissions?

  • A Access is automatically denied
  • B Access request is logged
  • C Access is granted by default
  • D User will receive a warning
Explanation IAM operates on the principle of least privilege, so access is denied if permissions are not granted; the others are misleading or incorrect.
Q166

Which service allows automatic response to network traffic conditions?

  • A AWS Auto Scaling
  • B AWS Shield
  • C AWS Route 53
  • D AWS Lambda
Explanation AWS Auto Scaling automatically adjusts resources based on traffic; others do not provide this functionality.
Q167

A company needs secure communication between VPCs in different regions. Which service should they use?

  • A AWS Direct Connect
  • B VPC Peering
  • C AWS Transit Gateway
  • D AWS VPN
Explanation AWS Transit Gateway enables inter-region peering for multiple VPCs; Direct Connect is for on-prem, Peering is within a region, and VPN does not support all scenarios directly.
Q168

What happens when a security group is created with no inbound rules?

  • A All traffic is allowed
  • B No inbound traffic allowed
  • C Outbound traffic is restricted
  • D Traffic is selectively filtered
Explanation No inbound rules mean all inbound traffic is denied; the other options misinterpret how security groups work.
Q169

Which service enables scalable cloud computing?

  • A Amazon EC2
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon EC2 provides scalable compute capacity, while others serve different functions.
Q170

A company needs to ensure their VPC has both public and private subnets. What should they do?

  • A Create a single public subnet.
  • B Use NAT Gateways for outbound traffic.
  • C Deploy only private instances.
  • D Disable route tables for security.
Explanation NAT Gateways allow private subnet instances to access the internet while remaining isolated.