1. Home
  2. Amazon
  3. ANS-C00

AWS Certified Advanced Networking - Specialty (ANS-C00)

Exam Details

  • Exam Code
    :ANS-C00
  • Exam Name
    :AWS Certified Advanced Networking - Specialty (ANS-C00)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :414 Q&As
  • Last Updated
    :Apr 25, 2025

Amazon Amazon Certifications ANS-C00 Questions & Answers

  • Question 341:

    A company is deploying a non-web application on an Elastic Load Balancing. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.

    How can this requirement be achieved?

    A. Use a Network Load Balancer to automatically preserve the source IP address.

    B. Use a Network Load Balancer and enable the X-Forwarded-Forattribute.

    C. Use a Network Load Balancer and enable the ProxyProtocolattribute.

    D. Use an Application Load Balancer to automatically preserve the source IP address in the XForwarded-Forheader.

  • Question 342:

    A bank built a new version of its banking application in AWS using containers that connect to an on-premises database over a VPN connection. This application version requires users to also update their client application. The bank plans to deprecate the earlier client version. However, the company wants to keep supporting earlier clients through their on-premises version of the application to serve a small portion of the customers who haven't yet upgraded.

    What design will allow the company to serve both newer and earlier clients in the MOST efficient way?

    A. Use an Amazon Route 53 multivalue answer routing policy to route older client traffic to the on-premises application version and the rest of the traffic to the new AWS based version.

    B. Use a Classic Load Balancer for the new application. Route all traffic to the new application by using an Elastic Load Balancing (ELB) load balancer DNS. Define a user-agent-based rule on the backend servers to redirect earlier clients to the on-premises application.

    C. Use an Application Load Balancer for the new application. Register both the new and earlier applications as separate target groups and use path-based routing to route traffic based on the application version.

    D. Use an Application Load Balancer for the new application. Register both the new and earlier application backends as separate target groups. Use host header-based routing to route traffic based on the application version.

  • Question 343:

    An organization is using a VPC endpoint for Amazon S3. When the security group rules for a set of instances were initially configured, access was restricted to allow traffic only to the IP addresses of the Amazon S3 API endpoints in the region from the published JSON file. The application was working properly, but now is logging a growing number of timeouts when connecting with Amazon S3. No internet gateway is configured for the VPC.

    Which solution will fix the connectivity failures with the LEAST amount of effort?

    A. Create a Lambda function to update the security group based on AmazonIPSpaceChanged notifications.

    B. Update the VPC routing to direct Amazon S3 prefix-list traffic to the VPC endpoint using the route table APIs.

    C. Update the application server's outbound security group to use the prefix-list for Amazon S3 in the same region.

    D. Create an additional VPC endpoint for Amazon S3 in the same route table to scale the concurrent connections to Amazon S3.

  • Question 344:

    All IP addresses within a 10.0.0.0/16 VPC are fully utilized with application servers across two Availability Zones. The application servers need to send frequent UDP probes to a single central authentication server on the Internet to confirm that it is running up-to-date packages. The network is designed for application servers to use a single NAT gateway for internal access. Testing reveals that a few of the servers are unable to communicate with the authentication server.

    What is the reason for this failure?

    A. The NAT gateway does not support UDP traffic.

    B. The authentication server is not accepting traffic.

    C. The NAT gateway cannot allocate more ports.

    D. The NAT gateway is launched in a private subnet.

  • Question 345:

    An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed.

    What connection option should the organization use to get up and running at minimal cost?

    A. Use an internet connection.

    B. Set up an AWS VPN connection.

    C. Provision an AWS Direct Connection private virtual interface.

    D. Provision a Direct Connect public virtual interface.

  • Question 346:

    DNS name resolution must be provided for services in the following four zones: The contents of these zones is not considered sensitive, however, the zones only need to be used by services hosted in these VPCs, one per geographic region. Each VPC should resolve the names in all zones.

    How can you use Amazon route 53 to meet these requirements?

    A. Create a Route 53 Private Hosted Zone for each of the four zones and associate them with the three VPCs.

    B. Create a single Route 53 Private Hosted Zone for the zone company.private.and associate it with the three VPCs.

    C. Create a Route Public 53 Hosted Zone for each of the four zones and configure the VPC DNS Resolver to forward

    D. Create a single Route 53 Public Hosted Zone for the zone company.private. and configure the VPC DNS Resolver to forward

  • Question 347:

    An organization has three AWS accounts with each containing VPCs in Virginia, Canada and the Sydney regions. The organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and cost-optimization purposes.

    Which of the following meets the requirements with the LEAST management overhead?

    A. Use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions to find the unattached and unused EIPs.

    B. Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the unattached and unused EIPs.

    C. Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and unused EIPs.

    D. Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find the unattached and unused EIPs.

  • Question 348:

    A Systems Administrator is designing a hybrid DNS solution with spilt-view. The apex-domain “example.com” should be served through name servers across multiple top-level domains (TLDs). The name server for subdomain “dev.example.com” should reside on-premises. The administrator has decided to use Amazon Route 53 to achieve this scenario.

    What procedurals steps must be taken to implement the solution?

    A. Use a Route 53 public hosted zone for example.com and a private hosted zone for dev.example.com

    B. Use a Route 53 public and private hosted zone for example.com and perform subdomain delegation for dev.example.com

    C. Use a Route 53 public hosted zone for example.com and perform subdomain delegation for dev.example.com

    D. Use a Route 53 private hosted zone for example.com and perform subdomain delegation for dev.example.com

  • Question 349:

    An organization wants to process sensitive information using the Amazon EMR service. The information is stored in on-premises databases. The output of processing will be encrypted using AWS KMS before it is uploaded to a customer-owned Amazon S3 bucket. The current configuration includes a VPS with public and private subnets, with VPN connectivity to the on-premises network. The security organization does not allow Amazon EC2 instances to run in the public subnet.

    What is the MOST simple and secure architecture that will achieve the organization's goal?

    A. Use the existing VPC and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.

    B. Use the existing VPS and a NAT gateway, and configure Amazon EMR in a private subnet with an Amazon S3 endpoint.

    C. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint.

    D. Create a new VPS without an IGW and configure the VPN and Amazon EMR in a private subnet with an Amazon S3 endpoint and a NAT gateway.

  • Question 350:

    Your company has a 1-Gbps AWS Direct Connect connection to AWS. Your company needs to send traffic from on-premises to a VPC owned by a partner company. The connectivity must have minimal latency at the lowest price.

    Which of the following connectivity options should you choose?

    A. Create a new Direct Connect connection, and set up a new circuit to connect to the partner VPC using a private virtual interface.

    B. Create a new Direct Connect connection, and leverage the existing circuit to connect to the partner VPC.

    C. Create a new private virtual interface, and leverage the existing connection to connect to the partner VPC.

    D. Enable VPC peering and use your VPC as a transitive point to reach the partner VPC.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.