AWS Certified Advanced Networking – Specialty (ANS-C01) Exam Questions
If you want to ace your AWS Certified Advanced Networking – Specialty exam and boost your career as a networking professional on AWS, PassQuestion provides you with the latest and most accurate AWS Certified Advanced Networking – Specialty (ANS-C01) Exam Questions that are updated regularly to reflect the current exam objectives and content. With PassQuestion, you can practice with real exam questions and get detailed explanations for each answer. You can also check your progress and identify your strengths and weaknesses with PassQuestion’s online testing engine. Don’t miss this opportunity to get PassQuestion AWS Certified Advanced Networking – Specialty (ANS-C01) Exam Questions. Visit PassQuestion.com today and get ready to pass your exam with confidence.
AWS Certified Advanced Networking – Specialty Certification
AWS Certified Advanced Networking – Specialty credential helps organizations identify and develop talent with critical skills for implementing cloud initiatives. Earning AWS Certified Advanced Networking – Specialty validates expertise in designing and maintaining network architecture for the breadth of AWS services. The AWS Certified Advanced Networking – Specialty (ANS-C01) exam is intended for individuals who perform an AWS networking specialist’s role. The exam validates a candidate’s ability to design, implement, manage, and secure AWS and hybrid network architectures at scale. The exam is for individuals who perform complex networking tasks, and validates an individual’s ability to perform the following tasks:
• Design and develop hybrid and cloud-based networking solutions by using AWS
• Implement core AWS networking services according to AWS best practices
• Operate and maintain hybrid and cloud-based network architecture for all AWS services
• Use tools to deploy and automate hybrid and cloud-based AWS networking tasks
• Implement secure AWS networks using AWS native networking constructs and services
AWS Certified Advanced Networking – Specialty Exam Overview
Level: Specialty
Length: 170 minutes to complete the exam
Cost: 300 USD
Format: 65 questions, either multiple choice or multiple response
Delivery method: Pearson VUE testing center or online proctored exam.
Languages: English, Japanese, Korean, and Simplified Chinese.
AWS Certified Advanced Networking – Specialty (ANS-C01) Content Outline
Domain 1: Network Design 30%
Domain 2: Network Implementation 26%
Domain 3: Network Management and Operation 20%
Domain 4: Network Security, Compliance, and Governance 24%
View Online AWS Certified Advanced Networking – Specialty (ANS-C01) Free Questions
1. A company is deploying a non-web application on an AWS load balancer. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.
How can this requirement be achieved?
A.Use a Network Load Balancer to automatically preserve the source IP address.
B.Use a Network Load Balancer and enable the X-Forwarded-For attribute.
C.Use a Network Load Balancer and enable the ProxyProtocol v2 attribute.
D.Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.
Answer: C
2. A company has deployed a new web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Enterprise customers from around the world will use the application. Employees of these enterprise customers will connect to the application over HTTPS from office locations.
The company must configure firewalls to allow outbound traffic to only approved IP addresses. The employees of the enterprise customers must be able to access the application with the least amountof latency.
Which change should a network engineer make in the infrastructure to meet these requirements?
A.Create a new Network Load Balancer (NLB). Add the ALB as a target of the NLB.
B.Create a new Amazon CloudFront distribution. Set the ALB as the distribution’s origin.
C.Create a new accelerator in AWS Global Accelerator. Add the ALB as an accelerator endpoint.
D.Create a new Amazon Route 53 hosted zone. Create a new record to route traffic to the ALB.
Answer: B
3. A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider’s customers also have their environments in the AWS Cloud.
A recent design meeting revealed that the customers have IP address overlap with the provider’s AWS deployment. The customers have stated that they will not share their internal IP addresses and that they do not want to connect to the provider’s SaaS service over the internet.
Which combination of steps is part of a solution that meets these requirements? (Choose two.)
A.Deploy the SaaS service endpoint behind a Network Load Balancer.
B.Configure an endpoint service, and grant the customers permission to create a connection to the endpoint service.
C.Deploy the SaaS service endpoint behind an Application Load Balancer.
D.Configure a VPC peering connection to the customer VPCs. Route traffic through NAT gateways.
E.Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Configure routing on the transit gateway.
Answer: A, B
4. A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user’s IP address so that the company can keep accurate logs for security purposes.
Which solution will meet these requirements?
A.Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the traffic to the correct target group. Include the X-Forwarded-For request header with traffic to the targets.
B.Deploy an Application Load Balancer with an HTTPS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Include the X-Forwarded-For request header with traffic to the targets.
C.Deploy a Network Load Balancer with a TLS listener. Use path-based routing rules to forward the traffic to the correct target group. Configure client IP address preservation for traffic to the targets.
D.Deploy a Network Load Balancer with a TLS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Configure client IP address preservation for traffic to the targets.
Answer: A
5. A company has deployed an AWS Network Firewall firewall into a VPC. A network engineer needs to implement a solution to deliver Network Firewall flow logs to the company’s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time.
Which solution will meet these requirements?
A.Create an Amazon S3 bucket. Create an AWS Lambda function to load logs into the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster. Enable Amazon Simple Notification Service (Amazon SNS) notifications on the S3 bucket to invoke the Lambda function. Configure flow logs for the firewall. Set the S3 bucket as the destination.
B.Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall Set the Kinesis Data Firehose delivery stream as the destination for the Network Firewall flow logs.
C.Configure flow logs for the firewall. Set the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination for the Network Firewall flow logs.
D.Create an Amazon Kinesis data stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall. Set the Kinesis data stream as the destination for the Network Firewall flow logs.
Answer: B
6. An ecommerce company is hosting a web application on Amazon EC2 instances to handle continuously changing customer demand. The EC2 instances are part of an Auto Scaling group. The company wants to implement a solution to distribute traffic from customers to the EC2 instances. The company must encrypt all traffic at all stages between the customers and the application servers. No decryption at intermediate points is allowed.
Which solution will meet these requirements?
A.Create an Application Load Balancer (ALB). Add an HTTPS listener to the ALB. Configure the Auto Scaling group to register instances with the ALB’s target group.
B.Create an Amazon CloudFront distribution. Configure the distribution with a custom SSL/TLS certificate. Set the Auto Scaling group as the distribution’s origin.
C.Create a Network Load Balancer (NLB). Add a TCP listener to the NLB. Configure the Auto Scaling group to register instances with the NLB’s target group.
D.Create a Gateway Load Balancer (GLB). Configure the Auto Scaling group to register instances with the GLB’s target group.
Answer: C