Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 371–380 of 468

Q371

What happens when an AWS Transit Gateway is configured incorrectly?

  • A Traffic is routed successfully
  • B No VPCs can communicate
  • C Redundant paths created
  • D CloudWatch logs enabled automatically
Explanation An incorrectly configured Transit Gateway can prevent VPCs from communicating, unlike the other options which misrepresent Transit Gateway functionality.
Q372

You are configuring AWS Identity and Access Management (IAM) roles. What is the effect of using a role with trust policy requiring multi-factor authentication (MFA)?

  • A Access without MFA is allowed
  • B MFA prompts are mandatory
  • C Session is longer without MFA
  • D IAM user permissions are overridden
Explanation Using a role with an MFA trust policy mandates MFA for access, while the other options misinterpret IAM role behavior.
Q373

Which AWS service is primarily designed for automating network traffic distribution?

  • A Elastic Load Balancing
  • B Amazon CloudFront
  • C AWS Direct Connect
  • D Amazon VPC Peering
Explanation Elastic Load Balancing automatically distributes incoming application traffic across multiple targets; the others serve different purposes.
Q374

A company needs private connectivity from its on-premises data center to AWS. Which service should they use?

  • A Amazon VPN
  • B AWS Direct Connect
  • C Amazon Route 53
  • D Amazon VPC
Explanation AWS Direct Connect provides dedicated, private network connections; VPNs use the public internet.
Q375

What would happen if two Amazon VPCs with overlapping CIDR blocks are peered?

  • A Peering will succeed
  • B Peering will fail
  • C Traffic is routed correctly
  • D Security will be compromised
Explanation VPC peering does not work with overlapping CIDR blocks; the peering will fail due to routing conflicts.
Q376

Which service is best for monitoring network traffic in AWS?

  • A Amazon CloudWatch
  • B AWS X-Ray
  • C AWS CloudTrail
  • D Amazon VPC Flow Logs
Explanation Amazon VPC Flow Logs captures IP traffic data, while others focus on different aspects of monitoring.
Q377

A company needs high availability for its web application across multiple regions. What should they implement?

  • A Single Region Elastic Load Balancer
  • B Route 53 with Latency Routing
  • C Amazon RDS Multi-AZ Deployment
  • D CloudFront as CDN only
Explanation Route 53 with Latency Routing directs users to the closest region, enhancing availability over single-region solutions.
Q378

You are configuring VPN connections. What happens when the VPN tunnel is down?

  • A Traffic automatically reroutes to another tunnel
  • B All traffic is completely lost
  • C Traffic maintains service through AWS Direct Connect
  • D No traffic flows until tunnel is restored
Explanation When a VPN tunnel is down, traffic does not flow until the tunnel is back up; other options are incorrect.
Q379

Which service can be used to set up a private connection between VPCs?

  • A AWS Direct Connect
  • B AWS VPN
  • C Amazon CloudFront
  • D AWS Transit Gateway
Explanation AWS Transit Gateway connects multiple VPCs, simplifying management, while others focus on point-to-point connections.
Q380

A company needs to provide internet access to private-hosted VPCs without public IP addresses. What should they deploy?

  • A NAT Gateway
  • B Internet Gateway
  • C VPC Peering
  • D VPN Gateway
Explanation NAT Gateways allow private instances to access the internet without public IPs, unlike other options.