云计算+AWS网络技术+ANS-C01考试真题解析+认证备考与技能提升本资源围绕AWS网络技术，提供ANS-C01考试真题及解析涵盖VPC、DirectConnect资源-CSDN文库

28 浏览量 2025-01-28 17:12:08 上传评论 1 收藏 2.63MB PDF 举报

资源推荐

资源详情

资源评论

Topic 1 - Exam A

Topic 1

Question #1

A company is planning to create a service that requires encryption in transit. The trac must not be decrypted between the client and the backend

of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of

simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) duster with the

Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler congured. The company needs to use mutual TLS for two-way authentication

between the client and the backend.

Which solution will meet these requirements?

A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, congure a Network Load Balancer with a TCP listener on

port 443 to forward trac to the IP addresses of the backend service Pods.

B. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, congure an Application Load Balancer with an HTTPS

listener on port 443 to forward trac to the IP addresses of the backend service Pods.

C. Create a target group. Add the EKS managed node group's Auto Scaling group as a target Create an Application Load Balancer with an

HTTPS listener on port 443 to forward trac to the target group.

D. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS

listener on port 443 to forward trac to the target group.

Correct Answer:

Community vote distribution

A (66%) B (32%)

Topic 1

Question #2

A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load

Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All trac must use HTTPS. TLS

processing must be ooaded to the load balancer. The web server must know the user’s IP address so that the company can keep accurate logs

for security purposes.

Which solution will meet these requirements?

A. Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the trac to the correct target group.

Include the X-Forwarded-For request header with trac to the targets.

B. Deploy an Application Load Balancer with an HTTPS listener for each domain. Use host-based routing rules to forward the trac to the

correct target group for each domain. Include the X-Forwarded-For request header with trac to the targets.

C. Deploy a Network Load Balancer with a TLS listener. Use path-based routing rules to forward the trac to the correct target group.

Congure client IP address preservation for trac to the targets.

D. Deploy a Network Load Balancer with a TLS listener for each domain. Use host-based routing rules to forward the trac to the correct

target group for each domain. Congure client IP address preservation for trac to the targets.

Correct Answer:

Community vote distribution

A (90%) 5%

2025/1/17 11:27

AWS Certified Advanced Networking - Specialty ANS-C01 Exam - Free Exam Q&As, Page 1 | ExamTopics

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/view/

1/154

Topic 1

Question #3

A company has developed an application on AWS that will track inventory levels of vending machines and initiate the restocking process

automatically. The company plans to integrate this application with vending machines and deploy the vending machines in several markets around

the world. The application resides in a VPC in the us-east-1 Region. The application consists of an Amazon Elastic Container Service (Amazon

ECS) cluster behind an Application Load Balancer (ALB). The communication from the vending machines to the application happens over HTTPS.

The company is planning to use an AWS Global Accelerator accelerator and congure static IP addresses of the accelerator in the vending

machines for application endpoint access. The application must be accessible only through the accelerator and not through a direct connection

over the internet to the ALB endpoint.

Which solution will meet these requirements?

A. Congure the ALB in a private subnet of the VPC. Attach an internet gateway without adding routes in the subnet route tables to point to the

internet gateway. Congure the accelerator with endpoint groups that include the ALB endpoint. Congure the ALB’s security group to only

allow inbound trac from the internet on the ALB listener port.

B. Congure the ALB in a private subnet of the VPC. Congure the accelerator with endpoint groups that include the ALB endpoint. Congure

the ALB's security group to only allow inbound trac from the internet on the ALB listener port.

C. Congure the ALB in a public subnet of the VPAttach an internet gateway. Add routes in the subnet route tables to point to the internet

gateway. Congure the accelerator with endpoint groups that include the ALB endpoint. Congure the ALB's security group to only allow

inbound trac from the accelerator's IP addresses on the ALB listener port.

D. Congure the ALB in a private subnet of the VPC. Attach an internet gateway. Add routes in the subnet route tables to point to the internet

gateway. Congure the accelerator with endpoint groups that include the ALB endpoint. Congure the ALB's security group to only allow

inbound trac from the accelerator's IP addresses on the ALB listener port.

Correct Answer:

Community vote distribution

A (61%) D (39%)

Topic 1

Question #4

A global delivery company is modernizing its eet management system. The company has several business units. Each business unit designs and

maintains applications that are hosted in its own AWS account in separate application VPCs in the same AWS Region. Each business unit's

applications are designed to get data from a central shared services VPC.

The company wants the network connectivity architecture to provide granular security controls. The architecture also must be able to scale as

more business units consume data from the central shared services VPC in the future.

Which solution will meet these requirements in the MOST secure manner?

A. Create a central transit gateway. Create a VPC attachment to each application VPC. Provide full mesh connectivity between all the VPCs by

using the transit gateway.

B. Create VPC peering connections between the central shared services VPC and each application VPC in each business unit's AWS account.

C. Create VPC endpoint services powered by AWS PrivateLink in the central shared services VPCreate VPC endpoints in each application VPC.

D. Create a central transit VPC with a VPN appliance from AWS Marketplace. Create a VPN attachment from each VPC to the transit VPC.

Provide full mesh connectivity among all the VPCs.

Correct Answer:

Community vote distribution

C (96%) 2%

2025/1/17 11:27

AWS Certified Advanced Networking - Specialty ANS-C01 Exam - Free Exam Q&As, Page 1 | ExamTopics

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/view/

2/154

Topic 1

Question #5

A company uses a 4 Gbps AWS Direct Connect dedicated connection with a link aggregation group (LAG) bundle to connect to ve VPCs that are

deployed in the us-east-1 Region. Each VPC serves a different business unit and uses its own private VIF for connectivity to the on-premises

environment. Users are reporting slowness when they access resources that are hosted on AWS.

A network engineer nds that there are sudden increases in throughput and that the Direct Connect connection becomes saturated at the same

time for about an hour each business day. The company wants to know which business unit is causing the sudden increase in throughput. The

network engineer must nd out this information and implement a solution to resolve the problem.

Which solution will meet these requirements?

A. Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending

the highest throughput during the period in which slowness is observed. Create a new 10 Gbps dedicated connection. Shift trac from the

existing dedicated connection to the new dedicated connection.

B. Review the Amazon CloudWatch metrics for VirtualInterfaceBpsEgress and VirtualInterfaceBpsIngress to determine which VIF is sending

the highest throughput during the period in which slowness is observed. Upgrade the bandwidth of the existing dedicated connection to 10

Gbps.

C. Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the

highest throughput during the period in which slowness is observed. Upgrade the existing dedicated connection to a 5 Gbps hosted

connection.

D. Review the Amazon CloudWatch metrics for ConnectionBpsIngress and ConnectionPpsEgress to determine which VIF is sending the

highest throughput during the period in which slowness is observed. Create a new 10 Gbps dedicated connection. Shift trac from the

existing dedicated connection to the new dedicated connection.

Correct Answer:

Community vote distribution

A (81%) B (19%)

Topic 1

Question #6

A software-as-a-service (SaaS) provider hosts its solution on Amazon EC2 instances within a VPC in the AWS Cloud. All of the provider's

customers also have their environments in the AWS Cloud.

A recent design meeting revealed that the customers have IP address overlap with the provider's AWS deployment. The customers have stated

that they will not share their internal IP addresses and that they do not want to connect to the provider's SaaS service over the internet.

Which combination of steps is part of a solution that meets these requirements? (Choose two.)

A. Deploy the SaaS service endpoint behind a Network Load Balancer.

B. Congure an endpoint service, and grant the customers permission to create a connection to the endpoint service.

C. Deploy the SaaS service endpoint behind an Application Load Balancer.

D. Congure a VPC peering connection to the customer VPCs. Route trac through NAT gateways.

E. Deploy an AWS Transit Gateway, and connect the SaaS VPC to it. Share the transit gateway with the customers. Congure routing on the

transit gateway.

Correct Answer:

Community vote distribution

AB (100%)

2025/1/17 11:27

AWS Certified Advanced Networking - Specialty ANS-C01 Exam - Free Exam Q&As, Page 1 | ExamTopics

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/view/

3/154

Topic 1

Question #7

A network engineer is designing the architecture for a healthcare company's workload that is moving to the AWS Cloud. All data to and from the

on-premises environment must be encrypted in transit. All trac also must be inspected in the cloud before the trac is allowed to leave the

cloud and travel to the on-premises environment or to the internet.

The company will expose components of the workload to the internet so that patients can reserve appointments. The architecture must secure

these components and protect them against DDoS attacks. The architecture also must provide protection against nancial liability for services

that scale out during a DDoS event.

Which combination of steps should the network engineer take to meet all these requirements for the workload? (Choose three.)

A. Use Trac Mirroring to copy all trac to a eet of trac capture appliances.

B. Set up AWS WAF on all network components.

C. Congure an AWS Lambda function to create Deny rules in security groups to block malicious IP addresses.

D. Use AWS Direct Connect with MACsec support for connectivity to the cloud.

E. Use Gateway Load Balancers to insert third-party rewalls for inline trac inspection.

F. Congure AWS Shield Advanced and ensure that it is congured on all public assets.

Correct Answer:

DEF

Community vote distribution

DEF (87%) 13%

Topic 1

Question #8

A retail company is running its service on AWS. The company’s architecture includes Application Load Balancers (ALBs) in public subnets. The

ALB target groups are congured to send trac to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call

externally hosted services over the internet by using a NAT gateway.

The company has noticed in its billing that NAT gateway usage has increased signicantly. A network engineer needs to nd out the source of this

increased usage.

Which options can the network engineer use to investigate the trac through the NAT gateway? (Choose two.)

A. Enable VPC ow logs on the NAT gateway's elastic network interface. Publish the logs to a log group in Amazon CloudWatch Logs. Use

CloudWatch Logs Insights to query and analyze the logs.

B. Enable NAT gateway access logs. Publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and

analyze the logs.

C. Congure Trac Mirroring on the NAT gateway's elastic network interface. Send the trac to an additional EC2 instance. Use tools such as

tcpdump and Wireshark to query and analyze the mirrored trac.

D. Enable VPC ow logs on the NAT gateway's elastic network interface. Publish the logs to an Amazon S3 bucket. Create a custom table for

the S3 bucket in Amazon Athena to describe the log structure. Use Athena to query and analyze the logs.

E. Enable NAT gateway access logs. Publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to

describe the log structure. Use Athena to query and analyze the logs.

Correct Answer:

Community vote distribution

AD (93%) 3%

2025/1/17 11:27

AWS Certified Advanced Networking - Specialty ANS-C01 Exam - Free Exam Q&As, Page 1 | ExamTopics

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/view/

4/154

Topic 1

Question #9

A banking company is successfully operating its public mobile banking stack on AWS. The mobile banking stack is deployed in a VPC that

includes private subnets and public subnets. The company is using IPv4 networking and has not deployed or supported IPv6 in the environment.

The company has decided to adopt a third-party service provider's API and must integrate the API with the existing environment. The service

provider’s API requires the use of IPv6.

A network engineer must turn on IPv6 connectivity for the existing workload that is deployed in a private subnet. The company does not want to

permit IPv6 trac from the public internet and mandates that the company's servers must initiate all IPv6 connectivity. The network engineer

turns on IPv6 in the VPC and in the private subnets.

Which solution will meet these requirements?

A. Create an internet gateway and a NAT gateway in the VPC. Add a route to the existing subnet route tables to point IPv6 trac to the NAT

gateway.

B. Create an internet gateway and a NAT instance in the VPC. Add a route to the existing subnet route tables to point IPv6 trac to the NAT

instance.

C. Create an egress-only Internet gateway in the VPAdd a route to the existing subnet route tables to point IPv6 trac to the egress-only

internet gateway.

D. Create an egress-only internet gateway in the VPC. Congure a security group that denies all inbound trac. Associate the security group

with the egress-only internet gateway.

Correct Answer:

Community vote distribution

C (89%) 11%

Topic 1

Question #10

A company has deployed an AWS Network Firewall rewall into a VPC. A network engineer needs to implement a solution to deliver Network

Firewall ow logs to the company’s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time.

Which solution will meet these requirements?

A. Create an Amazon S3 bucket. Create an AWS Lambda function to load logs into the Amazon OpenSearch Service (Amazon Elasticsearch

Service) cluster. Enable Amazon Simple Notication Service (Amazon SNS) notications on the S3 bucket to invoke the Lambda function.

Congure ow logs for the rewall. Set the S3 bucket as the destination.

B. Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service)

cluster as the destination. Congure ow logs for the rewall Set the Kinesis Data Firehose delivery stream as the destination for the Network

Firewall ow logs.

C. Congure ow logs for the rewall. Set the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination for the

Network Firewall ow logs.

D. Create an Amazon Kinesis data stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the

destination. Congure ow logs for the rewall. Set the Kinesis data stream as the destination for the Network Firewall ow logs.

Correct Answer:

Community vote distribution

B (100%)

2025/1/17 11:27

AWS Certified Advanced Networking - Specialty ANS-C01 Exam - Free Exam Q&As, Page 1 | ExamTopics

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/view/

5/154

剩余153页未读，继续阅读

评论收藏

内容反馈

因_果_律

粉丝: 2363
资源: 22

云计算 + AWS 网络技术 + ANS-C01 考试真题解析 + 认证备考与技能提升本资源围绕 AWS 网络技术，提供 AN...

最新资源

云计算 + AWS 网络技术 + ANS-C01 考试真题解析 + 认证备考与技能提升 本资源围绕 AWS 网络技术，提供 AN...

AWS Advanced Networking Specialty (ANS-C01)- 认证考试资料-中文-系列一.pdf

AWS Advanced Networking Specialty (ANS-C01)- 认证考试资料-英文-系列一.pdf

AWS SAA-C01（AWS-Certified-Solutions-Architect-Associate）认证考试题库 1185道题（英文版）

AWS SAA-C01 考试习题（强烈推荐）

AWS-CLF-C01中文课件，笔记整理.rar

AWS Developer Associate DVA-C01 Lead2Pass pdf.rar

AWS Database Specialty-(DBS-C01)认证考试资料整理中文-系列一

AWS Certified SAP on AWS Specialty (PAS-C01)- 认证考试题库-中文-系列二.pdf

AWS ANS-C01.pdf

AWS Certified Cloud Practitioner (CLF-C01) Practice Exam

AWS Certified Developer Exam (DVA-C01) 题库

AWS Certified Advanced Networking - Specialty - ANS - C00 .pdf

AWS Database Specialty-(DBS-C01)认证考试资料整理英文-系列一

AWS Certified SAP on AWS Specialty (PAS-C01)- 认证考试题库-英文-系列一.pdf

AWS云开发【DVA-C01 AWS开发者助理级】资格考试 资料100-200

AWS-C01.AWS-SAP.529Q-566Q.zip

AWS全套认证考试题库

AWS DevOps Engineer Professional (DOP-C02)认证考试资料整理中文-系列一

AWS Certified Cloud Practitioner(CLF-C02)认证考试资料整理英文-系列二

AWS云开发【DVA-C01 AWS开发者助理级】资格考试 资料

AWS Certified Cloud Practitioner(CLF-C02)认证考试资料整理中文-系列二

AWS SysOps Administrator(SOA-C02)认证考试资料整理中文-系列一

AWS Certified SAP on AWS Specialty (PAS-C01)- 认证考试题库-中文-系列一.pdf

AWS Certified SAP on AWS Specialty (PAS-C01)- 认证考试题库-英文-系列二.pdf

AWS Certified Developer Associate (DVA-C02)- 认证考试题库-英文-系列一.pdf

AWS Certified Developer Associate (DVA-C02)- 认证考试题库-中文-系列一.pdf

AWS SAA-C01 题库答案修正版(20200425)

AWS SAA Question Answer

计算机组成原理课后习题答案

哈尔滨工业大学ppt模板

最新资源

云计算 + AWS 网络技术 + ANS-C01 考试真题解析 + 认证备考与技能提升本资源围绕 AWS 网络技术，提供 AN...

AWS云开发【DVA-C01 AWS开发者助理级】资格考试资料100-200

AWS云开发【DVA-C01 AWS开发者助理级】资格考试资料