Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 291–300 of 468

Q291

You are configuring DNS settings for a domain in Route 53. What happens if you set a record with a TTL of 0?

  • A Caches the response indefinitely
  • B No caching occurs
  • C Reduces DNS query load
  • D Increases response time
Explanation A TTL of 0 means responses are not cached; other options incorrectly imply reduced caching or performance improvements which do not relate to TTL behavior.
Q292

Which service is best for real-time streaming data processing?

  • A Amazon Kinesis
  • B Amazon S3
  • C AWS Lambda
  • D Amazon RDS
Explanation Amazon Kinesis is designed for real-time data streaming; S3 is for storage, Lambda is for serverless computing, and RDS is for relational databases.
Q293

A company needs to create a secure VPN connection to AWS. Which service should they use?

  • A AWS Direct Connect
  • B AWS Site-to-Site VPN
  • C Amazon VPC Peering
  • D AWS Transit Gateway
Explanation AWS Site-to-Site VPN facilitates secure VPN connections; Direct Connect is for dedicated connections, Peering is for VPCs, and Transit Gateway is for connecting VPCs.
Q294

What happens when you enable Dual Stack in an AWS VPC?

  • A IPv4 connectivity only
  • B IPv6 connectivity only
  • C Both IPv4 and IPv6
  • D S3 storage availability increases
Explanation Dual Stack enables both IPv4 and IPv6; options A and B only support one protocol, and D is irrelevant.
Q295

Which of the following services provides private connectivity between AWS and on-premises environments?

  • A AWS Direct Connect
  • B AWS VPN
  • C AWS Transit Gateway
  • D Amazon Route 53
Explanation AWS Direct Connect provides a dedicated network connection, while the others offer different connectivity methods or services.
Q296

A company needs to ensure that S3 buckets can only be accessed from a specific IP address range. What should they implement?

  • A S3 lifecycle policies
  • B S3 bucket policy
  • C CloudFront CDN
  • D IAM user policy
Explanation An S3 bucket policy can restrict access based on IP addresses, while the other options serve different purposes.
Q297

What happens when you configure a security group to allow all outbound traffic, but restrict inbound traffic to port 80 only?

  • A All traffic is blocked
  • B Only HTTP traffic is allowed
  • C No traffic is allowed
  • D Only outbound traffic is unrestricted
Explanation This configuration allows all outbound traffic while restricting inbound access to port 80, thus permitting unrestricted outbound communications.
Q298

Which service offers a fully managed VPN solution?

  • A AWS VPN
  • B AWS Lambda
  • C Amazon EC2
  • D AWS CloudFormation
Explanation AWS VPN provides a managed VPN solution, unlike Lambda, EC2, or CloudFormation.
Q299

A company needs to isolate resources in a multi-tenant environment. What should they use?

  • A VPC Peering
  • B Security Groups
  • C AWS Organizations
  • D AWS CloudTrail
Explanation AWS Organizations enables resource isolation across accounts, while others don't provide tenant isolation.
Q300

You are configuring Direct Connect for a large enterprise. What happens if the BGP peering fails?

  • A All traffic is lost immediately
  • B Traffic is rerouted to the internet
  • C Traffic stops but remains local
  • D Remaining uptime is monitored actively
Explanation If BGP fails, traffic reroutes to the internet instead of being lost, maintaining connectivity.