Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 381–390 of 468

Q381

What happens when you attach a policy to an IAM role that denies all actions?

  • A Allows actions from AWS services
  • B Denies actions for that role only
  • C Overrides inherited permissions
  • D No impact on users or roles
Explanation A deny policy overrides any allow permissions, affecting inherited roles effectively.
Q382

Which service provides a managed directory for staff and resources in AWS?

  • A Amazon RDS
  • B Amazon WorkDocs
  • C AWS Managed Microsoft AD
  • D Amazon Cognito
Explanation AWS Managed Microsoft AD offers a fully managed directory service, while others serve different purposes.
Q383

A company needs stateful filtering of network traffic only from specific IP addresses. What should they use?

  • A NAT Gateway
  • B Security Groups
  • C Network ACLs
  • D AWS Firewall Manager
Explanation Security Groups allow stateful filtering based on IP and other parameters, whereas Network ACLs are stateless.
Q384

What happens when you attach a VPC to an AWS Transit Gateway?

  • A Internet access is enabled globally
  • B VPN connections are automatically routed
  • C The VPC loses local routing rules
  • D All peering connections get deleted
Explanation Connecting a VPC to a Transit Gateway allows automatic routing of VPN connections, while other options are incorrect states or implications.
Q385

Which AWS service can manage multiple VPCs in different regions?

  • A AWS Transit Gateway
  • B Route 53
  • C Direct Connect
  • D CloudFormation
Explanation AWS Transit Gateway facilitates connections between multiple VPCs globally; the others don't manage VPCs directly.
Q386

A company needs to securely connect on-premises networks to AWS. Which service is most suitable?

  • A AWS VPN
  • B AWS Direct Connect
  • C AWS Global Accelerator
  • D Amazon CloudFront
Explanation AWS Direct Connect provides the most secure, private connection; the other options do not offer the same level of direct network integration.
Q387

What happens when you enable VPC flow logs on a subnet?

  • A All traffic is blocked
  • B Traffic is logged to S3
  • C Only SSH traffic is logged
  • D Increased latency for connections
Explanation Enabling VPC flow logs records traffic to S3; the other options are incorrect interpretations of the flow log function.
Q388

Which AWS service is best for building serverless applications?

  • A AWS Lambda
  • B Amazon EC2
  • C Amazon RDS
  • D AWS Elastic Beanstalk
Explanation AWS Lambda is designed for serverless computing, while the others require server management.
Q389

A company needs to connect its on-premises network to AWS over a private connection. Which service should they use?

  • A AWS Direct Connect
  • B AWS VPN
  • C AWS CloudFormation
  • D AWS Snowball
Explanation AWS Direct Connect provides a dedicated private connection, unlike VPN that uses public internet.
Q390

You are configuring VPC peering between two VPCs in different regions. What happens when CIDR blocks overlap?

  • A Connection succeeds with no issues
  • B Connection fails due to overlap
  • C Requires manual CIDR adjustment
  • D Only some subnets connect
Explanation VPC peering cannot be established if CIDR blocks overlap, ensure they are disjoint.