Amazon AWS

AWS Certified Advanced Networking – Specialty

ANS-C01
Popular

The AWS Certified Advanced Networking – Specialty (ANS-C01) exam validates your skills in designing and implementing AWS networking solutions. It is suitable for networking professionals looking to specialize in AWS.

468 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 431–440 of 468

Q431

A company needs to isolate its web servers in different subnets for security. What would be the best approach?

  • A Use NACLs only
  • B Use Security Groups
  • C Use both NACLs and Security Groups
  • D Put all servers in one subnet
Explanation Using both NACLs and Security Groups provides layered security and greater control over traffic between subnets.
Q432

What happens when you change the IAM permissions for a user to remove access to S3?

  • A User can still access S3
  • B Access is immediately revoked
  • C Access stays active for 24 hours
  • D Permissions can be overridden by group
Explanation Access is immediately revoked upon changing IAM permissions; no grace period exists.
Q433

Which service can you use to manage VPC peering connections?

  • A VPC console
  • B Route 53
  • C AWS CloudTrail
  • D AWS Config
Explanation VPC console allows management of VPC peering; Route 53 is for DNS, CloudTrail for logging, and Config tracks configurations.
Q434

A company needs high-throughput, low-latency data transfer; which AWS service is best?

  • A Amazon S3
  • B Amazon FSx
  • C Amazon Aurora
  • D AWS Direct Connect
Explanation AWS Direct Connect provides dedicated connection speed, while S3 and Aurora mainly handle data storage and management.
Q435

What happens when you remove a DHCP options set associated with a VPC?

  • A VPC becomes inaccessible
  • B VPC uses default options
  • C All instances lose connectivity
  • D Changes apply to all VPCs
Explanation Removing it reverts to default DHCP options; options A, C, and D are incorrect interpretations of network behavior.
Q436

Which AWS service enables custom domain name management for stored static website content?

  • A Amazon CloudFront
  • B Amazon Route 53
  • C Amazon S3
  • D AWS Lambda
Explanation Amazon Route 53 is specifically designed for DNS and domain management, unlike the other options.
Q437

A company needs to prevent DDoS attacks to its web application. What is the best AWS service to implement?

  • A AWS Shield
  • B Amazon WAF
  • C AWS Firewall Manager
  • D AWS Config
Explanation AWS Shield is tailored specifically for DDoS protection, while the others focus on different aspects of security.
Q438

You are configuring a VPC peering connection. What happens if the route table does not include a route to the peered VPC?

  • A Traffic is automatically routed by AWS
  • B Traffic is blocked to peered VPC
  • C Connection will fail to establish
  • D Traffic uses transit gateway automatically
Explanation Without a specific route for the peered VPC, traffic cannot be routed successfully, blocking access.
Q439

Which AWS service is primarily used for monitoring network traffic?

  • A Amazon CloudWatch
  • B AWS CloudTrail
  • C Amazon Inspector
  • D AWS Shield
Explanation Amazon CloudWatch monitors AWS resources and applications, while others serve different purposes like security or compliance.
Q440

A company needs to ensure its VPC connections to on-premises infrastructure are resilient. What should they implement?

  • A Single Direct Connect connection
  • B VPN CloudHub
  • C Multiple Direct Connect connections
  • D VPC Peering
Explanation Multiple Direct Connect connections provide redundancy compared to single connections or VPNs that serve different use cases.