1. Home
  2. Amazon
  3. ANS-C00

Amazon ANS-C00 Online Practice Questions and Exam Preparation

ANS-C00 Exam Details

  • Exam Code
    :ANS-C00
  • Exam Name
    :AWS Certified Advanced Networking - Specialty (ANS-C00)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :414 Q&As
  • Last Updated
    :May 30, 2026

Amazon ANS-C00 Online Questions & Answers

  • Question 381:

    Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The Network Engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.

    What actions should accomplish this?

    A. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
    B. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to send notifications.
    C. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure Amazon SNS to send notifications.
    D. Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.

  • Question 382:

    A network engineer has configured a private hosted zone using Amazon Route 53. The engineer needs to configure health checks for record sets within the zone that are associated with instances. How can the engineer meet the requirements?

    A. Configure a Route 53 health check to a private IP associated with the instances inside the VPC to be checked.
    B. Configure a Route 53 health check pointing to an Amazon SNS topic that notifies an Amazon CloudWatch alarm when the Amazon EC2 StatusCheckFailed metric fails.
    C. Create a CloudWatch metric that checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm.
    D. Create a CloudWatch alarm for the StatusCheckFailed metric and choose Recover this instance, selecting a threshold value of 1.

  • Question 383:

    You have two Direct Connect connections and two VPN connections to your network. Site A is VPN 10.1.0.0/24 AS 65000 65000, Site B is VPN 10.1.0.252/30 AS 65000, Site C is DX 10.0.0.0/8 AS 65000 and Site D is DX 10.0.0.0/16 AS 65000 65000 65000. Which site will AWS choose to reach your network?

    A. Site A: VPN 10.0.1.0/24 AS 65000 65000
    B. Site B: VPN 10.0.1.252/30 AS 65000 65000 65000
    C. Site C: DX 10.0.0.0/8 AS 65000
    D. Site D: DX 10.0.0.0/16

  • Question 384:

    An organization is deploying an application in a VPC that requires SSL mutual authentication with a client-side certificate, as that is the primary method of identifying clients. The Network Engineer has been tasked with defining the mechanism used within AWS to provide the SSL mutual authentication.

    Which of the following options meets the organization's requirements?

    A. Use a Classic Load Balancer and upload the client certificate private keys to it. Perform SSL mutual authentication of the client-side certificate there.
    B. Use a Network Load Balancer with a TCP listener on port 443, and pass the request through for the SSL mutual authentication to be handled by a backend instance.
    C. Use an Application Load Balancer and upload the client certificate private keys to it by using the native server name indication (SNI) features with smart certificate selection to handle multiple calling applications.
    D. Front the application with Amazon API Gateway, and use its client-side SSL mutual authentication feature that uses the backend instances to verify the source of the request.

  • Question 385:

    You have an application that is processing confidential data. The data is currently stored in your data center. You are moving workloads to AWS, and you need to ensure confidentiality and integrity of the data in transit to your VPC. Your company has an existing AWS Direct Connect connection.

    What combination of steps should you perform to set up the most cost-effective connection between your on-premises data center and AWS? (Choose three.)

    A. Set up a VPC with a virtual private gateway.
    B. Set up a VPC with an Internet gateway.
    C. Configure a public virtual interface on your Direct Connect connection.
    D. Configure a private virtual interface to the virtual private gateway.
    E. Set up an IPsec tunnel between your customer gateway and a software VPN on Amazon EC2 in the VPC.
    F. Set up an IPsec tunnel between your customer gateway appliance and the virtual private gateway.

  • Question 386:

    Which of the following types of contents cannot serve over HTTP or HTTPS in Amazon CloudFront?

    A. Apple HTTP Live Streaming
    B. Static and dynamic download content
    C. Adobe Flash multimedia content
    D. CloudFront RTMP distribution

  • Question 387:

    A multinational organization has applications deployed in three different AWS regions. These applications must securely communicate with each other by VPN. According to the organization's security team, the VPN must meet the following requirements:

    1.

    AES 128-bit encryption

    2.

    SHA-1 hashing

    3.

    User access via SSL VPN

    4.

    PFS using DH Group 2

    5.

    Ability to maintain/rotate keys and passwords

    6.

    Certificate-based authentication

    Which solution should you recommend so that the organization meets the requirements?

    A. AWS hardware VPN between the virtual private gateway and customer gateway
    B. A third-party VPN solution deployed from AWS Marketplace
    C. A private MPLS solution from an international carrier
    D. AWS hardware VPN between the virtual private gateways in each region

  • Question 388:

    Your company has a DX connection and you just added a new VPC and Private VIF to which you have connected to your DX link. You copied the settings from the other VPC to ensure it's the same. Once you connected the new VIF, you began seeing problems with connectivity to both VPCs.

    You checked to make sure you didn't use the same CIDR with each VPC, so what could be the problem?

    A. You used the same VLAN ID for both connections.
    B. You overloaded your DX circuit.
    C. Your MPLS provider does not allow traffic to two VPCs.
    D. You can only connect one VIF to a DX circuit.

  • Question 389:

    What are two features of an Application Load Balancer? (Choose two.)

    A. Scales to handle any amount of traffic without interference
    B. Can distribute traffic over multiple Availability Zones
    C. Can receive a static IP address
    D. Can support SSLs

  • Question 390:

    Your company just purchased a domain using another registrar and wants to use the same nameservers as your current domain hosted with AWS. How would this be achieved?

    A. Every domain must have different nameservers.
    B. In the API, create a Reusable Delegation Set.
    C. Import the domain to your account and it will automatically set the same nameservers.
    D. In the console, create a Reusable Delegation Set.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.