Free Amazon Web Services ANS-C01 Practice Exam with Questions & Answers | Set: 9

Name: How to Pass ANS-C01 Exams
Brand: Examstrack
SKU: ans-c01
Price: 42 USD
Availability: InStock

Questions 81

A company wants to migrate its DNS registrar and DNS hosting to Amazon Route 53. The company website receives tens of thousands of visits each day, and the company’s current DNS provider cannot keep up. The company wants to migrate as quickly as possible but cannot tolerate any downtime.

Which solution will meet these requirements?

Options:

Transfer the domain name to Route 53. Create a Route 53 private hosted zone, and copy all the existing DNS records. Update the name servers on the domain to use the name servers that are specified n the newly created private hosted zone.

Copy all DNS records from the existing DNS servers to a Route 53 private hosted zone. Update the name servers with the existing registrar to use the private hosted zone name servers. Transfer the domain name to Route 53. Ensure that all the changes have propagated

Transfer the domain name to Route 53. Create a Route 53 public hosted zone, and copy all the existing DNS records. Set the TTL value on each record to 1 second. Update the name servers on the domain to use the name servers that are specified in the newly created public hosted zone.

Copy all DNS records from the existing DNS servers to a Route 53 public hosted zone. Update the name servers with the existing registrar to use the Route 53 name servers for the hosted zone. When the changes have propagated, perform a domain name transfer to Route 53.

Amazon Web Services ANS-C01 Premium Access

Angeline

20-Jun-2025

I relied on Examstrack's ANS-C01 PDFs and testing engine to assess my knowledge and prepare effectively for the actual exam.

Andrew

15-Jun-2025

I couldn't have passed the ANS-C01 exam without Examstrack. Their reliable study material gave me the edge I needed.

Questions 82

An international company wants to implement a multi-site hybrid infrastructure. The company wants to deploy its cloud computing resources on AWS in the us-east-1 Region and in the eu-west-2 Region, and in on-premises data centers in the United States (US) and in the United Kingdom (UK). The data centers are connected to each other by a private WAN connection. IP routing information is exchanged dynamically through BGP. The company wants to have two AWS Direct Connect connections, one each in the US and the UK.

The company expects to have 15 VPCs in each Region with CIDR blocks that do not overlap with each other or with CIDR blocks of the on-premises environment. The VPC CIDR blocks are planned so that the prefix aggregation can be performed both on a Regional level and across the entire AWS environment. The company will deploy a transit gateway in each Region to connect the VPCs. A network engineer plans to use a Direct Connect gateway in each Region. A transit VIF will attach the Direct Connect gateway in each Region to the transit gateway in that Region. The transit gateways will be peered with each other.

The network engineer wants to ensure that traffic follows the shortest geographical path from source to destination. Traffic between the on-premises data centers and AWS must travel across a local Direct Connect connection. Traffic between the US data center and eu-west-2 and traffic between the UK data center and us-east-1 must use the private WAN connection to reach the Direct Connect connection to the appropriate Region when the Direct Connect connection is available. The network must be resilient to failures in either the private WAN connection or with the Direct Connect connections. The network also must reroute traffic automatically in the event of any failure.

How should the network engineer configure the transit VIF associations on the Direct Connect gateways to meet these requirements?

Options:

Advertise only the aggregate route for the company's entire AWS environment.

Advertise VPC-specific CIDR prefixes from only the local Region. Additionally, advertise the aggregate route for the company’s entire AWS environment.

Advertise all the specific VPC CIDR blocks from both Regions.

Advertise both Regional aggregate prefixes. Configure custom BGP communities on the routes advertised toward the data center.

Questions 83

AnyCompany has acquired Example Corp. AnyCompany's infrastructure is all on premises, and Example Corp's infrastructure is completely in the AWS Cloud. The

companies are using AWS Direct Connect with AWS Transit Gateway to establish connectivity between each other.

Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway. The CIDR range for the VPC is 10.0.0.0/16. Example

Corp needs to access an application that is deployed on premises by AnyCompany. Because of compliance requirements, Example Corp must access the application

through a limited contiguous block of approved IP addresses (10.1.0.0/24).

A network engineer needs to implement a highly available solution to achieve this goal. The network engineer starts by updating the VPC to add a new CIDR range of

10.1.0.0/24.

What should the network engineer do next to meet the requirements?

Options:

In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a public NAT Sateway in each of the new

subnets. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway in the corresponding Availability

Zone. Add a route to the route table that is associated with the subnets of the public NAT gateways to send traffic destin

In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new

subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding

Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic des

In the VPC, create a subnet that uses the allowed IP address range. Create a private NAT gateway in the new subnet. Update the route tables that are

associated with other subnets to route application traffic to the private NAT gateway. Add a route to the route table that is associated with the subnet of the

private NAT gateway to send traffic destined for the application to the transit gateway.

In the VPC, create a subnet that uses the allowed IP address range. Create a public NAT gateway in the new subnet. Update the route tables that are

associated with other subnets to route application traffic to the public NAT gateway. Add a route to the route table that is associated with the subnet of the

public NAT gateway to send traffic destined for the application to the transit gateway.

Answer:

Explanation:

The correct answer is B. In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.

This solution meets the requirements because:

•It uses a private NAT gateway, which can route traffic to other VPCs or on-premises networks through a transit gateway or a virtual private gateway1.

•It creates a subnet in each Availability Zone that uses part of the approved IP address range, which ensures high availability and compliance.

•It updates the route tables to send traffic from the other subnets to the private NAT gateway in the same Availability Zone, which reduces latency and improves performance.

•It adds a route to the route table of the private NAT gateway subnets to send traffic destined for the application to the transit gateway, which enables connectivity to the on-premises network.

The other options are incorrect because:

•Option A uses a public NAT gateway, which is not necessary for connecting to other VPCs or on-premises networks. A public NAT gateway also requires an elastic IP address, which is not part of the approved IP address range.

•Option C creates only one subnet and one private NAT gateway, which does not provide high availability across multiple Availability Zones.

•Option D uses a public NAT gateway, which is not necessary for connecting to other VPCs or on-premises networks. A public NAT gateway also requires an elastic IP address, which is not part of the approved IP address range. Additionally, option D creates only one subnet and one public NAT gateway, which does not provide high availability across multiple Availability Zones.

Questions 84

A company uses AWS Site-to-Site VPN connections to encrypt traffic between the company's on-premises location and a single VPC. The Site-to-Site VPN connections use two 1 Gbps AWS Direct Connect connections with public VIFs. The company plans to add 15 additional VPCs in the same AWS Region.

The company must maintain the same level of encryption that the Site-to-Site VPN connections currently provide for each connection between the on-premises location and the new VPCs. The new connections must not use public IP addresses. The bandwidth of the Site-to-Site VPN connections will remain less than the current provisioned speed.

Which combination of steps will meet these requirements with LEAST operational overhead? (Choose three.)

Options:

Create a transit gateway and a Direct Connect gateway. Associate the transit gateway with the Direct Connect gateway. Attach all the new VPCs to the transit gateway.

For each new VPC, create a new Direct Connect private VIF to a Direct Connect gateway. Associate all VPCs with the Direct Connect gateway.

Assign a private IP CIDR block to the transit gateway.

Assign a public IP CIDR block to the transit gateway.

Create a transit VIF to the Direct Connect gateway. Create a Site-to-Site VPN private IP VPN connection.Create a public VIF.

Create a Site-to-Site VPN public IP VPN connection.

Questions 85

An IoT company sells hardware sensor modules that periodically send out temperature, humidity, pressure, and location data through the MQTT messaging protocol. The hardware sensor modules send this data to the company's on-premises MQTT brokers that run on Linux servers behind a load balancer. The hardware sensor modules have been hardcoded with public IP addresses to reach the brokers.

The company is growing and is acquiring customers across the world. The existing solution can no longer scale and is introducing additional latency because of the company's global presence. As a result, the company decides to migrate its entire infrastructure from on premises to the AWS Cloud. The company needs to migrate without reconfiguring the hardware sensor modules that are already deployed across the world. The solution also must minimize latency.

The company migrates the MQTT brokers to run on Amazon EC2 instances.

What should the company do next to meet these requirements?

Options:

Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listeners. Use Bring Your Own IP (BYOIP) from the on-premises network with the NLB.

Place the EC2 instances behind a Network Load Balancer (NLB). Configure TCP listeners. Create an AWS Global Accelerator accelerator in front of the NLUse Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator.

Place the EC2 instances behind an Application Load Balancer (ALB). Configure TCP listeners. Create an AWS Global Accelerator accelerator in front of the ALB. Use Bring Your Own IP (BYOIP) from the on-premises network with Global Accelerator

Place the EC2 instances behind an Amazon CloudFront distribution. Use Bring Your Own IP (BYOIP) from the on-premises network with CloudFront.

Questions 86

A company has configured an AWS Cloud WAN core network with edge locations in the us-east-1 Region and the us-west-1 Region. Each edge location has two segments: development and staging. The segments use the default core network policy.

The company has attached VPCs to the core network. A development VPC is attached to the development segment in us-east-1 and is configured to use the 10.0.0.0/16 CIDR block. A staging VPC is attached to the staging segment in us-west-1 and is configured to use the 10.5.0.0/16 CIDR block. The company has updated the route tables for both VPCs with a route that directs any traffic for 0.0.0.0/0 to the core network.

The company’s network team needs to establish communication between the two VPCs by using the AWS Cloud WAN core network. The network team is not receiving a response during tests of communication between the VPCs. The network team has verified that security groups and network ACLs are not blocking the traffic.

What should the network team do to establish this communication?

Options:

Update both VPC route tables to have a new static route. Configure a route on the development VPC to direct the traffic for 10.0.0.0/16 to the development VPC attachment. Configure a route on the staging VPC to direct the traffic for 10.5.0.0/16 to the staging VPC attachment.

Update the segment filter to allow traffic on the development and staging segments.

Set the isolate-attachments parameter to False for the development and staging segments.

Update the core network policy to add a static route for each segment. Configure a route to direct the traffic for 10.0.0.0/16 to the development VPC attachment. Configure a route to direct the traffic for 10.5.0.0/16 to the staging VPC attachment.

Questions 87

A network engineer must provide additional safeguards to protect encrypted data at ApplicationLoad Balancers (ALBs) through the use of a unique random session key.

What should the network engineer do to meet this requirement?

Options:

Change the ALB security policy to a policy that supports TLS 1.2 protocol only

Use AWS Key Management Service (AWS KMS) to encrypt session keys

Associate an AWS WAF web ACL with the ALBs. and create a security rule to enforce forward secrecy (FS)

Change the ALB security policy to a policy that supports forward secrecy (FS)

Exam Code: ANS-C01

Certification Provider: Amazon Web Services

Exam Name: Amazon AWS Certified Advanced Networking - Specialty

Last Update: Jul 15, 2025

Questions: 288

How to Pass ANS-C01 Exams

PDF + Testing Engine
~~$164.99~~ $66 Add to Cart

Testing Engine
~~$124.99~~ $50 Add to Cart

PDF (Q&A)
~~$104.99~~ $42 Add to Cart

Amazon Web Services Related Exams

How to pass Amazon Web Services MLS-C01 - AWS Certified Machine Learning - Specialty Exam

How to pass Amazon Web Services AXS-C01 - AWS Certified Alexa Skill Builder-Specialty Exam

How to pass Amazon Web Services SCS-C02 - AWS Certified Security - Specialty Exam

AIF-C01 - AWS Certified AI Practitioner Exam(AI1-C01)

SOA-C01 - AWS Certified SysOps Administrator - Associate

SAP-C02 - AWS Certified Solutions Architect - Professional

DOP-C02 - AWS Certified DevOps Engineer - Professional

MLA-C01 - AWS Certified Machine Learning Engineer - Associate

Data-Engineer-Associate - AWS Certified Data Engineer - Associate (DEA-C01)

SAA-C03 - AWS Certified Solutions Architect - Associate (SAA-C03)

DVA-C02 - AWS Certified Developer - Associate

SOA-C02 - AWS Certified SysOps Administrator - Associate (SOA-C02)

CLF-C02 - AWS Certified Cloud Practitioner

Get Amazon Web Services Full Access

Amazon Web Services Free Exams
Get free access to Amazon Web Services exam prep materials and practice tests at Examstrack. Achieve your Amazon Web Services certification goals by exploring Examstrack.

Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Navigation:

examstrack logo

Hot Vendors:

Free Amazon Web Services ANS-C01 Practice Exam with Questions & Answers | Set: 9

How to Pass ANS-C01 Exams

Amazon Web Services Related Exams

Amazon Web Services Free Exams