Most Recent Amazon ANS-C01 Exam Questions & Answers

Prepare for the Amazon AWS Certified Advanced Networking - Specialty exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Amazon ANS-C01 exam and achieve success.

The questions for ANS-C01 were last updated on Nov 14, 2024.

Viewing page 1 out of 31 pages.
Viewing questions 1-5 out of 154 questions

Get All 154 Questions & Answers

Question No. 1

A company has created three VPCs: a production VPC, a nonproduction VPC, and a shared services VPC. The production VPC and the nonproduction VPC must each have communication with the shared services VPC. There must be no communication between the production VPC and the nonproduction VPC. A transit gateway is deployed to facilitate communication between VPCs.

Which route table configurations on the transit gateway will meet these requirements?

AConfigure a route table with the production and nonproduction VPC attachments associated with propagated routes for only the shared services VPC. Create an additional route table with only the shared services VPC attachment associated with propagated routes from the production and nonproduction VPCs.

BConfigure a route table with the production and nonproduction VPC attachments associated with propagated routes for each VPC. Create an additional route table with only the shared services VPC attachment associated with propagated routes from each VPC.

CConfigure a route table with all the VPC attachments associated with propagated routes for only the shared services VPCreate an additional route table with only the shared services VPC attachment associated with propagated routes from the production and nonproduction VPCs.

DConfigure a route table with the production and nonproduction VPC attachments associated with propagated routes disabled. Create an additional route table with only the shared services VPC attachment associated with propagated routes from the production and nonproduction VPCs.

Show Answer

Correct Answer: A

Question No. 2

A company has many application VPCs that use AWS Site-to-Site VPN connections for connectivity to an on-premises location. The company's network team wants to gradually migrate to AWS Transit Gateway to provide VPC-to-VPC connectivity.

The network team sets up a transit gateway that uses equal-cost multi-path (ECMP) routing. The network team attaches two temporary VPCs to the transit gateway for testing. The test VPCs contain Amazon EC2 instances to confirm connectivity over the transit gateway between the on-premises location and the VPCs. The network team creates two new Site-to-Site VPN connections to the transit gateway.

During testing, the network team cannot reach the required bandwidth of 2.5 Gbps over the pair of new Site-to-Site VPN connections.

Which combination of steps should the network team take to improve bandwidth performance and minimize network congestion? (Select THREE.)

AEnable acceleration for the existing Site-to-Site VPN connections to the transit gateway.

BCreate new accelerated Site-to-Site VPN connections to the transit gateway.

CAdvertise the on-premises prefix to AWS with the same BGP AS_PATH attribute across all the Site-to-Site VPN connections.

DAdvertise the on-premises prefix to AWS with a different BGP AS_PATH attribute across all the Site-to-Site VPN connections

EVerify that the transit gateway attachments are present in the Availability Zones of the test VPC.

FVerify that the on-premises location is sending traffic by using multiple flows.

Show Answer

Correct Answer: A, B, F

Question No. 3

A company has two data centers that are interconnected with multiple redundant links from different suppliers. The company uses IP addresses that are within the 172.16.0.0/16 CIDR block. The company is running iBGP between the two data centers by using a private Autonomous System Number (ASN)and IGP.

The company is moving toward a hybrid setup in which the company will initially use one VPC in the AWS Cloud. An AWS Direct Connect connection runs from the first data center to a Direct Connect gateway by using a private VIF On the connection, the company advertises a summarized route for the 172.16.0.0/16 network The company is planning to set up a second summarized route from the second data center to a different Direct Connect location.

The company needs to implement a solution to route traffic to and from AWS through the first Direct Connect connection. The solution must use the second Direct Connect connection for failover purposes only.

Which solution will meet these requirements?

APrepend the private ASN on the BGP announcements to AWS from the second data center. Add a second VIF in the first Direct Connect connection. Advertise the same network without any prepends from the first data center. Implement the same setup for the BGP announcement from AWS to the two data centers.

BTag the BGP announcements with the local preference BGP community tags. Set the tag to high preference for the first data center. Set the tag to low preference for the second data center. Configure the second data center's router to have a lower local preference for the direct AWS BGP advertisements than for the advertisement from the first data center.

CConfigure the Direct Connect gateway to prefer routing through the Direct Connect connection with the first data center. Configure the second data center's router to have a lower local preference for the direct AWS BGP advertisements than for the advertisement from the first data center.

DConfigure the local AWS Region BGP community tag on the BGP route that is advertised from the first data center. Configure AS PATH prepends on the BGP announcements from the second data center.

Show Answer

Correct Answer: C

Question No. 4

A company has expanded its network to the AWS Cloud by using a hybrid architecture with multiple AWS accounts. The company has set up a shared AWS account for the connection to its on-premises data centers and the company offices. The workloads consist of private web-based services for internal use. These services run in different AWS accounts. Office-based employees consume these services by using a DNS name in an on-premises DNS zone that is named example.internal.

The process to register a new service that runs on AWS requires a manual and complicated change request to the internal DNS. The process involves many teams.

The company wants to update the DNS registration process by giving the service creators access that will allow them to register their DNS records. A network engineer must design a solution that will achieve this goal. The solution must maximize cost-effectiveness and must require the least possible number of configuration changes.

Which combination of steps should the network engineer take to meet these requirements? (Choose three.)

ACreate a record for each service in its local private hosted zone (serviceA.account1.aws.example.internal). Provide this DNS record to the employees who need access.

BCreate an Amazon Route 53 Resolver inbound endpoint in the shared account VPC. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint's IP addresses that were created.

CCreate an Amazon Route 53 Resolver rule to forward any queries made to onprem.example.internal to the on-premises DNS servers.

DCreate an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWS account to resolve queries for this domain.

ELaunch two Amazon EC2 instances in the shared AWS account. Install BIND on each instance. Create a DNS conditional forwarder on each BIND server to forward queries for each subdomain under aws.example.internal to the appropriate private hosted zone in each AWS account. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the IP addresses of the BIND servers.

FCreate a private hosted zone in the shared AWS account for each account that runs the service. Configure the private hosted zone to contain aws.example.internal in the domain (account1.aws.example.internal). Associate the private hosted zone with the VPC that runs the service and the shared account VPC.

Show Answer

Correct Answer: A, B, D

To meet the requirements of updating the DNS registration process while maximizing cost-effectiveness and minimizing configuration changes, the network engineer should take the following steps:

Create an Amazon Route 53 Resolver inbound endpoint in the shared account VPC. Create a conditional forwarder for a domain named aws.example.internal on the on-premises DNS servers. Set the forwarding IP addresses to the inbound endpoint's IP addresses that were created (Option B).

Create an Amazon Route 53 private hosted zone named aws.example.internal in the shared AWS account to resolve queries for this domain (Option D).

Create a record for each service in its local private hosted zone (serviceA.account1.aws.example.internal). Provide this DNS record to the employees who need access (Option A).

These steps will allow service creators to register their DNS records while keeping costs low and minimizing configuration changes.

Question No. 5

A company is building an internet-facing application that is hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The company is using the Amazon VPC Container Network Interface (CNI) plugin for Kubernetes for pod networking connectivity. The company needs to expose its application to the internet by using a Network Load Balancer (NLB). The pods that host the application must have visibility of the source IP address that is contained in the original packet that the NLB receives.

How should the network engineer configure the NLB and Amazon EKS settings to achieve these goals?

ASpecify the Ip target type for the NLB. Set the externalTrafficPolicy attribute to Local in the Kubernetes service specification.

BSpecify the instance target type for the NLB. Set the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification

CSpecify the instance target type for the NLB. Set the externalTrafficPolicy attribute to Local in the Kubernetes service specification.

DSpecify the Ip target type for the NLB. Set the externalTrafficPolicy attribute to Cluster in the Kubernetes service specification

Show Answer

Correct Answer: A

Unlock All Questions for Amazon ANS-C01 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 154 Questions & Answers