Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 251–260 of 468

Q251

A company needs to connect their on-premises data center to a VPC. Which AWS service should they use?

  • A AWS VPN
  • B Amazon CloudWatch
  • C AWS Lambda
  • D AWS Backup
Explanation AWS VPN provides secure connections between on-premises and VPC; the others are unrelated.
Q252

What happens when you configure an AWS security group with both 'allow' and 'deny' rules?

  • A Only allow rules apply
  • B Only deny rules apply
  • C Both rules apply equally
  • D Deny rules override allow rules
Explanation Security groups do not support deny rules; they only allow specific traffic.
Q253

Which AWS service allows you to create a private connection between your VPC and an on-premises network?

  • A AWS Direct Connect
  • B AWS VPN Gateway
  • C AWS Transit Gateway
  • D AWS VPC Peering
Explanation AWS Direct Connect provides a dedicated network connection; others serve different connection methods.
Q254

A company needs high availability for its web application across multiple AWS regions. What is a recommended architecture?

  • A Single-region ALB with multiple EC2
  • B Regional Route 53 failover
  • C Global ALB with cross-region targets
  • D S3 static website in multiple regions
Explanation A Global ALB provides multi-region load balancing; others do not fully enable high availability across regions.
Q255

You are configuring a Security Group for an EC2 instance. What happens when you set an inbound rule to allow traffic from 0.0.0.0/0 on port 22?

  • A Only local requests are allowed
  • B SSH access is globally allowed
  • C Traffic is blocked worldwide
  • D Access is limited to IAM roles
Explanation Allowing traffic from 0.0.0.0/0 on port 22 opens SSH access to all; others describe restrictions not in effect.
Q256

Which service provides a dedicated connection to AWS?

  • A AWS Direct Connect
  • B AWS Lambda
  • C Amazon S3
  • D AWS Elastic Beanstalk
Explanation AWS Direct Connect offers a dedicated connection, while others provide cloud services like storage or serverless functions.
Q257

A company needs to set up periodic EBS volume snapshots. Which API call supports this?

  • A CreateVolume
  • B CreateSnapshot
  • C DescribeVolumes
  • D TerminateInstances
Explanation CreateSnapshot is specifically designed for creating snapshots of EBS volumes, while the other options do not relate to snapshot creation.
Q258

What happens when a VPC peering connection is deleted?

  • A Routes stay active
  • B Security groups are removed
  • C Subnet associations are lost
  • D Traffic stops between VPCs
Explanation Traffic between VPCs ceases immediately upon deletion of the peering connection, while routes and security configurations remain unless changed.
Q259

Which service offers DDoS protection for applications?

  • A AWS Shield
  • B AWS Firewall Manager
  • C Amazon Inspector
  • D AWS WAF
Explanation AWS Shield specifically provides DDoS protection, while the others serve different security functions.
Q260

You are configuring a VPC with public subnets. Which route table will associate the public IP addresses?

  • A Private Route Table
  • B NAT Route Table
  • C Main Route Table
  • D Internet Gateway Route Table
Explanation The Internet Gateway Route Table allows the public subnets to have external access using public IPs.