1. Home
  2. Amazon
  3. ANS-C00

Amazon ANS-C00 Online Practice Questions and Exam Preparation

ANS-C00 Exam Details

  • Exam Code
    :ANS-C00
  • Exam Name
    :AWS Certified Advanced Networking - Specialty (ANS-C00)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :414 Q&As
  • Last Updated
    :May 30, 2026

Amazon ANS-C00 Online Questions & Answers

  • Question 401:

    A company requires connectivity between two workloads that are located in separate VPCs: VPC A and VPC B. The VPCs are located in the same AWS Region. A network engineer has configured a VPC peering relationship between the VPCs.

    The network engineer is testing for connectivity by using the ping command from an Amazon EC2 instance in VPC A with address 10.1.1.1 to another EC2 instance in VPC B with address 10.2.2.2. The pings are timing out.

    Which combination of stops should the network engineer take to troubleshoot the problem? (Choose three.)

    A. Ensure that the security group rules allow ICMP traffic from the source EC2 instance to the target EC2 instance.
    B. Ensure that the security group rules allow the flow of UDP traffic from the source EC2 instance to the target EC2 instance.
    C. Ensure that the network ACL rules allow ICMP traffic between the source EC2 instance and the target EC2 instance.
    D. Ensure that the security group rules allow the flow of TCP traffic from the source EC2 instance to the target EC2 instance.
    E. Verify that routes have been added to the respective VPC route tables to forward traffic that is destined for the other VPC through the peering connection.
    F. Configure the VPC peering settings to activate bidirectional traffic support.

  • Question 402:

    You can use the ____ command of the AWS Config service CLI to see the compliance state of each resource that AWS Config evaluates for a specific rule.

    A. describe-compliance-by-resource
    B. describe-compliance-by-config-rule
    C. get-compliance-details-by-config-rule
    D. get-compliance-details-by-resource

  • Question 403:

    You are a network admin of a US company called Webby Widgets that is expanding to Europe. The company has a website that serves dynamic and static content.

    You have been instructed to ensure the European clients receive the least latency possible, no matter where in Europe they live, while still allowing the US clients to receive the same user experience and performance they have been

    accustomed to. You have also been instructed to ensure both countries use the same URL to access the site and keep costs low.

    What two things should you do? (Choose two.)

    A. Deploy three VPCs; one for the US, one for the EU, and one as a central VPC that hosts an Elastic Load Balancer that will distribute traffic between the US and EU VPCs.
    B. Create two A records: eu.webbywidgets.com that points to the EU resources and us.webbywidgets.com that points to the US resources.
    C. Use the Traffic Flow policy creator to create the perfect routing policy.
    D. Create a CloudFront distribution to serve the static content from an S3 bucket.

  • Question 404:

    An organization processes consumer information submitted through its website. The organization's security policy requires that personally identifiable information (PII) elements are specifically encrypted at all times and as soon as feasible when received. The front-end Amazon EC2 instances should not have access to decrypted PII. A single service within the production VPC must decrypt the PII by leveraging an IAM role.

    Which combination of services will support these requirements? (Choose two.)

    A. Amazon Aurora in a private subnet
    B. Amazon CloudFront using AWS Lambda@Edge
    C. Customer-managed MySQL with Transparent Data Encryption
    D. Application Load Balancer using HTTPS listeners and targets
    E. AWS Key Management Services

  • Question 405:

    What value in a packet dictates the priority of the packet in a QoS enabled network?

    A. BFD
    B. IPv6
    C. NAT
    D. DSCP

  • Question 406:

    A Network Engineer needs to be automatically notified when a certain TCP port is accessed on a fleet of Amazon EC2 instances running in an Amazon VPC. Which of the following is the MOST reliable solution?

    A. Create an inbound rule in the VPC's network ACL that matches the TCP port. Create an Amazon CloudWatch alarm on the NetworkPackets metric for the ACL that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
    B. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to notify the Administrator with Amazon SNS each time the TCP port is accessed.
    C. Create VPC Flow Logs that write to Amazon CloudWatch Logs, with a metric filter matching connections on the required port. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.
    D. Install intrusion detection software on each Amazon EC2 instance and configure it to use the AWS CLI to publish to a custom Amazon CloudWatch metric each time the TCP port is accessed. Create a CloudWatch alarm on the resulting metric that uses Amazon SNS to notify the Administrator when the metric is greater than zero.

  • Question 407:

    Which of these is not specified on an ENI?

    A. A primary private IPv4 address
    B. A source/destination check flag
    C. A MAC address
    D. An A record

  • Question 408:

    You are deploying a web application in a VPC that requires SSL mutual authentication with a client- side, smartcard-stored certificate. The ELB Classic Load Balancer listener must support mutual authentication between the client and the application.

    Which load balancer protocol should you select for this application?

    A. HTTP
    B. HTTPS
    C. SSL
    D. TCP

  • Question 409:

    Considering the rules of IPv4 subnetting, how many subnets and hosts per subnet are possible given the following network 192.168.130.130/28? (in this question ignore the fact that AWS reserves 5 IP addresses)

    A. 8 subnets and 30 hosts per subnet
    B. 16 subnets and 14 hosts per subnet
    C. 32 subnets and 30 hosts per subnet
    D. 8 subnets and 14 hosts per subnet

  • Question 410:

    An organization is replacing a tape backup system with a storage gateway. there is currently no connectivity to AWS. Initial testing is needed. What connection option should the organization use to get up and running at minimal cost?

    A. Use an internet connection.
    B. Set up an AWS VPN connection.
    C. Provision an AWS Direct Connection private virtual interface.
    D. Provision a Direct Connect public virtual interface.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ANS-C00 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.