Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 201–210 of 468

Q201

You are configuring AWS Security Groups and you want to allow database access only from a specific IP range. What happens if you leave the inbound rule empty?

  • A All traffic is denied
  • B Traffic is allowed from everywhere
  • C Only SSH access is allowed
  • D No outbound traffic allowed
Explanation By default, security groups deny all inbound traffic unless specified otherwise.
Q202

Which service provides a dedicated connection from your on-premises network to AWS?

  • A AWS Direct Connect
  • B AWS VPN
  • C AWS CloudFront
  • D AWS Route 53
Explanation AWS Direct Connect establishes a dedicated line, while VPN uses an internet connection.
Q203

A company needs real-time monitoring of their VPC’s traffic. What should they use?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon GuardDuty
  • D VPC Flow Logs
Explanation VPC Flow Logs provides real-time traffic visibility, unlike the other options.
Q204

You are configuring a new NAT Gateway in a public subnet. What must you ensure?

  • A Subnet does not have a route table
  • B Public IP or Elastic IP is assigned
  • C Security groups allow all traffic
  • D Subnet is set to private
Explanation A public or Elastic IP is necessary for NAT Gateways to function properly.
Q205

Which service is primarily used for storing large-scale datasets in AWS?

  • A Amazon S3
  • B Amazon EC2
  • C Amazon RDS
  • D AWS Lambda
Explanation Amazon S3 is designed for large-scale data storage, while the other services cater to different functionalities.
Q206

A company needs to connect multiple VPCs across different regions. Which AWS service should they use?

  • A AWS Transit Gateway
  • B Amazon Direct Connect
  • C AWS VPN
  • D Amazon CloudFront
Explanation AWS Transit Gateway allows inter-region VPC connectivity, while the others serve different purposes.
Q207

You are configuring security groups for an application. What happens when you remove an inbound rule?

  • A Traffic is blocked for that rule
  • B All traffic is allowed
  • C Existing connections are terminated
  • D Changes only apply after reboot
Explanation Removing an inbound rule blocks the specified type of traffic, while the other options describe incorrect behaviors.
Q208

Which service allows you to create isolated cloud networks?

  • A Amazon VPC
  • B AWS Route 53
  • C AWS CloudFormation
  • D Amazon RDS
Explanation Amazon VPC is designed for creating isolated networks in the cloud. The others serve different purposes such as DNS, resource management, and databases.
Q209

A company needs to connect its on-premises data center to AWS securely. What should they use?

  • A Amazon Direct Connect
  • B Elastic Load Balancer
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon Direct Connect provides a dedicated network connection for secure and consistent connectivity. The other options do not specifically address connecting data centers.
Q210

You are configuring a security group for an EC2 instance. What happens if you leave all inbound rules empty?

  • A All inbound traffic is allowed.
  • B No inbound traffic is allowed.
  • C Only HTTP traffic is blocked.
  • D SSH access is permitted by default.
Explanation An empty inbound rules configuration means no traffic is allowed. The other options incorrectly imply permissions or defaults that do not exist.