Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 411–420 of 468

Q411

What happens when you configure an NACL to deny all incoming traffic?

  • A No traffic is blocked.
  • B Only inbound connections are denied.
  • C All outbound traffic is blocked.
  • D Inbound connections are rejected.
Explanation The NACL denies all inbound connections, however, outbound traffic is not affected unless explicitly denied.
Q412

Which service provides AWS Direct Connect alternatives for hybrid cloud?

  • A AWS Transit Gateway
  • B Amazon VPC Peering
  • C AWS Site-to-Site VPN
  • D AWS Gateway Load Balancer
Explanation AWS Site-to-Site VPN allows secure connections to hybrid environments, while others don't specifically target this use case.
Q413

A company needs high availability for its web application across multiple regions. What should it use?

  • A AWS Global Accelerator
  • B Amazon S3
  • C AWS Lambda
  • D Amazon RDS Multi-AZ
Explanation AWS Global Accelerator enhances availability and performance across regions, while others do not provide cross-region traffic management.
Q414

What happens when you assign a security group that denies all inbound traffic to an EC2 instance?

  • A All traffic will be accepted.
  • B Traffic from the same VPC is allowed.
  • C Only outbound traffic is denied.
  • D No inbound traffic will be allowed.
Explanation Denying all inbound traffic blocks external access to the EC2 instance, while others misrepresent the effect on traffic flows.
Q415

Which service provides a virtual private cloud?

  • A Amazon VPC
  • B AWS Shield
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon VPC creates isolated virtual networks; others do not.
Q416

A company needs to connect its on-premises network with AWS securely. What is the best service for this purpose?

  • A AWS Direct Connect
  • B Amazon CloudFront
  • C Amazon EC2
  • D AWS Storage Gateway
Explanation AWS Direct Connect provides secure, dedicated connectivity.
Q417

What happens when an IAM policy is attached to a user?

  • A User gains permissions defined in the policy
  • B User loses all previous permissions
  • C Policy overwrites previous policies
  • D Policy creates a new user role
Explanation Attached policies grant users specified permissions; other options are incorrect.
Q418

Which service is best for analyzing VPC flow logs?

  • A Amazon Athena
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon Athena allows SQL queries on log data stored in S3; RDS is for databases but not logs, Lambda processes data but doesn’t analyze them directly, and S3 is a storage solution without analysis functionality.
Q419

A company needs to apply network segmentation in a shared VPC. What should they use?

  • A Security Groups
  • B VPC Peering
  • C Route Tables
  • D Network ACLs
Explanation Network ACLs provide stateless filtering across subnets; Security Groups act at the instance level, VPC Peering connects VPCs, and Route Tables control traffic flow but not segmentation.
Q420

What happens when you disable an Elastic IP address?

  • A It gets released to Amazon
  • B Instance connectivity is lost
  • C Public routing stops temporarily
  • D It remains associated with the instance
Explanation Disabling an Elastic IP retains its association to the instance; it's not released or immediately shows any impact on connectivity, while releasing it would sever the connection.