Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Amazon AWS Certified Advanced Networking - Specialty

Last Update 19 hours ago Total Questions : 290

The Amazon AWS Certified Advanced Networking - Specialty content is now fully updated, with all current exam questions added 19 hours ago. Deciding to include ANS-C01 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our ANS-C01 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these ANS-C01 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Amazon AWS Certified Advanced Networking - Specialty practice test comfortably within the allotted time.

Question # 71

A customer has set up multiple VPCs for Dev, Test, Prod, and Management. You need to set up AWS Direct Connect to enable data flow from on-premises to each VPC. The customer has monitoring software running in the Management VPC that collects metrics from the instances in all the other VPCs. Due to budget requirements, data transfer charges should be kept at minimum.

Which design should be recommended?

A.

Create a total of four private VIFs, one for each VPC owned by the customer, and route traffic between VPCs using the Direct Connect link.

B.

Create a private VIF to the Management VPC, and peer this VPC to all other VPCs.

C.

Create a private VIF to the Management VPC, and peer this VPC to all other VPCs, enable source/destination NAT in the Management VPC.

D.

Create a total of four private VIFs, and enable VPC peering between all VPCs.

Question # 72

A company is using an AWS Site-to-Site VPN connection from the company's on-premises data center to a virtual private gateway in the AWS Cloud Because of congestion, the company is experiencing availability and performance issues as traffic travels across the internet before the traffic reaches AWS. A network engineer must reduce these issues for the connection as quickly as possible with minimum administration effort.

Which solution will meet these requirements?

A.

Edit the existing Site-to-Site VPN connection by enabling acceleration. Stop and start the VPN service on the customer gateway for the new setting to take effect.

B.

Configure a transit gateway in the same AWS Region as the existing virtual private gateway. Create a new accelerated Site-to-Site VPN connection. Connect the new connection to the transit gateway by using a VPN attachment. Update the customer gateway device to use the new Site to Site VPN connection. Delete the existing Site-to-Site VPN connection

C.

Create a new accelerated Site-to-Site VPN connection. Connect the new Site-to-Site VPN connection to the existing virtual private gateway. Update the customer gateway device to use the new Site-to-Site VPN connection. Delete the existing Site-to-Site VPN connection.

D.

Create a new AWS Direct Connect connection with a private VIF between the on-premises data center and the AWS Cloud. Update the customer gateway device to use the new Direct Connect connection. Delete the existing Site-to-Site VPN connection.

Question # 73

A company deploys an internal website behind an Application Load Balancer (ALB) in a VPC. The VPC has a CIDR block of 172.31.0.0/16. The company creates a private hosted zone for the domain example.com for the website in Amazon Route 53. The company establishes an AWS Site-to-Site VPN connection between its office network and the VPC.

A network engineer needs to set up a DNS solution so that employees can visit the internal webpage by accessing a private domain URL (https://example.com) from the office network.

Which combination of steps will meet this requirement? (Choose two.)

A.

Create an alias record that points to the ALB in the Route 53 private hosted zone.

B.

Create a CNAME record that points to the ALB internal domain in the Route 53 private hosted zone.

C.

Create a Route 53 Resolver inbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver inbound endpoint.

D.

Create a Route 53 Resolver outbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver outbound endpoint.

E.

On the office DNS server, configure a conditional forwarder for the private domain to the VPC DNS at 172.31.0.2.

Question # 74

A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user’s IP address so that the company can keep accurate logs for security purposes.

Which solution will meet these requirements?

A.

Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the traffic to the correct target group. Include the X-Forwarded-For request header with traffic to the targets.

B.

Deploy an Application Load Balancer with an HTTPS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Include the X-Forwarded-For request header with traffic to the targets.

C.

Deploy a Network Load Balancer with a TLS listener. Use path-based routing rules to forward the traffic to the correct target group. Configure client IP address preservation for traffic to the targets.

D.

Deploy a Network Load Balancer with a TLS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Configure client IP address preservation for traffic to the targets.

Question # 75

A network engineer is working on a private DNS design to integrate AWS workloads and on-premises resources. The AWS deployment consists of five VPCs in the eu-west-1 Region that connect to the on-premises network over AWS Direct Connect. The VPCs communicate with each other by using a transit gateway. Each VPC is associated with a private hosted zone that uses the aws.example.internal domain. The network engineer creates an Amazon Route 53 Resolver outbound endpoint in a shared services VPC and attaches the shared services VPC to the transit gateway.

The network engineer is implementing a solution for DNS resolution. Queries for hostnames that end with aws.example.internal must use the private hosted zone. Queries for hostnames that end with all other domains must be forwarded to a private on-premises DNS resolver.

Which solution will meet these requirements?

A.

Add a forwarding rule for”””that targets the on-premises server's DNS IP address. Add a system rule for aws.example.internal that targets Route 53 Resolver.

B.

Add a forwarding rule for aws example.internal that targets Route 53 Resolver. Add a system rule for V that targets the Route 53 Resolver outbound endpoint.

C.

Add a forwarding rule for”””that targets the Route 53 Resolver outbound endpoint.

D.

Add a forwarding rule for"." that targets the Route 53 Resolver outbound endpoint.

Question # 76

A company is moving its record-keeping application to the AWS Cloud. All traffic between the company's on-premises data center and AWS must be encrypted at all times and at every transit device during the migration.

The application will reside across multiple Availability Zones in a single AWS Region. The application will use existing 10 Gbps AWS Direct Connect dedicated connections with a MACsec capable port. A network engineer must ensure that the Direct Connect connection is secured accordingly at every transit device.

The network engineer creates a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.

Which combination of additional steps should the network engineer take to meet the requirements? (Choose two.)

A.

Configure the on-premises router with the MACsec secret key.

B.

Update the connection's MACsec encryption mode to must_encrypt. Then associate the CKN/CAK pair with the connection.

C.

Update the connection's MACsec encryption mode to should encrypt. Then associate the CKN/CAK pair with the connection.

D.

Associate the CKN/CAK pair with the connection. Then update the connection's MACsec encryption mode to must_encrypt.

E.

Associate the CKN/CAK pair with the connection. Then update the connection’s MACsec encryption mode to should_encrypt.

Question # 77

A company is planning a migration of its critical workloads from an on-premises data center to Amazon EC2 instances. The plan includes a new 10 Gbps AWS Direct Connect dedicated connection from the on-premises data center to a VPC that is attached to a transit gateway. The migration must occur over encrypted paths between the on-premises data center and the AWS Cloud.

Which solution will meet these requirements while providing the HIGHEST throughput?

A.

Configure a public VIF on the Direct Connect connection. Configure an AWS Site-to-Site VPN connection to the transit gateway as a VPN attachment.

B.

Configure a transit VIF on the Direct Connect connection. Configure an IPsec VPN connection to an EC2 instance that is running third-party VPN software.

C.

Configure MACsec for the Direct Connect connection. Configure a transit VIF to a Direct Connect gateway that is associated with the transit gateway.

D.

Configure a public VIF on the Direct Connect connection. Configure two AWS Site-to-Site VPN connections to the transit gateway. Enable equal-cost multi-path (ECMP) routing.

Question # 78

A company has developed a web service for language translation. The web service's application runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) and are deployed in a private subnet. The web service can process requests that contain hundreds of megabytes of data.

The company needs to give some customers the ability to access the web service. Each customer has its own AWS account. The company must make the web service accessible to approved customers without making the web service accessible to all customers.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

A.

Create VPC peering connections with the approved customers only.

B.

Create an AWS PrivateLink endpoint service. Configure the endpoint service to require acceptance that will be granted to approved customers only.

C.

Configure an authentication action for the endpoint service's load balancer to allow customers to log in by using their AWS credentials. Provide only approved customers with the URL.

D.

Configure a Network Load Balancer (NLB) and a listener with the ALB as a target. Associate the NLB with the endpoint service.

E.

Associate the ALB with the endpoint service.

Question # 79

A company uses multiple AWS accounts and VPCs in a single AWS Region. The company must log all network traffic for Amazon EC2 instances and Amazon RDS databases. The company will use the log information to monitor and identify traffic flows in the event of a security incident. The information must be retained for 12 months but will be accessed infrequently after the first 90 days. The company must be able to view metadata that includes the vpc-id, subnet-id: and tcp-flags fields.

Which solution will meet these requirements at the LOWEST cost?

A.

Configure VPC flow logs with the default fields Store the logs in Amazon CloudWatch Logs.

B.

Configure Traffic Mirroring on all AWS resources to point to a Network Load Balancer that will send the mirrored traffic to monitoring instances.

C.

Configure VPC flow logs with additional custom format fields. Store the logs in Amazon S3.

D.

Configure VPC flow logs with additional custom format fields. Store the logs in Amazon CloudWatch Logs.

Question # 80

A company needs to capture and log traffic for Nitro-based Amazon EC2 instances to comply with regulations. The company's network team has prepared a solution that enables VPC traffic mirroring and sends traffic to a second set of EC2 instances in an Auto Scaling group.

The network team has added a Network Load Balancer (NLB) in front of the EC2 instances the traffic will be sent to. However, the solution does not send any mirrored traffic to the EC2 instances that are behind the NLB.

How should the network team configure traffic mirroring to use the NLB endpoint?

A.

Select the NLB as a source for traffic mirroring. Use a UDP listener.

B.

Select the NLB as a target for traffic mirroring. Use a TCP listener and a UDP listener.

C.

Select the NLB as a target for traffic mirroring. Use a TCP listener.

D.

Select the NLB as a target for traffic mirroring. Use a UDP listener.

Go to page:
ANS-C01 PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: May 2, 2026
  • 290 Questions and Answers
  • Single Choice: 221 Q&A's
  • Multiple Choice: 69 Q&A's
 Add to Cart    View Detail

Related Amazon Web Services Certification Exams

Amazon Web Services AIP-C01
Amazon Web Services GDP-C01
Amazon Web Services SOA-C03
Amazon Web Services MLA-C01
Amazon Web Services AIF-C01
Amazon Web Services Data-Engineer-Associate
Amazon Web Services CLF-C02
Amazon Web Services DOP-C02
Amazon Web Services DVA-C02
Amazon Web Services SAP-C02
Amazon Web Services SOA-C01

New Release

AI-901 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions
I27001F Exam Questions
FlashArray-Storage-Professional Exam Questions
API-SIEE Exam Questions
Workday-Pro-Time-Tracking Exam Questions
ZTCA Exam Questions
Accounting-for-Decision-Makers Exam Questions
TPAD01 Exam Questions
CPHIMS Exam Questions
Archer-Expert Exam Questions
C-KPIP Exam Questions