1. Home
  2. Amazon
  3. ANS-C00

Amazon ANS-C00 Online Practice Questions and Exam Preparation

ANS-C00 Exam Details

  • Exam Code
    :ANS-C00
  • Exam Name
    :AWS Certified Advanced Networking - Specialty (ANS-C00)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :414 Q&As
  • Last Updated
    :May 30, 2026

Amazon ANS-C00 Online Questions & Answers

  • Question 231:

    A company offers a web-based service that uses Amazon EC2 instances behind an Application Load Balancer (ALB). One of the company's large customers reports slow bulk transfer throughput. The company's network engineer suspects that this problem is the result of the TCP window size setting in the customer's corporate laptop computers.

    How can the network engineer check the value of the TCP window size?

    A. Configure VPC Flow Logs on the ALB elastic network interface. Use custom flow logs to add the TCP window size parameter to the captured metadata.
    B. Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to Amazon S3 for analysis with Amazon Athena.
    C. Configure VPC Traffic Mirroring. Set the traffic mirror source to the ALB elastic network interface. Set the traffic mirror target to an EC2 instance with packet capture software.
    D. Configure VPC Flow Logs on the ALB elastic network interface. Send the flow logs to Amazon S3 in the same AWS Region for analysis by AWS Network Manager.

  • Question 232:

    You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.

    Which two AWS services will be helpful to achieve this goal?

    A. Amazon CloudWatch Logs and VPC Flow Logs
    B. AWS CloudTrail and VPC Flow Logs
    C. AWS CloudTrail and CloudWatch Logs
    D. AWS CloudTrail and AWS Config

  • Question 233:

    What number does the binary number 11000000 correspond to?

    A. 128
    B. 192
    C. 64
    D. 117

  • Question 234:

    Your company runs an application for the US market in the us-east-1 AWS region. This application uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users run a real-time, front-end application

    on their local PCs. This front-end application knows the DNS hostname of the service.

    You must prepare the system for global expansion. The end users must access the application with lowest latency.

    How should you use AWS services to meet these requirements?

    A. Register the IP addresses of the service hosts as "A" records with latency-based routing policy in Amazon Route 53, and set a Route 53 health check for these hosts.
    B. Set the Elastic Load Balancing (ELB) load balancer in front of the hosts of the service, and register the ELB name of the main service host as an ALIAS record with a latency-based routing policy in Route 53.
    C. Set Amazon CloudFront in front of the host of the service, and register the CloudFront name of the main service as an ALIAS record in Route 53.
    D. Set the Amazon API gateway in front of the service, and register the API gateway name of the main service as an ALIAS record in Route 53.

  • Question 235:

    You have deployed a website that utilizes CloudFront, Elastic Loadbalancer, and S3 to serve content. When users access your site, they receive a "mixed content" security warning. What is most likely the problem?

    A. There is no rule in your bucket policy allowing public access.
    B. You have applied your SSL to your Elastic Loadbalancer but not your CDN.
    C. Your S3 Bucket permissions are incorrect.
    D. You are using an SSL from an external CA.

  • Question 236:

    What is the DNS server address for a VPC (10.111.0.0/16) with a subnet of 10.111.4.0/24?

    A. 10.111.0.2
    B. 10.111.4.2
    C. 10.111.1.2
    D. 10.111.4.1

  • Question 237:

    You have a management server that needs to be able to communicate with two subnets. One of these subnets is private. This subnet must remain private and must not pass any traffic back to other subnets. How would you configure this?

    A. Configure a NACL to allow access from the management server to the private server.
    B. Add an ENI to the management server that resides in the subnet of the private server.
    C. You can't do this without allowing traffic back through the other subnet.
    D. Configure a security group rule to allow access from the management server to the private server.

  • Question 238:

    A company hosts several applications in the AWS Cloud across multiple VPCs that are connected to a transit gateway. Redundant AWS Direct Connect connections and a Direct Connect gateway provide private network connectivity to the company's on-premises environment.

    During a maintenance window, the networking team adds eight VPCs. The application management team notices that there is no reachability between the newly created VPCs and the on-premises environment. Connectivity between all VPCs through the transit gateway is working as expected.

    Which of the following are possible causes of the connectivity issues? (Choose two.)

    A. The prefixes that are advertised from the Direct Connect gateway to the on-premises router are shorter than the CIDR blocks of the newly created VPCs
    B. The route tables for the newly created VPCs do not have the routes to the on-premises environment that point to the transit gateway attachment
    C. The on-premises route tables do not contain the exact CIDR blocks of the newly created VPCs
    D. The route tables for the newly created VPCs have only summary routes for the on-premises environment that point to the transit gateway attachment
    E. The prefixes that are advertised from the Direct Connect gateway to the on-premises router do not contain the CIDR blocks of the newly created VPCs

  • Question 239:

    In the context of Amazon CloudFront Actions, you use the _____ when specifying APIs in IAM policies.

    A. object names
    B. class names
    C. entity names
    D. action names

  • Question 240:

    Your company just deployed a WAF to protect its resources. You need to create a baseline before you start blocking traffic. How will you achieve this?

    A. Set the WAF to Monitor mode.
    B. Set the WAF to its defaults and let it do its job.
    C. Setup a Lambda function to monitor Flow Logs and analyze the traffic using Elasticsearch.
    D. A WAF is default deny and does not allow this. You need to use an IDS instead.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.