Amazon ANS-C01 Exam Questions - Navigate Your Path to Success

The Amazon AWS Certified Advanced Networking - Specialty (ANS-C01) exam is a good choice for AWS networking specialist and if the candidate manages to pass Amazon AWS Certified Advanced Networking - Specialty exam, he/she will earn Amazon Specialty Certification. Below are some essential facts for Amazon ANS-C01 exam candidates:

In actual Amazon AWS Certified Advanced Networking - Specialty (ANS-C01) exam, a candidate can expect 65 Questions and the officially allowed time is expected to be around 170 Minutes.
TrendyCerts offers 154 Questions that are based on actual Amazon ANS-C01 syllabus.
Our Amazon ANS-C01 Exam Practice Questions were last updated on: Mar 03, 2025

Sample Questions for Amazon ANS-C01 Exam Preparation

Question 1

A company uses Amazon Route 53 for its DNS needs. The company's security team wants to update the DNS infrastructure to provide the most recent security posture.

The security team has configured DNS Security Extensions (DNSSEC) for the domain. The security team wants a network engineer to explain who is responsible for the

rotation of DNSSEC keys.

Which explanation should the network administrator provide to the security team?

AAWS rotates the zone-signing key (ZSK). The company rotates the key-signing key (KSK).

BThe company rotates the zone-signing key (ZSK) and the key-signing key (KSK).

CAWS rotates the AWS Key Management Service (AWS KMS) key and the key-signing key (KSK).

DThe company rotates the AWS Key Management Service (AWS KMS) key. AWS rotates the key-signing key (KSK).

Correct : A

Options Selected by Other Users:

Question 2

AnyCompany has acquired Example Corp. AnyCompany's infrastructure is all on premises, and Example Corp's infrastructure is completely in the AWS Cloud. The

companies are using AWS Direct Connect with AWS Transit Gateway to establish connectivity between each other.

Example Corp has deployed a new application across two Availability Zones in a VPC with no internet gateway. The CIDR range for the VPC is 10.0.0.0/16. Example

Corp needs to access an application that is deployed on premises by AnyCompany. Because of compliance requirements, Example Corp must access the application

through a limited contiguous block of approved IP addresses (10.1.0.0/24).

A network engineer needs to implement a highly available solution to achieve this goal. The network engineer starts by updating the VPC to add a new CIDR range of

10.1.0.0/24.

What should the network engineer do next to meet the requirements?

AIn each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a public NAT Sateway in each of the new
subnets. Update the route tables that are associated with other subnets to route application traffic to the public NAT gateway in the corresponding Availability
Zone. Add a route to the route table that is associated with the subnets of the public NAT gateways to send traffic destined for the application to the transit
gateway.

BIn each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new
subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding
Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to
the transit gateway.

CIn the VPC, create a subnet that uses the allowed IP address range. Create a private NAT gateway in the new subnet. Update the route tables that are
associated with other subnets to route application traffic to the private NAT gateway. Add a route to the route table that is associated with the subnet of the
private NAT gateway to send traffic destined for the application to the transit gateway.

DIn the VPC, create a subnet that uses the allowed IP address range. Create a public NAT gateway in the new subnet. Update the route tables that are
associated with other subnets to route application traffic to the public NAT gateway. Add a route to the route table that is associated with the subnet of the
public NAT gateway to send traffic destined for the application to the transit gateway.

Correct : B

The correct answer is B. In each Availability Zone in the VPC, create a subnet that uses part of the allowed IP address range. Create a private NAT gateway in each of the new subnets. Update the route tables that are associated with other subnets to route application traffic to the private NAT gateway in the corresponding Availability Zone. Add a route to the route table that is associated with the subnets of the private NAT gateways to send traffic destined for the application to the transit gateway.

This solution meets the requirements because:

* It uses a private NAT gateway, which can route traffic to other VPCs or on-premises networks through a transit gateway or a virtual private gateway1.

* It creates a subnet in each Availability Zone that uses part of the approved IP address range, which ensures high availability and compliance.

* It updates the route tables to send traffic from the other subnets to the private NAT gateway in the same Availability Zone, which reduces latency and improves performance.

* It adds a route to the route table of the private NAT gateway subnets to send traffic destined for the application to the transit gateway, which enables connectivity to the on-premises network.

The other options are incorrect because:

* Option A uses a public NAT gateway, which is not necessary for connecting to other VPCs or on-premises networks. A public NAT gateway also requires an elastic IP address, which is not part of the approved IP address range.

* Option C creates only one subnet and one private NAT gateway, which does not provide high availability across multiple Availability Zones.

* Option D uses a public NAT gateway, which is not necessary for connecting to other VPCs or on-premises networks. A public NAT gateway also requires an elastic IP address, which is not part of the approved IP address range. Additionally, option D creates only one subnet and one public NAT gateway, which does not provide high availability across multiple Availability Zones.