1. Home
  2. Amazon
  3. ANS-C00

Amazon ANS-C00 Online Practice Questions and Exam Preparation

ANS-C00 Exam Details

  • Exam Code
    :ANS-C00
  • Exam Name
    :AWS Certified Advanced Networking - Specialty (ANS-C00)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :414 Q&As
  • Last Updated
    :May 30, 2026

Amazon ANS-C00 Online Questions & Answers

  • Question 141:

    You have been asked to monitor traffic flows on your Amazon EC2 instance. You will be performing deep packet inspection, looking for atypical patterns. Which tool will enable you to look at this data?

    A. Wireshark
    B. VPC Flow Logs
    C. AWS CLI
    D. CloudWatch Logs

  • Question 142:

    With AWS CloudTrail, creating multiple trails in one region allows ____ to focus on one aspect of AWS operation.

    A. callers
    B. events
    C. buckets
    D. stakeholders

  • Question 143:

    In AWS, which tool records API calls for a specific AWS account and also delivers the log files for that account?

    A. CloudTrail
    B. Redshift
    C. Beanstalk
    D. Cognito

  • Question 144:

    To allow all traffic to access an instance in "Subnet 1" that uses "Security Group 1", what two options need to be configured? (Choose two.)

    A. NACL rule allowing 0.0.0.0/0 to access "Subnet 1"
    B. Security Group rule in "Security Group 1" that allows 0.0.0.0/0 inbound
    C. Security Group rule in "Security Group 1" that allows outbound traffic to 0.0.0.0/0
    D. NACL rule allowing 0.0.0.0/0 to access "Security Group 1"

  • Question 145:

    A company with several VPCs in the us-east-1 Region wants to reduce the cost of its workloads. A network engineer has identified that all traffic bound to Amazon services is flowing through a NAT gateway. Additionally, all the VPCs are peered to a hub VPC for access to common services.

    What should the network engineer do to reduce data transfer costs to Amazon Simple Queue Service (Amazon SQS)?

    A. Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain us-east-1.sqs.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.
    B. Disable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.
    C. Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain sqs.us-east-1.amazonaws.com. Create a CNAME record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.
    D. Enable the private DNS name for the SQS endpoint. Create an Amazon Route 53 private hosted zone for the domain us-east-1.sqs.amazonaws.com. Create an alias record to the DNS name of the SQS endpoint. Share the private hosted zone with all other VPCs.

  • Question 146:

    Which of these metrics cannot help detect a DDoS?

    A. EC2 CPUUtilization
    B. ELB SurgeQueueLength
    C. EMR EMRspersecond
    D. CloudFront Requests

  • Question 147:

    Which service parses large Flow Logs for consumption by other programs such as Kibana?

    A. S3
    B. ElasticSearch
    C. Elastic Beanstalk
    D. Kinesis

  • Question 148:

    A company's web application is deployed on Amazon EC2 instances behind a public Application Load Balancer. The application flags malicious requests and uses an AWS Lambda function to add the offending IP addresses to the network ACL to block any further request for 24 hours. Recently, the application has been receiving more malicious requests, which causes the network ACL to reach its limit of allowed entries.

    Which action should be taken to block more IP addresses, without compromising the existing security requirements?

    A. Update the AWS Lambda function to remove blocked entries from the network ACL after 2 hours.
    B. Update the AWS Lambda function to block malicious IPs in security groups rather than the network ACL.
    C. Update the AWS Lambda function to block malicious IPs in AWS WAF attached to the Application Load Balancer.
    D. Update the AWS Lambda function to add an additional network ACL to the subnets once the limit for the previous ones has been reached.

  • Question 149:

    You are under a DDoS attack and you have added a deny all TCP rule to your NACL, but traffic is still coming. What did you do wrong?

    A. You configured the rule number to be too low.
    B. A NACL can't protect against a DDoS.
    C. The DDoS isn't a TCP attack.
    D. You need to add a deny rule outbound also since NACLs are stateful.

  • Question 150:

    You need to find the MTU used by another instance, but tracepath is not working. You know the instance you are trying to tracepath has open security group and NACL rules. Which protocol do you need to allow to access your instance to remedy this?

    A. Protocol 6: TCP
    B. Protocol 47: GRE
    C. Protocol 17: UDP
    D. Protocol 1: ICMP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.