ANS-C01 dumps
5 Star


Customer Rating & Feedbacks
98%


Exactly Questions Came From Dumps

Amazon ANS-C01 Question Answers

Amazon AWS Certified Advanced Networking - Specialty Dumps July 2026

discount banner
PDF + Test Engine $139  $97
Test Engine
$119  $83
PDF $99  $69

Here are Amazon ANS-C01 PDF available features:

290 questions with answers Updation Date : 16 Jul, 2026
1 day study required to pass exam 100% Passing Assurance
100% Money Back Guarantee Free 3 Months Updates
Amazon ANS-C01 Sample Questions

Question # 21

A company hosts application servers on premises and on Amazon EC2 instances in a VPC. The application servers access data that is hosted in an Amazon S3 bucket through the public internet. The EC2 instances in the VPC use an AWS Site-to-Site VPN for connectivity with the on-premises application servers. New company regulations state that all traffic between the application servers and the S3 bucket must remain private and must not use public IP addresses. Which solution will meet these requirements MOST cost-effectively? 

A.Configure an S3 gateway endpoint Modify the route table with the appropriate route for theendpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.
B.Configure an S3 interface endpoint. Update the on-premises servers and EC2 instances to use theinterface endpoint DNS name to access the S3 bucket.
C.Configure an S3 interface endpoint. Update the on-premises servers to use the interface endpointDNS name to access the S3 bucket. Configure an S3 gateway endpoint. Modify the route table so thatthe EC2 instances use the gateway endpoint.
D.Configure an S3 gateway endpoint. Modify the route table with the appropriate route for theendpoint. Use an S3 bucket policy to restrict access to the gateway endpoint. Configure a proxyserver fleet behind a Network Load Balancer in the VPC so that the on-premises servers can accessthe S3 bucket.


Question # 22

A company uses AWS Site-to-Site VPN connections to encrypt traffic between the company's onpremises location and a single VPC. The Site-to-Site VPN connections use two 1 Gbps AWS Direct Connect connections with public VIFs. The company plans to add 15 additional VPCs in the same AWS Region. The company must maintain the same level of encryption that the Site-to-Site VPN connections currently provide for each connection between the on-premises location and the new VPCs. The new connections must not use public IP addresses. The bandwidth of the Site-to-Site VPN connections will remain less than the current provisioned speed. Which combination of steps will meet these requirements with LEAST operational overhead? (Choose three.) 
 

A.Create a transit gateway and a Direct Connect gateway. Associate the transit gateway with theDirect Connect gateway. Attach all the new VPCs to the transit gateway.
B.For each new VPC, create a new Direct Connect private VIF to a Direct Connect gateway.Associate all VPCs with the Direct Connect gateway.
C.Assign a private IP CIDR block to the transit gateway.
D.Assign a public IP CIDR block to the transit gateway.
E.Create a transit VIF to the Direct Connect gateway. Create a Site-to-Site VPN private IP VPNconnection.Create a public VIF.
F.Create a Site-to-Site VPN public IP VPN connection.


Question # 23

A company has an application VPC and a networking VPC that are connected through VPC peering. The networking VPC contains a Network Load Balancer (NLB). The application VPC contains Amazon EC2 instances that run an application. The EC2 instances are part of a target group that is associated with the NLB in the networking VPC. The company configures a third VPC and peers it to the networking VPC. The new VPC contains a new version of the existing application. The new version of the application runs on new EC2 instances in an application subnet. The new version of the application runs in a different Availability Zone than that original version of the application. The company needs to establish connectivity between the NLB and the new version of the application. Which combination of steps will meet this requirement? (Choose three.) 

A.Register the new application EC2 instances with the NLB by using the instance IDs.
B.Register the new application EC2 instances with the NLB by using instance IP addresses.
C.Configure the NLB in the Availability Zone where the new application EC2 instances run.
D.Configure the NLB to use zonal shift.
E.Configure the network ACL for the application subnet in the new VPC to allow outboundconnections.
F.Configure the network ACL for the application subnet in the new VPC to allow inboundconnections and outbound connections.


Question # 24

A company is migrating its internet VPN connections to dedicated AWS Direct Connect connections. The company needs to set up the Direct Connect connections so that all network communications are encrypted in transit. Which combination of steps will meet this requirement? (Choose three.) 

A.Create new Direct Connect connections while requesting MACsec ports.
B.Create a MACsec Connectivity Association Key Name (CKN) and Connectivity Association Key(CAK) pair. Associate the pair with each new connection
C.Update the on-premises routers to use MACsec and the shared Connectivity Association Key Name(CKN) and Connectivity Association Key (CAK) pair
D.Create a shared key for an IPsec connection.
E.Configure a new Direct Connect gateway. Associate the shared key with the new Direct Connectgateway.
F.Set up IPsec on the on-premises router. Associate the shared key with the IPsec configuration.


Question # 25

A company runs workloads in multiple VPCs. The company needs to securely access a workload in one of the VPCs, named VPC-A, from an on-premises data center. A network engineer sets up an AWS Site-to-Site VPN connection to a transit gateway. The network engineer configures dynamic routing for the connection, and communication works properly. Recently, the owner of VPC-A added another CIDR range to the VPC. The VPC-A owner created workloads that use the additional CIDR range. The company's on-premises network is unable to reach the new workloads. The network engineer needs to resolve the network connectivity issue and ensure that connectivity will not be affected if additional VPC CIDR ranges are added to the VPC in the future. Which solution will meet these requirements with the MOST operational efficiency? 

A.Configure route propagation for VPC-A to the VPN attachment route table.
B.Manually update the VPN attachment route table to include the new CIDR range.
C.Configure an Amazon EventBridge rule to invoke an AWS Lambda function when the rule tomatches an update to the VPC-A CIDR range. Configure the Lambda function to update the VPNattachment route table.
D.Configure an Amazon CloudWatch alarm to invoke an AWS Lambda function when there is anupdate to the VPC-A CIDR range. Configure the Lambda function to update the VPN attachmentroute table. Restart the VPN tunnels.


Question # 26

A company runs applications in two VPCs that are in separate AWS Regions. One VPC is in the useast1 Region. The second VPC is in the us-west-1 Region. The company needs to establish connectivity between the two VPCs. The company also needs to connect the VPCs to applications that run in an on-premises data center. The current traffic requirement between the VPCs is 50 ТВ per month. The company expects traffic volume between the VPCs to increase. The traffic requirement from the VPCs to the on-premises data center is 10 ТВ per month. The company expects the traffic between the VPCs and the data center to remain constant.
Which solution will meet these requirements MOST cost-effectively?  
 

A.Create a transit gateway in each Region. Create VPN connections from the transit gateways to theon-premises firewall. Create a peering connection between the transit gateways.
B.Create a virtual private gateway in each Region. Create VPN connections from the on-premisesfirewall to the virtual private gateways. Configure the on-premises firewall to route the trafficbetween the two VPCs.
C.Create a virtual private gateway in each Region. Create VPN connections from the on-premisesfirewall to the virtual private gateways. Create a VPC peering connection between the two VPCs.
D.Create a virtual private gateway in each Region. Create VPN connections from the on-premisesfirewall to the virtual private gateways. Create a VPN connection between the virtual privategateways.


Question # 27

A US-based company is expanding its business to Europe. A network engineer needs to extend the company's network infrastructure by setting up a new hub and spoke architecture in the eu-west-1 Region. The network engineer uses a transit gateway peering connection to connect the new resources in eu-west-1 to an existing environment in the us-east-1 Region. The hub and spoke architecture in each AWS Region includes an inspection VPC that uses AWS Network Firewall to centralize traffic inspection for each Region. To reduce costs, the network
engineer decides to inspect inter-Region traffic by using the inspection VPC in the Region that originates the traffic. The network engineer configures the transit gateway route tables accordingly for each Region. When the network engineer tests the new architecture, communication within each Region works as expected. However, the network engineer finds that inter-Region communication is not working. The network engineer must resolve the inter-Region communication issue. Which solution will meet this requirement?  

A.Configure Open Shortest Path First (OSPF) routing on the transit gateway peering connection topropagate the VPC CIDR blocks from each Region to the remote peer.
B.Use AWS Resource Access Manager (AWS RAM) to share access between the transit gateways.Enable the Allow sharing with anyone setting.
C.Prevent asymmetric routing in the inspection VPCs by ensuring that both requests and responsesare inspected by the same inspection VPC
D.Enable Appliance mode on both the transit gateway attachments for the inspection VPC.


Question # 28

A company needs to capture and log traffic for Nitro-based Amazon EC2 instances to comply with regulations. The company's network team has prepared a solution that enables VPC traffic mirroring and sends traffic to a second set of EC2 instances in an Auto Scaling group. The network team has added a Network Load Balancer (NLB) in front of the EC2 instances the traffic will be sent to. However, the solution does not send any mirrored traffic to the EC2 instances that are behind the NLB. How should the network team configure traffic mirroring to use the NLB endpoint? 

A.Select the NLB as a source for traffic mirroring. Use a UDP listener.
B.Select the NLB as a target for traffic mirroring. Use a TCP listener and a UDP listener.
C.Select the NLB as a target for traffic mirroring. Use a TCP listener.
D.Select the NLB as a target for traffic mirroring. Use a UDP listener.


Question # 29

A company has a hybrid environment that connects an on-premises data center to the AWS Cloud. The hybrid environment uses a 10 Gbps AWS Direct Connect dedicated connection. The Direct Connect connection has multiple private VIFs that terminate in multiple VPCs. To comply with regulations, the company must encrypt all WAN traffic, regardless of the underlying transport. The company needs to implement an encryption solution that will not affect the company's bandwidth capacity. Which solution will meet these requirements? 

A.Create a public VIF. Configure a new AWS Site-to-Site VPN connection to use the new public VIF.
B.Configure MAC security (MACsec) support on the port of the existing Direct Connect connection.Change the encryption mode to must_encrypt.
C.Configure a new Direct Connect connection that supports MAC security (MACSec) Associate theexisting VIFs to the new Direct Connect connection.
D.Create a public VIF. Configure a new private IP VPN that uses the Direct Connect connection.


Question # 30

A company has five VPCs in the us-east-1 Region. The company hosts an internal web application in us-east-1. One of the company's VPCs. named VPC-A, needs to connect to an external partner's AWS environment. The partners environment is in the same AWS Region where the partner hosts a new version of the company's web application. The partner hosts its version of the application in a VPC named VPC-B. The company has Amazon EC2 instances in VPC-A that need to connect to the web application in VPC-B A network engineer notices that the partner's VPC-B and the company's VPC-A use the same IP space. The network engineer needs a solution to allow the EC2 instances to connect to the web application. The solution must not negatively affect the exiting environment of the company or the partner. Which combination of steps should the network engineer take meet these requirements? (Choose two.) 

A.Establish a VPC peering connection between VPC-A to VPC-B.
B.Ensure the partner creates a VPC endpoint service that uses a Network Load Balancer in VPC-B.
D.Deploy a new routable VPC CIDR block as a secondary CIDR block to both VPC-A and VPC-B. Deploy a public NAT gateway in VPC-A.
E.Establish an AWS Site-to-Site VPN connection between VPC-A and VPC-B.


12345678910

Download All 290 Questions Check Customers Feedbacks