DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

2024 Updated ANS-C01 Exam Questions & Practice Tests, AWS Certified Advanced Networking | SPOTO

The AWS Certified Advanced Networking - Specialty (ANS-C01) exam is designed for professionals in AWS networking roles. It assesses skills in designing, implementing, managing, and securing AWS and hybrid network architectures at scale. As of 2024, the exam has been updated to reflect the latest advancements in AWS networking technologies. SPOTO offers updated ANS-C01 exam questions and practice tests to help candidates prepare effectively. Our materials include exam dumps, exam answers, and comprehensive exam practice to ensure thorough preparation. With SPOTO's exam questions and answers, exam simulator, and online exam questions, candidates can simulate real exam conditions and boost their confidence before the actual test. Our mock exams and sample questions provide valuable practice opportunities, while our exam materials cover all key topics tested in the ANS-C01 exam. Prepare with SPOTO to enhance your chances of passing the AWS Certified Advanced Networking - Specialty exam with flying colors.
Take other online exams

Question #1
An AWS CloudFormation template is being used to create a VPC peering connection between two existing operational VPCs, each belonging to a different AWS account. All necessary components in the ‘Remote’ (receiving) account are already in place. The template below creates the VPC peering connection in the Originating account. It contains these components: AWSTemplateFormation Version: 2010-09-09 Parameters: Originating VCId: Type: String RemoteVPCId: Type: String RemoteVPCAccountId: Type: String Resources: n
A. Resources:NewEC2SecurityGroup:Type: AWS::EC2::SecurityGroup
B. Resources:NetworkInterfaceToRemoteVPC:Type: “AWS::EC2NetworkInterface”
C. Resources:newEC2Route:Type: AWS::EC2::Route
D. Resources:VPCGatewayToRemoteVPC:Type: “AWS::EC2::VPCGatewayAttachment”
E. Resources:newVPCPeeringConnection:Type: ‘AWS::EC2VPCPeeringConnection’PeerRoleArn: !Ref PeerRoleArn
View answer
Correct Answer: D
Question #2
A company has deployed a software-defined WAN (SD-WAN) solution to interconnect all of its offices. The company is migrating workloads to AWS and needs to extend its SD-WAN solution to support connectivity to these workloads. A network engineer plans to deploy AWS Transit Gateway Connect and two SD-WAN virtual appliances to provide this connectivity. According to company policies, only a single SD-WAN virtual appliance can handle traffic from AWS workloads at a given time. How should the network engineer co
A. Add a static default route in the transit gateway route table to point to the secondary SD-WAN virtual applianc
B. Add routes that are more specific to point to the primary SD-WAN virtual appliance
C. Configure the BGP community tag 7224:7300 on the primary SD-WAN virtual appliance for BGP routes toward the transit gateway
D. Configure the AS_PATH prepend attribute on the secondary SD-WAN virtual appliance for BGP routes toward the transit gateway
E. Disable equal-cost multi-path (ECMP) routing on the transit gateway for Transit Gateway Connect
View answer
Correct Answer: C
Question #3
A global company runs business applications in the us-east-1 Region inside a VPC. One of the company's regional offices in London uses a virtual private gateway for an AWS Site-to-Site VPN connection tom the VPC. The company has configured a transit gateway and has set up peering between the VPC and other VPCs that various departments in the company use. Employees at the London office are experiencing latency issues when they connect to the business applications. What should a network engineer do to reduce
A. Create a new Site-to-Site VPN connectio
B. Set the transit gateway as the target gatewa
C. Enable acceleration on the new Site-to-Site VPN connectio
D. Update the VPN device in the London office with the new connection details
E. Modify the existing Site-to-Site VPN connection by setting the transit gateway as the target gateway
F. Create a new transit gateway in the eu-west-2 (London) Regio G
View answer
Correct Answer: B
Question #4
A global company operates all its non-production environments out of three AWS Regions: eu-west-1, us-east-1, and us-west-1. The company hosts all its production workloads in two on-premises data centers. The company has 60 AWS accounts and each account has two VPCs in each Region. Each VPC has a virtual private gateway where two VPN connections terminate for resilient connectivity to the data centers. The company has 360 VPN tunnels to each data center, resulting in high management overhead. The total VPN
A. Set up an AWS Direct Connect connection from each data center to AWS in each Regio
B. Create and attach private VIFs to a single Direct Connect gatewa
C. Attach the Direct Connect gateway to all the VPC
D. Remove the existing VPN connections that are attached directly to the virtual private gateways
E. Create a single transit gateway with VPN connections from each data cente
F. Share the transit gateway with each account by using AWS Resource Access Manager (AWS RAM)
View answer
Correct Answer: D
Question #5
A company's development team has created a new product recommendation web service. The web service is hosted in a VPC with a CIDR block of 192.168.224.0/19. The company has deployed the web service on Amazon EC2 instances and has configured an Auto Scaling group as the target of a Network Load Balancer (NLB). The company wants to perform testing to determine whether users who receive product recommendations spend more money than users who do not receive product recommendations. The company has a big sales e
A. Create a VPC peering connection between the web service VPC and the existing production VP
B. Add a routing rule to the appropriate route table to allow data to flow to 192
C. Configure the relevant security groups and ACLs to allow the systems tocommunicate
D. Ask the development team of the web service to redeploy the web service into the production VPC and integrate the systems there
E. Create a VPC endpoint servic
F. Associate the VPC endpoint service with the NLB for the web service
View answer
Correct Answer: BD
Question #6
An organization launched an IPv6-only web portal to support IPv6-native mobile clients. Front-end instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used. Customers say the service is unavailable during peak load times. The network engineer attempts to launch an instan
A. Create a new subnet using a VPC secondary IPv6 CIDR, and associate an IPv6 CID
B. Include the new subnet in the Auto Scaling group
C. Create a new subnet using a VPC secondary IPv4 CIDR, and associate an IPv6 CID
D. Include the new subnet in the Auto Scaling group
E. Resize the IPv6 CIDR on each of the existing subnet
F. Modify the Auto Scaling group maximum number of instances
View answer
Correct Answer: C
Question #7
A banking company is successfully operating its public mobile banking stack on AWS. The mobile banking stack is deployed in a VPC that includes private subnets and public subnets. The company is using IPv4 networking and has not deployed or supported IPv6 in the environment. The company has decided to adopt a third- party service provider's API and must integrate the API with the existing environment. The service provider’s API requires the use of IPv6. A network engineer must turn on IPv6 connectivity for
A. Create an internet gateway and a NAT gateway in the VP
B. Add a route to the existing subnet route tables to point IPv6 traffic to the NAT gateway
C. Create an internet gateway and a NAT instance in the VP
D. Add a route to the existing subnet route tables to point IPv6 traffic to the NAT instance
E. Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables topoint IPv6 traffic to the egress-only internet gateway
F. Create an egress-only internet gateway in the VP G
View answer
Correct Answer: D
Question #8
A company is planning to use Amazon S3 to archive financial data. The data is currently stored in an on-premises data center. The company uses AWS Direct Connect with a Direct Connect gateway and a transit gateway to connect to the on-premises data center. The data cannot be transported over the public internet and must be encrypted in transit. Which solution will meet these requirements?
A. Create a Direct Connect public VI
B. Set up an IPsec VPN connection over the public VIF to access Amazon S3
C. Create an IPsec VPN connection over the transit VI
D. Create a VPC and attach the VPC to the transit gatewa
E. In the VPC, provision an interface VPC endpoint for Amazon S3
F. Create a VPC and attach the VPC to the transit gatewa G
View answer
Correct Answer: B
Question #9
A company is hosting an application on Amazon EC2 instances behind an Application Load Balancer. The instances are in an Amazon EC2 Auto Scaling group. Because of a recent change to a security group, external users cannot access the application. A network engineer needs to prevent this downtime from happening again. The network engineer must implement a solution that remediates noncompliant changes to security groups. Which solution will meet these requirements?
A. Configure Amazon GuardDuty to detect inconsistencies between the desired security group configuration and the current security group configuratio
B. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups
C. Configure an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuratio
D. Configure AWS OpsWorks for Chef to remediate noncompliant security groups
E. Configure Amazon GuardDuty to detect inconsistencies between the desired security group configuration and the current security group configuratio
F. Configure AWS OpsWorks for Chef to remediate noncompliant security groups
View answer
Correct Answer: ABD
Question #10
An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC. Which solution will fix the connectivity failures with the LEAST amount o
A. Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications
B. Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route table APIs
C. Update the application server’s outbound security group to use the prefix-list for Amazon S3 in the same region
D. Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon
View answer
Correct Answer: BDF
Question #11
An IoT company sells hardware sensor modules that periodically send out temperature, humidity, pressure, and location data through the MQTT messaging protocol. The hardware sensor modules send this data to the company's on-premises MQTT brokers that run on Linux servers behind a load balancer. The hardware sensor modules have been hardcoded with public IP addresses to reach the brokers. The company is growing and is acquiring customers across the world. The existing solution can no longer scale and is intro
A. Place the EC2 instances behind a Network Load Balancer (NLB)
B. Use Bring Your Own IP (BYOIP) from the on-premises network with the NLB
C. Place the EC2 instances behind a Network Load Balancer (NLB)
D. Create an AWS Global Accelerator accelerator in front of the NLUse Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator
E. Place the EC2 instances behind an Application Load Balancer (ALB)
F. Create an AWS Global Accelerator accelerator in front of the AL G
View answer
Correct Answer: B
Question #12
A company delivers applications over the internet. An Amazon Route 53 public hosted zone is the authoritative DNS service for the company and its internet applications, all of which are offered from the same domain name. A network engineer is working on a new version of one of the applications. All the application's components are hosted in the AWS Cloud. The application has a three-tier design. The front end is delivered through Amazon EC2 instances that are deployed in public subnets with Elastic IP addre
A. Add a geoproximity routing policy in Route 53
B. Create a Route 53 private hosted zone for the same domain name Associate the application’s VPC with the new private hosted zone
C. Enable DNS hostnames for the application's VPC
D. Create entries in the private hosted zone for each name in the public hosted zone by using the corresponding private IP addresses
E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that runs when AWS CloudTrail logs a Route 53 API call to the public hosted zon
F. Create an AWS Lambda function as the target of the rul G
View answer
Correct Answer: C
Question #13
A company has deployed an AWS Network Firewall firewall into a VPC. A network engineer needs to implement a solution to deliver Network Firewall flow logs to the company’s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time. Which solution will meet these requirements?
A. Create an Amazon S3 bucke
B. Create an AWS Lambda function to load logs into the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluste
C. Enable Amazon Simple Notification Service (Amazon SNS) notifications on the S3 bucket to invoke the Lambda functio
D. Configure flow logs for the firewal
E. Set the S3 bucket as the destination
F. Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destinatio G
View answer
Correct Answer: CE
Question #14
All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.
A. The NAT gateway does not support UDP traffic
B. The authentication server is not accepting traffic
C. The NAT gateway cannot allocate more ports
D. The NAT gateway is launched in a private subnet
View answer
Correct Answer: BC
Question #15
A company is deploying a non-web application on an AWS load balancer. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server. How can this requirement be achieved?
A. Use a Network Load Balancer to automatically preserve the source IP address
B. Use a Network Load Balancer and enable the X-Forwarded-For attribute
C. Use a Network Load Balancer and enable the ProxyProtocol v2 attribute
D. Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header
View answer
Correct Answer: A
Question #16
A company manages resources across VPCs in multiple AWS Regions. The company needs to connect to the resources by using its internal domain name. A network engineer needs to apply the aws.example.com DNS suffix to all resources. What must the network engineer do to meet this requirement?
A. Create an Amazon Route 53 private hosted zone for aws
B. Associate the private hosted zone with that Region's VP
C. In the appropriate private hosted zone, create DNS records for the resources in each Region
D. Create one Amazon Route 53 private hosted zone for aws
E. Configure the private hosted zone to allow zone transfers with every VPC
F. Create one Amazon Route 53 private hosted zone for example
View answer
Correct Answer: B
Question #17
A network engineer needs to set up an Amazon EC2 Auto Scaling group to run a Linux-based network appliance in a highly available architecture. The network engineer is configuring the new launch template for the Auto Scaling group. In addition to the primary network interface the network appliance requires a second network interface that will be used exclusively by the application to exchange traffic with hosts over the internet. The company has set up a Bring Your Own IP (BYOIP) pool that includes an Elasti
A. Configure the two network interfaces in the launch templat
B. Define the primary network interface to be created in one of the private subnet
C. For the second network interface, select one of the public subnet
D. Choose the BYOIP pool ID as the source of public IP addresses
E. Configure the primary network interface in a private subnet in the launch templat
F. Use the user data option to run a cloud-init script after boot to attach the second network interface from a subnet with auto-assign public IP addressing enabled
View answer
Correct Answer: C
Question #18
A company is building its website on AWS in a single VPC. The VPC has public subnets and private subnets in two Availability Zones. The website has static content such as images. The company is using Amazon S3 to store the content. The company has deployed a fleet of Amazon EC2 instances as web servers in a private subnet. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer. The EC2 instances will serve traffic, and they must pull content from an S3 bucket to render the webpag
A. Create a Direct Connect private VI
B. Migrate the traffic from the public VIF to the private VIF
C. Create an AWS Site-to-Site VPN tunnel over the existing public VIF
D. Implement interface VPC endpoints for Amazon S3
E. Implement gateway VPC endpoints for Amazon S3
View answer
Correct Answer: AB

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: