Amazon ANS-C01 Exam Questions
Amazon AWS Certified Advanced Networking - Specialty- 290 Questions & Answers
- Update Date : June 20, 2026
Master Your Preparation for the Amazon ANS-C01
We give our customers with the finest ANS-C01 preparation material available in the form of pdf .Amazon ANS-C01 exam questions answers are carefully analyzed and crafted with the latest exam patterns by our experts. This steadfast commitment to excellence has built unbreakable trust among countless people who aspire to advance their careers. Our learning resources are designed to help our students attain an impressive score of over 97% in the Amazon ANS-C01 exam, thanks to our effective study materials. We appreciate your time and investments, ensuring you receive the best resources. Rest assured, we leave no room for error, committed to excellence.
Friendly Support Available 24/7:
If you face issues with our Amazon ANS-C01 Exam dumps, our customer support specialists are ready to assist you promptly. Your success is our priority, we believe in quality and our customers are our 1st priority. Our team is available 24/7 to offer guidance and support for your Amazon ANS-C01 exam preparation. Feel free to reach out with any questions if you find any difficulty or confusion. We are committed to ensuring you have the necessary study materials to excel.
Verified and approved Dumps for Amazon ANS-C01:
Our team of IT experts delivers the most accurate and reliable ANS-C01 dumps for your Amazon ANS-C01 exam. All the study material is approved and verified by our team regarding Amazon ANS-C01 dumps. Our meticulously verified material, endorsed by our IT experts, ensures that you excel with distinction in the ANS-C01 exam. This top-tier resource, consisting of ANS-C01 exam questions answers, mirrors the actual exam format, facilitating effective preparation. Our committed team works tirelessly to make sure that our customers can confidently pass their exams on their first attempt, backed by the assurance that our ANS-C01 dumps are the best and have been thoroughly approved by our experts.
Amazon ANS-C01 Questions:
Embark on your certification journey with confidence as we are providing most reliable ANS-C01 dumps from Microsoft. Our commitment to your success comes with a 100% passing guarantee, ensuring that you successfully navigate your Amazon ANS-C01 exam on your initial attempt. Our dedicated team of seasoned experts has intricately designed our Amazon ANS-C01 dumps PDF to align seamlessly with the actual exam question answers. Trust our comprehensive ANS-C01 exam questions answers to be your reliable companion for acing the ANS-C01 certification.
Related Exams
AWS Certified Alexa Skill Builder-Specialty
65 Questions
AWS Certified: SAP on AWS - Specialty
65 Questions
AWS Certified Security – Specialty
231 Questions
Amazon ANS-C01 Sample Questions
Question # 1A company ran out of IP address space in one of the Availability Zones in an AWS Region that thecompany uses. The Availability Zone that is out of space is assigned the10.10.1.0 CIDR block. The company manages its networking configurations in an AWSCloudFormation stack. The company's VPC is assigned the 10.10.0.0 CIDRblock and has available capacity in the 10.10.1.0 CIDR block.How should a network specialist add more IP address space in the existing VPC with the LEAST operational overhead?
A.Update the AWS :: EC2 :: Subnet resource for the Availability Zone in the CloudFormationstack. Change the CidrBlock property to 10.10.1.0.
B.Update the AWS :: EC2 :: VPC resource in the CloudFormation stack. Change the CidrBlock property to 10.10.1.0.
C.Copy the CloudFormation stack. Set the AWS :: EC2 :: VPC resource CidrBlock property to10.10.0.0. Set the AWS :: EC2 :: Subnet resource CidrBlock property to 10.10.1.0 for the Availability Zone.
D.Create a new AWS :: EC2 :: Subnet resource for the Availability Zone in the CloudFormation stack. Set the CidrBlock property to 10.10.2.0.
Question # 2
A company has multiple firewalls and ISPs for its on-premises data center. The company has a singleAWS Site-to-Site VPN connection from the company's on-premises data center to a transit gateway.A single ISP services the Site-to-Site VPN connection. Multiple VPCs are attached to the transitgateway.A customer gateway that the Site-to-Site VPN connection uses fails. Connectivity is completely lost,but the company's network team does not receive a notification.The network team needs to implement redundancy within a week in case a single customer gatewayfails again. The team wants to use an Amazon CloudWatch alarm to send notifications to an AmazonSimple Notification Service (Amazon SNS) topic if any tunnel of the Site-to-Site VPN connectionfails. Which solution will meet these requirements MOST cost-effectively?
A. Replace the existing customer gateway with a new router. Create a new Site-to-Site VPNconnection to the transit gateway. For each VPN connection, set up a CloudWatch TunnelState alarmfor the VPN connection. Use a value of 0 for the alarm
B. Use a second customer gateway and a second ISP. Create a new Site-to-Site VPN connection to thetransit gateway. For each VPN connection, set up a CloudWatch TunnelState alarm for the VPNconnection. Use a value of less than 1 for the alarm.
C. Add an AWS Direct Connect connection to the existing Site-to-Site VPN connection to the transitgateway. For each VPN connection, set up a CloudWatch TunnelState alarm for the VPN connection.Use a value of failed for the alarm.
D. Use a second customer gateway with the existing ISP. Create a new Site-to-Site VPN connection tothe transit gateway. For each VPN connection, set up a CloudWatch TunnelState alarm for the VPNconnection. Use a value of unavailable for the alarm.
Question # 3
A company operates in the us-east-1 Region and the us-west-1 Region. The company is designing asolution to connect an on-premises data center to the company's AWS environment in us-east-1. Thesolution uses two AWS Direct Connect connections.Traffic from us-west-1 to the data center needs to traverse the Direct Connect connections. Anetwork engineer needs to set up active-passive functionality across the two Direct Connectconnections by using a Direct Connect gateway to influence inbound traffic from VPCs that are in uswest1 to the data center.Which solution will meet these requirements?
A. At the data center, set the local preference for the primary connection to be higher than the localpreference for the secondary connection.
B. Use AS path prepending to set the AS path on the primary connection to be longer than the ASpath on the secondary connection.
C. Use local preference BGP community tags to apply the 7224:7300 local preference BGPcommunity tag to the prefixes for the primary connection. Apply the 7224:7100 local preference BGPcommunity tag to the prefixes for the secondary connection.
D. Use local preference BGP community tags to apply the 7224:9300 local preference BGPcommunity tag to the prefixes for the primary connection. Apply the 7224:9100 local preference BGPcommunity tag to the prefixes for secondary connection.
Question # 4
A company runs an application across multiple AWS Regions and multiple Availability Zones. Thecompany needs to expand to a new AWS Region. Low latency is critical to the functionality of theapplication.A network engineer needs to gather metrics for the latency between the existing. Regions and thenew Region. The network engineer must gather metrics for at least the previous 30 days.Which solution will meet these requirements?
A. Configure an AWS Network Access Analyzer Network Access Scope, and use the analysis to reviewthe latency.
B. Set up AWS Network Manager Infrastructure Performance. Publish network performance metricsto Amazon CloudWatch.
C. Use an Amazon VPC Reachability Analyzer path to review the latency.
D. Set up VPC Flow Logs. Publish log metrics to Amazon CloudWatch.
Question # 5
A company is establishing hybrid cloud connectivity from an on-premises environment to AWS in theus-east-1 Region. The company is using a 10 Gbps AWS Direct Connect dedicated connection. Thecompany has two accounts in AWS. Account A has transit gateways in four AWS Regions. Account Ð’has transit gateways in three Regions. The company does not plan to expand.To meet security requirements the company's accounts must have separate cloud infrastructure.Which solution will meet these requirements MOST cost-effectively?
A.Create one Direct Connect gateway in us-east-1. Use AWS Resource Access Manager (AWS RAM)to share the Direct Connect gateway with each account. Create a transit VIF for AccountA.Associatethe four transit gateways in Account A to the Direct Connect gateway. Create a transit VIF for AccountB.Associate the three transit gateways in Account Ð’ to the Direct Connect gateway.
B. Create one Direct Connect gateway in us-east-1 for AccountA. Create a second Direct Connectgateway in us-east-1 for Account B. Create a transit VIF for AccountA. Associate the four transitgateways in Account A to the Direct Connect gateway in AccountA. Create a transit VIF for Account B.Associate the three transit gateways in Account Ð’ to the Direct Connect gateway in Account Ð’.
C. Create one Direct Connect gateway in us-east-1. Use AWS Resource Access Manager (AWS RAM)to share the Direct Connect gateway with each account. Create a transit VIF for AccountA. Associatethe four transit gateways in Account A to the Direct Connect gateway. Order a new 10 Gbps DirectConnect dedicated connection for Account B. Create a transit VIF on the new Direct Connect connection for Account B. Associate the three transit gateways in Account Ð’ to the Direct Connectgateway.
D. Create one Direct Connect gateway in us-east-1 for AccountA. Create a second Direct Connectgateway in us-east-1 for Account B. Create a transit VIF for AccountA. Associate the four transitgateways in Account A to the Direct Connect gateway in AccountA. Order a new 10 Gbps DirectConnect dedicated connection for Account Ð’. Create a transit VIF on the new Direct Connectconnection for Account Ð’. Associate the three transit gateways in Account Ð’ to the Direct Connectgateway in Account Ð’.
Question # 6
A company has two AWS Direct Connect connections between Direct Connect locations and thecompany's on-premises environment in the US. The company uses the connections to communicatewith AWS workloads that run in the us-east-1 Region. The company has a transit gateway thatconnects several VPCs. The Direct Connect connections terminate at a Direct Connect gateway andthe transit VIFs to the transit gateway.The company recently acquired a smaller company that is based in Europe. The newly acquiredcompany has only on-premises workloads. The newly acquired company does notexpect to run workloads on AWS for the next 3 years. However, the newly acquired company requiresconnectivity to the parent company's AWS resources in us-east-1 and to theparent company's on-premises environment in the US. The parent company wants to use two newDirect Connect connections in Europe to provide the required connectivity.Which solution will meet these requirements with the LEAST operational overhead for the newlyacquired company?
A.Associate new transit VIFs to the existing Direct Connect gateway. Configure the new transit VIFsto use Direct Connect SiteLink.
B.Associate new transit VIFs to a new Direct Connect gateway and to a new transit gateway in theeu-west-1 Region. Use transit gateway peering to connect the transit gateways.
C.Associate new private VIFs to the existing Direct Connect gateway. Configure the existing transitVIFs and the new private VIFs to use Direct Connect SiteLink.
D.Associate new private VIFs to a new Direct Connect gateway and to a new VPC in us-east-1.Configure the existing transit VIFs and the new private VIFs to use Direct Connect SiteLink and AWSPrivateLink endpoints in the new VPC
Question # 7
AnyCompany deploys and manages networking resources in its AWS network account, namedAccountA.AnyCompany acquires Example Corp, which has an application that runs behind anApplication Load Balancer (ALB) in Example Corp's AWS account, named Account-B.Example Corp needs to use AWS Global Accelerator to create an accelerator to publish theapplication to users. AnyCompany's networking team will manage the accelerator.Which solution will meet these requirements with the LEAST management overhead?
A.Create an accelerator in Account-Ð’. Use a cross-account role from Account-A to grant thenetworking team access to manage the accelerator.
B.Deploy a Network Load Balancer (NLB) in Account-A to route traffic to the ALB in Account-Ð’.Create an accelerator, and set the NLB as the endpoint in Account-A.
C.Create a cross-account Global Accelerator attachment in Account-Ð’ for the Account-A principal.Create an accelerator in Account-A by using the shared attachment.
D.Create an accelerator in Account-A.Use AWS Resource Access Management (AWS RAM) to sharethe accelerator with Account-Ð’. Associate the ALB in Account-Ð’ with the accelerator in Account-A.
Question # 8
A media company is planning to host an event that the company will live stream to users. Thecompany wants to use Amazon CloudFront.A network engineer creates a primary origin and a secondary origin for CloudFront. The engineerneeds to ensure that the primary origin can fail over to the secondary origin within 15 seconds if adisruption occurs.Which solution will meet this requirement with the LEAST operational overhead?
A.Configure a Lambda@Edge function to check the health status of both origins every 10 seconds.Reroute incoming requests when the origin health status is unhealthy.
B.Create a Network Load Balancer (NLB) in front of both origins Configure the NLB as the origin inCloudFront.
C.Set the CloudFront origin connection timeout value to 5 seconds Set the origin connectionattempts value to 2.
D.Configure a Lambda@Edge function to monitor incoming requests for an origin response. Rerouteincoming requests if no response is received from the primary origin within 10 seconds.
Question # 9
A company wants to analyze TCP internet traffic. The traffic originates from Amazon EC2 instances inthe companys VPC. The EC2 instances initiate connections through a NAT gateway.The company wants to capture data about the traffic including source and destination IP addressesports, and the first 8 bytes of the TCP segments of the traffic. The company needs to collect, store,and analyze all the required data points.Which solution will meet these requirements?
A.Configure the EC2 instances to be VPC traffic mirror sources. Deploy software on the traffic mirrortarget to forward the data to Amazon CloudWatch Logs. Analyze the data by using CloudWatch LogsInsights
B.Configure the NAT gateway to be a VPC traffic mirror source. Deploy software on the traffic mirrortarget to forward the data to an Amazon S3 bucket. Analyze the data by using Amazon Athena
C.Turn on VPC Flow Logs for the EC2 instances. Specify the default format and set AmazonCloudWatch Logs as the log destination. Analyze the flow log data by using CloudWatch Logs Insights.
D.Turn on VPC Flow Logs for the EC2 instances. Specify a custom format and set Amazon S3 as thelog destination. Analyze the flow log data by using Amazon Athena.
Question # 10
A company operates in multiple AWS Regions. The company has deployed transit gateways in eachRegion. The company uses AWS Organizations to operate multiple AWS accounts in one organization.The company needs to capture all VPC flow log data when a new VPC is created. The company needsto send flow logs to a specific Amazon S3 bucket.Which solution will meet these requirements with the LEAST administrative effort?
A.Update IAM permissions for each user to include a condition that ensures users can createVPCs only when VPC Flow Logs is enabled and configured correctly
B.Create a custom AWS Config rule with automatic remediation that verifies VPC Flow Logs isenabled and configured correctly. Apply the AWS Config rule to the organization.
C.Enable VPC Flow Logs on each transit gateway. Configure VPC Flow Logs to send flow logs to thespecified S3 bucket.
D.Deploy a serverless application that uses AWS CloudTrail to monitor for VPC creation events ineach account. Configure the application to apply the correct VPC Flow Logs configuration.
Question # 11
A company has an AWS environment that includes multiple VPCs that are connected by a transitgateway. The company wants to use a certificate-based AWS Site-to-Site VPN connection to establishconnectivity between an on-premises environment and the AWS environment. The company doesnot have a static public IP address for the on-premises environment.Which combination of steps should the company take to establish VPN connectivity between the transit gateway and the on-premises environment? (Choose two.)
A.Create a public certificate in AWS Certificate Manager (ACM).
B.Create a private certificate in AWS Certificate Manager (ACM).
C.Configure the Site-to-Site VPN tunnels to use the pre-shared key (PSK).
D.Create a customer gateway. Specify the current dynamic IP address of the customer gatewaydevice's external interface.
E.Create a customer gateway. Do not specify the IP address of the customer gateway device.
Question # 12
A company has two teams: Team A and Team B. Team A has VPCs that run in AccountA.The teamuses a transit gateway (TGW-A) to route traffic between workloads that run in the different VPCs.Similarly, Team Ð’ has VPCs that run in Account B. Team Ð’ uses a different transit gateway (TGW-B) to route traffic between workloads that run in the different VPCs.The company's network team manages the routing for Team A and Team Ð’. The network team wantsto retire TGW-B and use a single transit gateway to manage routing for the VPCs of both teams.Which solution will meet this requirement with the LEAST operational overhead?
A.Create a resource share for TGW-A Share TGW-A with Account B. Create VPC attachments for theVPCs in Account Ð’. Configure routing for the VPCs in TGW-A route tables. Update the route tables ofthe VPCs in Account Ð’ to forward traffic to TGWA.Delete TGW-B attachments and TGW-B
A. Share TGW-A with Account Ð’. Replicate the TGW-Bconfiguration to TGW-A to automatically start routing changes for the VPCs in Account Ð’. DeleteTGW-B when routing changes are complete.
C.Create a new transit gateway (TGW-C) in AccountA. Create a resource share for TGW-C. ShareTGW-C with Account B. Create VPC attachments for the VPCs in Account A and Account Ð’. Configurerouting for all the VPCs in TGW-C route tables. Update the route tables for the VPCs in Account A andAccount Ð’ to forward traffic to TGW-C. Delete TGW-A attachments and TGW-B attachments. DeleteTGW-A and TGW-B.
D.Create a new transit gateway (TGW-C) in a new account (Account C). Create a resource share forTGW-C. Share TGW-C with Account A and Account B. Create VPC attachments for the VPCs inAccount A and Account Ð’. Configure routing for all the VPCs in TGW-C route tables. Update the routetables for the VPCs in Account A and Account Ð’ to forward traffic to TGW-C. Delete TGW-Aattachments and TGW-B attachments. Delete TGW-A and TGW-B.
Question # 13
A company has several AWS Site-to-Site VPN connections between an on-premises customergateway and a transit gateway. The company's application uses IPv4 to communicate through theVPN connections.The company has updated the VPC to be dual stack and wants to transition to using IPv6-only for newworkloads. When the company tries to communicate through the existing VPN connections, IPv6traffic fails.Which solution will provide IPv6 support with the LEAST operational overhead?
A.Create a new Site-to-Site VPN connection that supports IPv6.
B.Create a new Site-to-Site VPN connection to a self-managed Amazon EC2 instance that runs opensource software.
C.Update the existing Site-to-Site VPN connections to support IPv6.
D.Update the on-premises customer gateway's public IP address from IPv4 to IPv6.