...

info@certsmasters.com

Verified Content • 24/7 Access • Free Updates
CertsMasters logo

Exam overview

Amazon ANS-C01 Exam Questions

Vendor

Amazon

Exam Code

ANS-C01

Actual Exam Duration

 170 Minutes

TOTAL QUESTIONS

154

Exam Name

Amazon AWS Certified Advanced Networking - Specialty

Purchase

$ 40

One-time payment • Instant access

  • Verified answers with explanations
  • Practice-friendly layout
  • Updated content focus
  • Support if you get stuck
Get More Questions
View all vendors

Frequently Ask Questions

Hot Exams

DVA-C02 PDF Dumps
DOP-C02 PDF Dumps
SAP-C02 PDF Dumps
CLF-C02 PDF Dumps
ANS-C01 PDF Dumps
MLS-C01 PDF Dumps
SAA-C03 PDF Dumps
SOA-C02 PDF Dumps
AXS-C01 PDF Dumps
SCS-C02 PDF Dumps
AIF-C01 PDF Dumps
Data-Engineer-Associate PDF Dumps
NIST-COBIT-2019 PDF Dumps
IT-Risk-Fundamentals PDF Dumps
Cybersecurity-Audit-Certificate PDF Dumps

Exam practice

Exam Q&A

Select an option, then click Show Answer.

Q1: A company has AWS accounts in an organization in AWS Organizations. The company has implemented Amazon VPC IP Address Manager (IPAM)in its networking AWS account. The company is using AWS Resource Access Manager (AWS RAM) to share IPAM pools with other AWS accounts. The company has created a top-level pool with a CIDR block of 10.0.0.0/8. For each AWS account, the company has created an IPAM pool within the top-level pool. A network engineer needs to implement a solution to ensure that users in each AWS account cannot create new VPCs. The solution also must prevent users from associating a CIDR block with existing VPCs unless the CIDR block is from the IPAM pool for that account. Which solution will meet these requirements?

A: Create a new AWS Config rule to find all VPCs that are not configured to allocate their CIDR block from an IPAM pool. Invoke an AWS Lambda function to delete these VPCs.

B: Create a new SCP in Organizations. Add a condition that denies the CreateVpc and AssociateVpcCidrBlock Amazon EC2 actions if the lpv4lpamPoolld context key value is not the ID of an IPAM pool.

C: Create an AWS Lambda function to check for and delete all VPCs that are not configured to allocate their CIDR block from an IPAM pool. Invoke the Lambda function at regular intervals.

D: Create an Amazon EventBridge rule to check for AWS CloudTrail events for the CreateVpc and AssociateVpcCidrBlock Amazon EC2 actions. Use the rule to invoke an AWS Lambda function to delete all VPCs that are not configured to allocate their CIDR block from an IPAM pool.

Correct Answer: B

Q2: A company needs to manage Amazon EC2 instances through command line interfaces for Linux hosts and Windows hosts. The EC2 instances are deployed in an environment in which there is no route to the internet. The company must implement role-based access control for management of the instances. The company has a standalone on-premises environment. Which approach will meet these requirements with the LEAST maintenance overhead?

A: Set up an AWS Direct Connect connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Direct Connect connection.

B: Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.

C: Establish an AWS Site-to-Site VPN connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Site-to-Site VPN connection.

D: Deploy an appliance to the VPC where the instances are deployed. Assign a public IP address to the appliance. Configure security groups and ACLs. Connect to the instances by using the appliance as an intermediary.

Correct Answer: B

Q3: A company is planning to host external websites on AWS. The websites will include multiple tiers such as web servers, application logic services, and databases. The company wants to use AWS Network Firewall. AWS WAR and VPC security groups for network security. The company must ensure that the Network Firewall firewalls are deployed appropriately within relevant VPCs. The company needs the ability to centrally manage policies that are deployed to Network Firewall and AWS WAF rules. The company also needs to allow application teams to manage their own security groups while ensuring that the security groups do not allow overly permissive access. What is the MOST operationally efficient solution that meets these requirements?A company is planning to host external websites on AWS. The websites will include multiple tiers such as web servers, application logic services, and databases. The company wants to use AWS Network Firewall. AWS WAR and VPC security groups for network security. The company must ensure that the Network Firewall firewalls are deployed appropriately within relevant VPCs. The company needs the ability to centrally manage policies that are deployed to Network Firewall and AWS WAF rules. The company also needs to allow application teams to manage their own security groups while ensuring that the security groups do not allow overly permissive access. What is the MOST operationally efficient solution that meets these requirements?

A: Define Network Firewall firewalls. AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups in code Use AWS CloudFormation to deploy the objects and Initial policies and rule groups. Use CloudFormation to update the AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups. Use Amazon GuardDuty to monitor for overly permissive rules.

B: Define Network Firewall firewalls. AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups in code. Use the AWS Management Console or the AWS CLI to manage the AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups. Use Amazon GuardDuty to invoke an AWS Lambda function to evaluate the configured rules and remove any overly permissive rules.

C: Deploy AWS WAFv2 IP sets and AWS WAFv2 web ACLs with AWS CloudFormation. Use AWS Firewall Manager to deploy Network Firewall firewalls and VPC security groups where required and to manage the AWS WAFv2 web ACLs, Network Firewall policies, and VPC security groups.

D: Define Network Firewall firewalls. AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups in code. Use AWS CloudFormation to deploy the objects and initial policies and rule groups. Use AWS Firewall Manager to manage the AWS WAFv2 web ACLs. Network Firewall policies, and VPC security groups. Use Amazon GuardDuty to monitor for overly permissive rules.

Correct Answer: D

Q4: A company ran out of IP address space in one of the Availability Zones in an AWS Region that the company uses. The Availability Zone that is out of space is assigned the 10.10.1.0/24 CIDR block. The company manages its networking configurations in an AWS CloudFormation stack. The company's VPC is assigned the 10.10.0.0/16 CIDR block and has available capacity in the 10.10.1.0/22 CIDR block. How should a network specialist add more IP address space in the existing VPC with the LEAST operational overhead?

A: Update the AWS :: EC2 :: Subnet resource for the Availability Zone in the CloudFormation stack. Change the CidrBlock property to 10.10.1.0/22.

B: Update the AWS :: EC2 :: VPC resource in the CloudFormation stack. Change the CidrBlock property to 10.10.1.0/22.

C: Copy the CloudFormation stack. Set the AWS :: EC2 :: VPC resource CidrBlock property to 10.10.0.0/16. Set the AWS :: EC2 :: Subnet resource CidrBlock property to 10.10.1.0/22 for the Availability Zone.

D: Create a new AWS :: EC2 :: Subnet resource for the Availability Zone in the CloudFormation stack. Set the CidrBlock property to 10.10.2.0/24.

Correct Answer: D

- Testimonials -

Real Results From Real Students

John Doe
John Doe
This site has been a game-changer for my certification journey. The materials are current, reliable, and best of all—free! It's clear they're committed to supporting the IT community.
Emma
Emma
I passed my CompTIA Security+ exam on the first try thanks to this site. Their practice exams and study guides are top-notch. Highly recommend it to anyone serious about IT certifications.
Liam
Liam
I’ve passed three certifications using this site. Their materials are detailed and well-structured, and the fact that it’s free makes it even better.
Isabella
Isabella
If you're studying for any IT certification, this should be your first stop. It’s comprehensive, organized, and constantly updated.
Benjamin
Benjamin
This website helped me prepare for multiple certifications, and today I’m working in cybersecurity. Without their free resources, I wouldn’t be here.