New Year Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ANS-C01 Exam Dumps : Amazon AWS Certified Advanced Networking - Specialty

PDF
ANS-C01 pdf
 Real Exam Questions and Answer
 Last Update: Dec 31, 2025
 Question and Answers: 290 With Explanation
 Compatible with all Devices
 Printable Format
 100% Pass Guaranteed
$25.5  $84.99
ANS-C01 exam
PDF + Testing Engine
ANS-C01 PDF + engine
 Both PDF & Practice Software
 Last Update: Dec 31, 2025
 Question and Answers: 290
 Discount Offer
 Download Free Demo
 24/7 Customer Support
$40.5  $134.99
Testing Engine
ANS-C01 Engine
 Desktop Based Application
 Last Update: Dec 31, 2025
 Question and Answers: 290
 Create Multiple Test Sets
 Questions Regularly Updated
  90 Days Free Updates
  Windows and Mac Compatible
$30  $99.99

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Certification Exams with Helpful Questions And Answers

What our customers are saying

Portugal certstopics Portugal
Saige
Oct 25, 2025
Certstopics's verified questions and answers for ANS-C01 were spot-on. They provided me with a clear understanding of the exam format and content.
Papua new Guinea certstopics Papua new Guinea
Africa
Oct 23, 2025
certstopics verified questions and answers accurately reflected the content of the ANS-C01 exam. Real exams made easy!

Amazon AWS Certified Advanced Networking - Specialty Questions and Answers

Question 1

A network engineer needs to deploy an AWS Network Firewall firewall into an existing AWS environment. The environment consists of the following:

A transit gateway with all VPCs attached to it

Several hundred application VPCs

A centralized egress internet VPC with a NAT gateway and an internet gateway

A centralized ingress internet VPC that hosts public Application Load Balancers

On-premises connectivity through an AWS Direct Connect gateway attachment

The application VPCs have workloads deployed across multiple Availability Zones in private subnets with the VPC route table s default route (0.0.0.0/0) pointing to the transit gateway. The Network Firewall firewall needs to inspect east-west (VPC-to-VPC) traffic and north-south (internet-bound and on-premises network) traffic by using Suricata compatible rules.

The network engineer must deploy the firewall by using a solution that requires the least possible architectural changes to the existing production environment.

Which combination of steps should the network engineer take to meet these requirements? (Choose three.)

Options:

A.

Deploy Network Firewall in all Availability Zones in each application VPC.

B.

Deploy Network Firewall in all Availability Zones in a centralized inspection VPC.

C.

Update the HOME_NET rule group variable to include all CIDR ranges of the VPCs and on-premises networks.

D.

Update the EXTERNAL_NET rule group variable to include all CIDR ranges of the VPCs and on-premises networks.

E.

Configure a single transit gateway route table. Associate all application VPCs and the centralized inspection VPC with this route table.

F.

Configure two transit gateway route tables. Associate all application VPCs with one transit gateway route table. Associate the centralized inspection VPC with the other transit gateway route table.

Buy Now
Question 2

A company is deploying a new application on AWS. The application uses dynamic multicasting. The company has five VPCs that are all attached to a transit gateway Amazon EC2 instances in each VPC need to be able to register dynamically to receive a multicast transmission.

How should a network engineer configure the AWS resources to meet these requirements?

Options:

A.

Create a static source multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow UDP traffic from the source to all receivers and to allow UDP traffic that is sent to the multicast group address.

B.

Create a static source multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow TCP traffic from the source to all receivers and to allow TCP traffic that is sent to the multicast group address.

C.

Create an Internet Group Management Protocol (IGMP) multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow UDP traffic from the source to all receivers and to allow UDP traffic that is sent to the multicast group address.

D.

Create an Internet Group Management Protocol (IGMP) multicast domain within the transit gateway. Associate the VPCs and applicable subnets with the multicast domain. Register the multicast senders' network interface with the multicast domain. Adjust the network ACLs to allow TCP traffic from the source to all receivers and to allow TCP traffic that is sent to the multicast group address.

Question 3

A company runs an application on Amazon EC2 instances. A network engineer implements a NAT gateway in the application's VPC to replace self-managed NAT instances. After the network engineer shifts traffic from the self-managed NAT instances to the NAT gateway, users begin to report issues.

During troubleshooting, the network engineer discovers that the connection to the application is closing after approximately 6 minutes of inactivity.

What should the network engineer do to resolve this issue?

Options:

A.

Check for increases in the Amazon CloudWatch IdleTimeoutCount metric for the NAT gateway. Configure TCP keepalive on the application EC2 instances.

B.

Check for increases in the Amazon CloudWatch ErrorPortAIlocation metric for the NAT gateway. Configure an HTTP timeout value on the application EC2 instances.

C.

Check for increases in the Amazon CloudWatch PacketsDropCount metric for the NAT gateway. Configure an HTTPS timeout value on the application EC2 instances.

D.

Check for decreases in the Amazon CloudWatch ActiveConnectionCount metric for the NAT gateway. Configure UDP keepalive on the application EC2 instances.