• Home
  • Articles
  • 100% Accurate Answers! Dec-2023 ANS-C01 Actual Real Exam Questions [Q22-Q38]

100% Accurate Answers! Dec-2023 ANS-C01 Actual Real Exam Questions [Q22-Q38]

Share

100% Accurate Answers! Dec-2023 ANS-C01 Actual Real Exam Questions

Best Value Available! 2023 Realistic Verified Free ANS-C01 Exam Questions


The AWS Certified Advanced Networking Specialty Exam certification exam is designed for experienced networking professionals who work with AWS, including engineers, architects, and administrators. It is recommended that candidates have at least five years of experience in network administration, as well as a deep understanding of AWS core services.

 

NEW QUESTION # 22
You have created three Virtual Private Clouds (VPCs) named A, B, and C. VPC A is peered with VPC B.
VPC B is peered with VPC C. Which statement is true about this peering arrangement?
Response:

  • A. Instances in VPC A can reach instances in VPC C if they set their routes to an instance in VPC B.
  • B. Instances in VPC A can reach instances in VPC C by default.
  • C. Instances in VPC A can reach instances in VPC C if they use a proxy instance in VPC B.
  • D. Instances in VPC A can reach instances in VPC C if the correct routes are configured

Answer: C


NEW QUESTION # 23
You have created a custom VPC. What are two things you may need to do in order to SSH directly into your instance? (Choose two.) Response:

  • A. Attach a NAT Gateway
  • B. Enable SSH on the instance
  • C. Attach an Internet Gateway
  • D. Enable Public IP addresses

Answer: C,D


NEW QUESTION # 24
Use ___________ to get more visibility into the health of your AWS Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.
Response:

  • A. Amazon Elastic Beanstalk command line
  • B. Amazon EC2 log files
  • C. Amazon Load balancing
  • D. Amazon CloudWatch

Answer: D


NEW QUESTION # 25
You are a solutions architect working for a large travel company that is migrating its existing server estate to AWS. You have recommended that they use a custom Virtual Private Cloud (VPC), and they have agreed to proceed.
They will need a public subnet for their web servers and a private subnet for their databases. They also require the web servers and database servers to be highly available, and there is a minimum of two web servers and two database servers each.
How many subnets should you have to maintain high availability?
Response:

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D


NEW QUESTION # 26
A company's web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further requests for 24 hours Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.
Which action should be taken to block more IP addresses, without compromising the existing security requirements?
Response:

  • A. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
  • B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
  • C. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.
  • D. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.

Answer: A


NEW QUESTION # 27
Your company has just completed a transition to IPv6 and has deployed a website on a server. You were able to download software on the instance without an issue. This website is deployed using IPv6, but the public is not able to access it.
What should you do to fix this problem?
Response:

  • A. Add an inbound rule to your security group that allows inbound traffic on port 80 for 0.0.0.0/0.
  • B. Add an internet gateway for the instance.
  • C. Add an egress-only internet gateway.
  • D. Add an inbound rule to your security group that allows inbound traffic on port 80 for ::/0.

Answer: D


NEW QUESTION # 28
A company is using AWS Local Zones to bring cloud resources closer to the end-users to ensure very low latency access to the required resources. The company is looking at adding Elastic Load Balancing for enhanced security and performance.
Which of the following statements are relevant for configuring the ELB correctly?
(Select two)
Response:

  • A. Only Application Load Balancer (ALB) supports Local Zones
  • B. For added security, AWS WAF is supported on the load balancer with Local Zone subnets
  • C. Both Application Load Balancer (ALB) and Classic Load Balancer (CLB) support Local Zones
  • D. Both Application Load Balancer (ALB) and Network Load Balancer (NLB) support Local Zones
  • E. You cannot use a Lambda function as a target when using Local Zone subnets for configuring the ELB

Answer: A,E


NEW QUESTION # 29
You have a DX connection and a VPN connection as backup for your 10.0.0.0/16 network. You just received a letter indicating that the colocation provider hosting the DX connection will be undergoing maintenance soon. It is critical that you do not experience any downtime or latency during this period.
What is the best course of action?
Response:

  • A. Configure the VPN as a static VPN instead of dynamic.
  • B. Configure AS_PATH Prepending on the DX connection to make it the less preferred path.
  • C. None of the above.
  • D. Advertise 10.0.0.0/9 and 10.128.0.0/9 over your VPN connection.

Answer: C


NEW QUESTION # 30
You are the network engineer at your company, and you are noticing issues with QoS in you're the traffic to your instances hosting a VOIP program. You need to inspect the network packets to determine if it is a programming error or a networking error. How should you do this?
Response:

  • A. Inspect Flow Logs
  • B. Configure a network monitoring program on every instance and stream the logs to an S3 bucket to be parsed.
  • C. Set up another instance with an ENI added to act as a monitoring interface. Set the port to
    "promiscuous mode" and sniff the traffic to analyze the packets. Then output this single stream to an S3 bucket to be parsed.
  • D. Use CloudWatch

Answer: B


NEW QUESTION # 31
You are tasked with setting up IPSec VPN connectivity between your on-premises data center and AWS.
You have an application on-premises that will exchange sensitive control information to an EC2 instance in the VPC. This traffic should take priority in the VPN tunnel over all other traffic.
How will you design this solution, considering the least management overhead?
Response:

  • A. Terminate a VPN connection on an Amazon EC2 instance loaded with a software supporting Quality of Service (QoS) and use Differentiated Services Code Point (DSCP) markings to give priority to the application traffic as it sent and received over the VPN tunnel.
  • B. Move the sensitive application to a separate VPC. Create separate VPN tunnels to these VPCs.
  • C. Terminate a VPN connection on two Amazon EC2 instances. Use one instance for sensitive control information and the other instance for the rest of the traffic
  • D. Terminate VPN on a Virtual Private Gateway (VGW) and use DSCP markings to give priority to the application traffic as it is sent and received over the VPN tunnel.

Answer: A


NEW QUESTION # 32
You use a VPN to extend your corporate network in to a VPC. Instances in the VPC are able to resolve resource records in an Amazon Route 53 private hosted zone.
Your on-premises DNS server is configured with a forwarder to the VPC DNS server IP address. On- premises users are unable to resolve names in the private hosted zone, although instances in a peered VPC can.
What should you do to provide on-premises users with access to the private hosted zone?
Response:

  • A. Modify the network access control list on the VPC to allow DNS queries from on-premises systems.
  • B. Configure the on-premises server as a secondary DNS for the private zone. Update the NS records.
  • C. Create a proxy resolver within the VPC. Point the on-premises forwarder to the proxy resolver.
  • D. Update the on-premises forwarders with the four name servers assigned to the private hosted zone.

Answer: C


NEW QUESTION # 33
You are managing a VPC with 4 AZs. There is a load balancer managing the public accessibility to your servers. You have a secondary ENI with a private IPv4 address on an instance that is serving public web traffic. Your server communicates over private addresses to a database in another subnet.
Security is a major concern for your company and whitelisting is in effect. You have to bring the web server down for maintenance, what two things should you do?
(Choose two.)
Response:

  • A. Move the ENI from one server to the other.
  • B. Reboot the instance.
  • C. Configure a secondary ENI on the standby instance.
  • D. Associate the new ENI with the database security group.

Answer: C,D


NEW QUESTION # 34
A company deploys a new web application on Amazon EC2 instances. The application runs in private subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS Certificate Manager (ACM) to automate SSL/TLS certificate provisioning. SSL/TLS connections are terminated on the ALB.
The company tests the application with a single EC2 instance and does not observe any problems. However, after production deployment, users report that they can log in but that they cannot use the application. Every new web request restarts the login process.
What should a network engineer do to resolve this issue?

  • A. Modify the ALB listener configuration. Edit the rule that forwards traffic to the target group. Change the rule to enable group-level stickiness. Set the duration to the maximum application session length.
  • B. Modify the ALB target group configuration by enabling the stickiness attribute. Use an application-based cookie. Set the duration to the maximum application session length.
  • C. Remove the ALB. Create an Amazon Route 53 rule with a failover routing policy for the application name. Configure ACM to issue certificates for each EC2 instance.
  • D. Replace the ALB with a Network Load Balancer. Create a TLS listener. Create a new target group with the protocol type set to TLS Register the EC2 instances. Modify the target group configuration by enabling the stickiness attribute.

Answer: B


NEW QUESTION # 35
A CloudFront distribution has been configured to serve multiple CNAMEs (alternate domain names) through a single distribution. The company has rolled out new security policies that mandate the use of Secure Sockets Layer (SSL) for all the associated CNAMEs.
How should this requirement be configured to achieve the security level proposed by the company?
Response:

  • A. Associate multiple SSL certificates to the CloudFront distribution, using one certificate for each CNAME
  • B. Create a custom certificate in IAM using AWS Management Console and attach it to CloudFront distribution
  • C. Assign a certificate from ACM that includes all the required domains and attach it to the CloudFront distribution
  • D. Create separate signed URLs for each domain in CloudFront to access multiple domains

Answer: C


NEW QUESTION # 36
Your company is building a new data center. You currently have an on-premises data center that accesses your single VPC via VPN. You need to provide access to your single VPC to your new data center. Since your new data center build is already over budget, you need to keep costs low.
How should you accomplish this?
Response:

  • A. Add a Public VIF and create a Direct Connect connection.
  • B. Create a new Virtual Gateway and add it to your VPN using a CloudHub infrastructure model.
  • C. Create a new Customer Gateway and add it to your VPN using a CloudHub infrastructure model.
  • D. Add a Private VIF and create a Direct Connect connection.

Answer: C


NEW QUESTION # 37
Some people in your company have created a very complicated and management-intensive workflow for automating development builds and testing.
They have requested those involved in creating it not to repeat this workflow more than once. The security organization, however, wants every developer to have their own account to reduce the blast radius of development issues.
What is the best design for providing access to the development system?
Response:

  • A. Provide one large Virtual Private Cloud (VPC). Configure network Access Control Lists (ACLs) and security groups so that the blast radius for developers is limited.
  • B. Deploy the development system in a central VPC. Allow developers to access the system through AWS PrivateLink
  • C. Ask the developers simply to automate the deployment of their build system and make it a distributed system. Deploy a copy of this in each developer VPC to prevent any blast radius or complexity problems.
  • D. Deploy the development system in a central VPC. Extend network interfaces with cross-account permissions so that developers can route their code to the development system.

Answer: B


NEW QUESTION # 38
......


Amazon ANS-C01 (AWS Certified Advanced Networking Specialty) Exam is a certification offered by Amazon Web Services (AWS) that validates an individual's expertise in advanced networking concepts and technologies on the AWS platform. AWS Certified Advanced Networking Specialty Exam certification is intended for professionals who work with cloud-based networking solutions and are seeking to demonstrate their advanced skills and knowledge in this area.

 

Actual Questions Answers Pass With Real ANS-C01 Exam Dumps: https://www.validbraindumps.com/ANS-C01-exam-prep.html

Pass Your Exam Easily! ANS-C01 Real Question Answers Updated: https://drive.google.com/open?id=1B_a4NKZKWd31RYal6bDMEYrGKF3ZLO5b

Related Articles

more
Amazon ANS-C01 Certification Practice Exam

Copyright © 2026 ValidBraindumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy