ANS-C01 dumps
5 Star


Customer Rating & Feedbacks
98%


Exactly Questions Came From Dumps

Amazon ANS-C01 Question Answers

Amazon AWS Certified Advanced Networking - Specialty Dumps July 2026

discount banner
PDF + Test Engine $139  $97
Test Engine
$119  $83
PDF $99  $69

Here are Amazon ANS-C01 PDF available features:

290 questions with answers Updation Date : 16 Jul, 2026
1 day study required to pass exam 100% Passing Assurance
100% Money Back Guarantee Free 3 Months Updates
Amazon ANS-C01 Sample Questions

Question # 31

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are part of an Amazon EC2 Auto Scaling group. To comply with new security standards, the company must capture all application access data, including server response codes, request paths, latency, and client IP addresses. The company also needs to query the captured data for performance analysis. Which solution will meet these requirements? 

A.Enable VPC flow logs on the ALB subnets. Store the logs to an Amazon S3 bucket. Query the logs inthe S3 bucket by using Amazon Athena.
B.Configure Amazon VPC Traffic Mirroring on all EC2 elastic network interfaces. Deploy a third-partymonitoring appliance from AWS Marketplace in a private subnet. Use Amazon Data Firehose to sendall mirrored traffic to the monitoring appliance. Query the logs directly from the monitoringappliance.
C.Configure Amazon CloudWatch detailed monitoring on the EC2 instances Include all available logs.Use Amazon Data Firehose to send all the collected logs to an Amazon S3 bucket. Query the datadirectly from the S3 bucket.
D.Enable access logs on the ALB. Store the logs in an Amazon S3 bucket. Query the logs in the S3bucket by using Amazon Athena.


Question # 32

A company is planning to migrate to AWS and use multiple VPCs in multiple AWS Regions. A network engineer must connect the eu-west-1 and eu-central-1 Regions to the company headquarters and branch office, respectively
The network engineer created a production VPC, named Prod A, with a CIDR block of 10.0.0.0. Prod A runs in an account in eu-west-1. The network engineer then created another production VPC, named Prod B, with a CIDR block of 10.1.0.0. Prod Ð’ runs in a different account in eu-central-1. The network engineer performed the following steps to try to achieve the required connectivity: 1.Created one transit gateway in each Region 2.Shared and accepted the transit gateways with the production accounts in both Regions 3.Configured the peering attachment between both transit gateways 4.Attached both VPCs to the respective Region transit gateway 5.Created both transit gateway route tables and associated the attachments with the route tables 6.Configured a static route in both transit gateway route tables to send traffic to the remote VPC in the other Region 7.Activated route propagation on the VPC route tables in each Region After the configuration, the network engineer tried to connect from Prod A to Prod B. However, the connection was unsuccessful. What should the network engineer do to achieve the required connectivity?  

A.Modify the IP address of the peering attachment to a wider range.
B.Delete the static routes that were in the transit gateway route table to send traffic to the remoteVPC and enable route propagation instead.
C.Create a new route destined to 10.0.0.0 in both production VPC route tables with the Regiontransit gateway as the target.
D.Modify the transit gateway route tables from the production accounts to propagateroutes dynamically between the production VPCs.


Question # 33

A company is planning to use an AWS Transit Gateway hub and spoke architecture to migrate to AWS. The current on-premises multi-protocol label switching (MPLS) network has strict controls that enforce network segmentation by using MPLS VPNs. The company has provisioned two 10 Gbps AWS Direct Connect connections to provide resilient, high-speed, low-latency connectivity to AWS.
A security engineer needs to apply the concept of network segmentation to the AWS environment to ensure that virtual routing and forwarding (VRF) is logically separated for each of the company's software development environments. The number of MPLS VPNs will increase in the future. Onpremises MPLS VPNs will have overlapping address space. The company's AWS network design must support overlapping address space for the VPNs. Which solution will meet these requirements with the LEAST operational overhead?  

A.Deploy a software-defined WAN (SD-WAN) head-end virtual appliance and an SD-WAN controllerinto a Transit Gateway Connect VPC. Configure the company's edge routers to be managed by thenew SD-WAN controller and to use SD-WAN to segment the traffic into the defined segments foreach of the company's development environments.
B.Configure IPsec VPNs on the company edge routers for each MPLS VPN for each of thecompany's development environments. Attach each IPsec VPN tunnel to a discrete MPLS VPN.Configure AWS Site-to-Site VPN connections that terminate at a transit gateway for each MPLSVPN. Configure a transit gateway route table that matches the MPLS VPN for each Transit GatewayVPN attachment.
C.Create a transit VPC that terminates at the AWS Site-to-Site VRF-aware IPsec VPN. Configure IPsecVPN connections to each VPC for each of the company's development environment VRFs
D.Configure a Transit Gateway Connect attachment for each MPLS VPN between the company's edgerouters and Transit Gateway. Configure a transit gateway route table that matches the MPLS VPN foreach of the company's development environments.


Question # 34

A company is planning to host a secure web application across multiple Amazon EC2 instances. The application will have an associated DNS domain in an Amazon Route 53 hosted zone. The company wants to protect the domain from DNS poisoning attacks. The company also wants to allow web browsers to authenticate into the application by using a trusted third party. Which combination of actions will meet these requirements? 

A.Configure the Route 53 hosted zone to use DNS Security Extensions (DNSSEC). Install self-signedX.509 certificates on the EC2 instances.
B.Configure a Name Authority Pointer (NAPTR) record in the Route 53 hosted zone. Install X 509certificates that are signed by a public certificate authority on the EC2 instances.
C.Configure the Route 53 hosted zone to use DNS Security Extensions (DNSSEC). Install X.509certificates that are signed by a public certificate authority on the EC2 instances.
D.Configure a Name Authority Pointer (NAPTR) record in the Route 53 hosted zone. Install selfsignedX.509 certificates on the EC2 instances.


Question # 35

A companys data center is connected to a single AWS Region by an AWS Direct Connect dedicated connection. The company has a single VPC in the Region. The company stores logs for all its applications locally in the data center. The company must keep all application logs for 7 years. The company decides to copy all application logs to an Amazon S3 bucket. Which solution will meet these requirements? 

A.Create a public VIF on the Direct Connect connection. Create an Amazon S3 gateway endpoint inthe VPC.
B.Create a private VIF on the Direct Connect connection. Create an Amazon S3 gateway endpoint inthe VPC.
C.Create a private VIF on the Direct Connect connection. Create an Amazon S3 interface endpoint inthe VPC.
D.Create a public VIF on the Direct Connect connection. Create an Amazon S3 interface endpointin the VPC.


Question # 36

A global company is establishing network connections between the company's primary and secondary data centers and a VPC. A network engineer needs to maximize resiliency and fault tolerance for the connections. The network bandwidth must be greater than 10 Gbps. Which solution will meet these requirements MOST cost-effectively? 

A.Set up a 100 Gbps connection at the primary data center that terminates at an AWS DirectConnect location. Set up a second 100 Gbps connection at the secondary data center that terminatesat a second Direct Connect location. Ensure the connections are managed by separate providers.
B.Set up a 10 Gbps connection at the primary data center that terminates at an AWS Direct Connectlocation. Set up a second 10 Gbps connection at the secondary data center that terminates at asecond Direct Connect location. Ensure the connections are managed by separate providers.
C.Set up two 10 Gbps connections at the primary data center that terminate at one AWS Direct Connect location. Ensure the connections are managed by separate providers. Set up two 10 Gbpsconnections at the secondary data center that terminate at a second Direct Connect location. Ensurethe connections are managed by separate providers.
D.Set up a 10 Gbps connection at the primary data center that terminates at an AWS Direct Connectlocation. Set up an AWS Site-to-Site VPN connection at the secondary data center that terminates ata virtual private gateway in the same Region as the companys VPC.


Question # 37

A company has 10 Amazon EC2 instances that run web server software in a production VPC. The company also has 10 web servers that run in an on-premises data center. The company has a 10 Gbps AWS Direct Connect connection between the on-premises data center and the production VPC. The data center uses the 10.100.0.0 CIDR block. The company needs to implement a load balancing solution that receives HTTPS traffic from thousands of external users. The solution must distribute the traffic across the web servers on AWS and the web servers in the data center. Regardless of the location of the web servers, HTTPS requests must go to the same web server for the duration of the session. Which solution will meet these requirements? 

A.Deploy a Network Load Balancer (NLB) in the production VPC. Create one target group for the EC2Instances and a second target group for the on-premises servers. Specify IP as the target type.Register the EC2 instances and the on-premises servers with the target groups. Enable connectiondraining on the NLB.
B.Deploy an Application Load Balancer (ALB) in the production VPC. Create one target group for theEC2 Instances and a second target group for the on-premises servers. Specify IP as the target type.Register the EC2 instances and the on-premises servers with the target groups. Enable applicationbasedsticky sessions on the ALB.
C.Deploy a Network Load Balancer (NLB) in the production VPC. Create one target group for theEC2 Instances and a second target group for the on-premises servers. Specify instance as the targettype. Register the EC2 instances and the on-premises servers with the target groups. Enable stickysessions on the NLB.
D.Deploy an Application Load Balancer (ALB) in the production VPC. Create one target group forthe EC2 Instances and a second target group for the on-premises servers. Specify instance as the targettype. Register the EC2 instances and the on-premises servers with the target groups. Enableapplication-based sticky sessions on the ALB. 


Question # 38

A company runs workloads in multiple VPCs in the us-east-1 Region. The VPCs are connected to a transit gateway. An AWS Direct Connect connection provides private connectivity between a data center that is in the US and the transit gateway. A Direct Connect gateway is associated with the transit gateway. The company has recently opened a new office location in London. The company plans to launch cloud services in multiple VPCs in the eu-west-2 Region. Users in the new London office must have private access to the workloads that run in us-east-1. Users in the US data center must have access to any workloads that are created in eu-west-2. A network engineer must implement a flexible solution that provides users the required access. The solution must be able to accommodate future growth. Which solution will meet these requirements with the LEAST operational effort? 

A.Create an AWS Site-to-Site VPN connection from the London office to the Direct Connect gatewayin us-east-1.
B.Establish a new Direct Connect connection for the London office. Attach the new Direct Connectconnection to the existing Direct Connect gateway. Create a transit gateway in eu-west-2. Associatethe new transit gateway with the existing Direct Connect gateway. Create a peering connectionbetween the transit gateways in us-east-1 and eu-west-2.
C.Create an AWS Site-to-Site VPN connection from the London office to each of the VPCs that are inus-east-1.
D.Establish a new AWS Direct Connect connection for the London office Create a new Direct Connectgateway and a transit gateway in eu-west-2. Attach the new Direct Connect connection to the newDirect Connect gateway. Create a peering connection between the transit gateways in us-east-1 andeu-west-2.


Question # 39

A finance company runs multiple applications on Amazon EC2 instances in two VPCs that are within a single AWS Region. The company uses one VPC for stock trading applications. The company uses the second VPC for financial applications. Both VPCs are connected to a transit gateway that is configured as a multicast router. In the stock trading VPC, an EC2 instance that has an IP address of 10.128.10.2 sends trading data over a multicast network to the 239.10.10.10 IP address on UDP Port 5102. The company recently launched two new EC2 instances in the financial application VPC. The new EC2 instances need to receive the multicast stock trading data from the EC2 instance that is in the stock trading VPC. Which combination of steps should the company take to meet this requirement? (Choose three.) 

A.Add the elastic network interfaces of the two new EC2 instances as members of the multicastgroup by using the group IP address of 239.10.10.10.
B.Add an inbound rule to the security groups that are attached to the multicast receiver instances.Configure the rule as follows:Protocol: IGMP Version 2. Port: 5102, and Source: 239 10.10.10
C.Create associations to two EC2 instance IDs on the financial application VPC transit gatewayattachment under the transit gateway multicast domain
D.Create an association to EC2 instance subnets on the financial application VPC transit gatewayattachment under the transit gateway multicast domain.Add an inbound rule to the security groups that are attached to the multicast receiver instances.Configure the rule as follows.E.Protocol: UDP, Port: 5102, and Source: 10.128.10.2F.Add an inbound rule to the security groups that are attached to the multicast receiver instances.Configure the rule as follows:Protocol: IGMP Version 2. Port: All, and Source: 0 0.0.0 


Question # 40

A logistics company has multiple VPCs in an AWS Region. The company uses a transit gateway to connect the VPCs. The company has several on-premises offices that connect to the transit gateway by using AWS Site-to-Site VPN connections over the internet. The company has configured one transit gateway VPN attachment for each office. Route propagation is enabled on all route tables. Each Site-to-Site VPN connection uses two tunnels in an active-passive configuration. The company configured each office with appropriate static routes on both the Site-to-Site VPN connection and the offices customer gateway. The company wants to use both IPsec tunnels of every office to maximize the overall VPN connection bandwidth. Which design changes are necessary to meet these requirements? 

A.Create an AWS Transit Gateway Connect attachment for each office Use the existing VPNattachments as the transport for the new Connect attachments. Set up a Generic RoutingEncapsulation (GRE) tunnel on each customer gateway that terminates on the Connect attachmentfor each office. Move the static routes from the transit gateway VPN attachment to the customergateway for the transit gateway Connect attachment.
B.Enable equal-cost multi-path (ECMP) routing on the transit gateway. Ensure ECMP is supportedby and enabled on the customer gateways. Enable ECMP on the Site-to-Site VPN connection. Ensurestatic routes on the customer gateways have equal metrics and administrative distance
C.Enable equal-cost multi-path (ECMP) routing on the transit gateway. (Ensure ECMP is supported byand enabled on the customer gateways. Change the routing configuration between the transitgateway and the customer gateways from static routing to BGP. Remove related static routes fromthe customer gateways.
D.Enable equal-cost multi-path (ECMP) routing on the transit gateway. Ensure ECMP is supportedby and enabled on the customer gateways. Change the routing configuration between the transitgateway and the customer gateways from static routing to BGP. Ensure the customer gateway applies the correct community strings to give the transit gateway the ability to perform ECMP forwarding. 


12345678910

Download All 290 Questions Check Customers Feedbacks