Big Black Friday Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

ANS-C01 Exam Dumps : Amazon AWS Certified Advanced Networking - Specialty

PDF
ANS-C01 pdf
 Real Exam Questions and Answer
 Last Update: Nov 30, 2025
 Question and Answers: 290 With Explanation
 Compatible with all Devices
 Printable Format
 100% Pass Guaranteed
$25.5  $84.99
ANS-C01 exam
PDF + Testing Engine
ANS-C01 PDF + engine
 Both PDF & Practice Software
 Last Update: Nov 30, 2025
 Question and Answers: 290
 Discount Offer
 Download Free Demo
 24/7 Customer Support
$40.5  $134.99
Testing Engine
ANS-C01 Engine
 Desktop Based Application
 Last Update: Nov 30, 2025
 Question and Answers: 290
 Create Multiple Test Sets
 Questions Regularly Updated
  90 Days Free Updates
  Windows and Mac Compatible
$30  $99.99

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Certification Exams with Helpful Questions And Answers

What our customers are saying

Papua new Guinea certstopics Papua new Guinea
Africa
Nov 26, 2025
certstopics verified questions and answers accurately reflected the content of the ANS-C01 exam. Real exams made easy!
Portugal certstopics Portugal
Saige
Nov 25, 2025
Certstopics's verified questions and answers for ANS-C01 were spot-on. They provided me with a clear understanding of the exam format and content.

Amazon AWS Certified Advanced Networking - Specialty Questions and Answers

Question 1

A company recently implemented a security policy that prohibits developers from launching VPC network infrastructure. The policy states that any time a NAT gateway is launched in a VPC, the company's network security team must immediately receive an alert to terminate the NAT gateway. The network security team needs to implement a solution that can be deployed across AWS accounts with the least possible administrative overhead. The solution also must provide the network security team with a simple way to view compliance history.

Which solution will meet these requirements?

Options:

A.

Develop a script that programmatically checks for NAT gateways in an AWS account, sends an email alert, and terminates the NAT gateway if a NAT gateway is detected. Deploy the script on an Amazon EC2 instance in each account. Use a cron job to run the script every 5 minutes. Log the results of the checks to an Amazon RDS for MySQL database.

B.

Create an AWS Lambda function that programmatically checks for NAT gateways in an AWS account, sends an email alert, and terminates the NAT gateway if a NAT gateway is detected. Deploy the Lambda function to each account by using AWS Serverless Application Model (AWS SAM) templates. Store the results of the checks on an Amazon OpenSearch Service cluster in each account.

C.

Enable Amazon GuardDuty. Create an Amazon EventBridge rule for the Behavior:EC2/NATGatewayCreation GuardDuty finding type. Configure the rule to invoke an AWS Step Functions state machine to send an email alert and terminate a NAT gateway if a NAT gateway is detected. Store the runtime log as a text file in an Amazon S3 bucket.

D.

Create a custom AWS Config rule that checks for NAT gateways in an AWS account. Configure the AWS Config rule to perform an AWS Systems Manager Automation remediation action to send an email alert and terminate the NAT gateway if a NAT gateway is detected. Deploy the AWS Config rule and the Systems Manager runbooks to each account by using AWS CloudFormation StackSets

Buy Now
Question 2

A company uses an AWS Direct Connect private VIF with a link aggregation group (LAG) that consists of two 10 Gbps connections. The company's security team has implemented a new requirement for external network connections to provide layer 2 encryption. The company's network team plans to use MACsec support for Direct Connect to meet the new requirement.

Which combination of steps should the network team take to implement this functionality? (Choose three.)

Options:

A.

Create a new Direct Connect LAG with new circuits and ports that support MACsec.

B.

Associate the MACsec Connectivity Association Key (CAK) and the Connection Key Name (CKN) with the new LAG.

C.

Associate the Internet Key Exchange (IKE) with the existing LAG.

D.

Configure the MACsec encryption mode on the existing LAG.

E.

Configure the MACsec encryption mode on the new LAG.

F.

Configure the MACsec encryption mode on each Direct Connect connection that makes up the existing LAG.

Question 3

A company wants to improve visibility into its AWS environment. The AWS environment consists of multiple VPCs that are connected to a transit gateway. The transit gateway connects to an on-premises data center through an AWS Direct Connect gateway and a pair of redundant Direct Connect connections that use transit VIFs. The company must receive notification each time a new route is advertised to AWS from on premises over Direct Connect.

What should a network engineer do to meet these requirements?

Options:

A.

Enable Amazon CloudWatch metrics on Direct Connect to track the received routes. Configure a CloudWatch alarm to send notifications when routes change.

B.

Onboard Transit Gateway Network Manager to Amazon CloudWatch Logs Insights. Use Amazon EventBridge (Amazon CloudWatch Events) to send notifications when routes change.

C.

Configure an AWS Lambda function to periodically check the routes on the Direct Connect gateway and to send notifications when routes change.

D.

Enable Amazon CloudWatch Logs on the transit VIFs to track the received routes. Create a metric filter Set an alarm on the filter to send notifications when routes change.