Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 261–270 of 468

Q261

A company needs to manage multiple AWS accounts. What is the best service for this requirement?

  • A AWS Organizations
  • B AWS Control Tower
  • C AWS IAM
  • D Amazon CloudWatch
Explanation AWS Organizations enables the management of multiple accounts effectively, whereas the others do not directly manage account structures.
Q262

Which service provides a dedicated connection to AWS?

  • A AWS Direct Connect
  • B AWS VPN
  • C AWS Transit Gateway
  • D AWS CloudFormation
Explanation AWS Direct Connect offers a physical, dedicated connection, while VPNs use internet connections and other options don't provide direct links.
Q263

A company needs to connect their on-premises data center to an AWS VPC with low latency. Which service is the best choice?

  • A AWS VPN
  • B AWS Direct Connect
  • C AWS Snowball
  • D Amazon VPC Peering
Explanation AWS Direct Connect is tailored for low-latency, high-throughput connections, while VPNs are subject to latency from Internet connections.
Q264

You are configuring Route 53 for a multi-region application. What happens if an endpoint in one region fails?

  • A All traffic is rerouted to another region automatically.
  • B Traffic remains until manually redirected.
  • C Route 53 does not handle region failures.
  • D Only cached DNS records are used.
Explanation Route 53 can automatically reroute traffic based on health checks, while the other options do not provide automatic responses.
Q265

A company needs its resources to be accessible globally with low latency. Which AWS service should they use?

  • A Amazon CloudFront
  • B AWS Direct Connect
  • C Amazon S3
  • D AWS Snowball
Explanation Amazon CloudFront is a global CDN, whereas the other options serve different purposes.
Q266

What happens when you associate an IAM role with an EC2 instance?

  • A Instance runs without any permissions.
  • B Instance gets the role's permissions.
  • C Role permanently locks EC2 instance.
  • D Instance forgets IAM credentials.
Explanation The EC2 instance assumes the IAM role's permissions to access resources.
Q267

You are configuring VPC peering between two VPCs in different AWS accounts. Which of the following is required?

  • A Both VPCs must have same CIDR.
  • B One VPC owns another.
  • C Accept the peering connection.
  • D VPCs must be in same region.
Explanation You must accept the peering connection to establish the link.
Q268

Which service provides managed DDoS protection for AWS resources?

  • A AWS Shield
  • B AWS WAF
  • C Amazon GuardDuty
  • D AWS Firewall Manager
Explanation AWS Shield is specifically designed for DDoS protection, while others focus on different security aspects.
Q269

A company needs to connect its on-premises network to its AWS VPC securely. What service should they use?

  • A AWS Direct Connect
  • B AWS Site-to-Site VPN
  • C AWS Transit Gateway
  • D AWS PrivateLink
Explanation AWS Site-to-Site VPN allows secure connections to a VPC, while Direct Connect is more suited for dedicated lines.
Q270

You are configuring an AWS Security Group. What happens if you define a rule that allows traffic from an IP range but the associated NACL denies it?

  • A Traffic is allowed
  • B Traffic is denied
  • C Only some traffic is allowed
  • D Traffic is logged but not permitted
Explanation Network ACLs are stateless and take precedence over Security Group rules, so traffic will be denied.