Free Amazon ANS-C01 Actual Exam Questions
Dumps Box (DumpsBox) offers up-to-date practice exam questions for ans-c01 certification exam which are developed and validated by Amazon – AWS subject domain experts certified in Amazon ANS-C01 . These practice questions are update regularly as we keep an eye on any recent changes in ans-c01 syllabus, and when there is update our team quickly adjusts the questions. This commitment to providing the best quality exam prep material to certification aspirants is what makes DumpsBox.com the best certification exam prep website. On top of that, our strong, yet strictly moderated, community based feedback keeps the content clean and current. Each question has helpful community discussion that provides it extra perspective and introduces helpful resources for better exam preparation. This also saves students from other outdated practice questions or illicit exam dumps that can have adverse affects on career. Browse through our Amazon ANS-C01 exam questions and pass your exam on first try.
engineer must connect the eu-west-1 and eu-central-1 Regions to the company headquarters and
branch office, respectively.
The network engineer created a production VPC, named Prod A, with a CIDR block of 10.0.0.0/16.
Prod A runs in an account in eu-west-1. The network engineer then created another production VPC,
named Prod B, with a CIDR block of 10.1.0.0/16. Prod В runs in a different account in eu-central-1.
The network engineer performed the following steps to try to achieve the required connectivity:
1. Created one transit gateway in each Region
2. Shared and accepted the transit gateways with the production accounts in both Regions
3. Configured the peering attachment between both transit gateways
4. Attached both VPCs to the respective Region transit gateway
5. Created both transit gateway route tables and associated the attachments with the route tables
6. Configured a static route in both transit gateway route tables to send traffic to the remote VPC in
the other Region
7. Activated route propagation on the VPC route tables in each Region
After the configuration, the network engineer tried to connect from Prod A to Prod B. However, the
connection was unsuccessful.
What should the network engineer do to achieve the required connectivity?
C/D? The question says the VPC CIDRs are 10.0.0.0/16 and 10.1.0.0/16, but option C suggests a route for 10.0.0.0/8, which seems way too broad and could cause routing conflicts. So I’d rule out C. For D, enabling dynamic propagation between transit gateway route tables makes sense because static routes might not update properly across regions. If the TGW route tables don’t share routes dynamically, that could explain the connectivity issue. So D feels like the proper fix here to ensure routes propagate correctly between the transit gateways themselves.
Seems like the missing piece is route propagation between the transit gateways themselves, not just within each VPC. D looks like the fix here.
multiple VPCs that are connected to a transit gateway. The transit gateway connects to an on-
premises data center through an AWS Direct Connect gateway and a pair of redundant Direct
Connect connections that use transit VIFs. The company must receive notification each time a new
route is advertised to AWS from on premises over Direct Connect.
What should a network engineer do to meet these requirements?
CloudWatch Logs on transit VIFs sounds right for tracking route changes, so D.
A, since CloudWatch metrics on Direct Connect can directly monitor route changes without extra setup.
uses proprietary TCP and UDP protocols on Amazon Elastic Compute Cloud (EC2) instances. End users
run a real-time, front-end application on their local PCs. This front-end application knows the DNS
hostname of the service.
You must prepare the system for global expansion. The end users must access the application with
lowest latency.
How should you use AWS services to meet these requirements?
A. ELB doesn’t handle UDP, so B’s no good here. Also, API Gateway and CloudFront are HTTP-focused, so A is the only option that supports both TCP and UDP with latency-based routing.
A/C? CloudFront is mostly for HTTP/HTTPS and won’t handle TCP/UDP protocols properly. So C is out. A’s latency-based routing with IPs seems practical despite scaling challenges, especially since ELB and API Gateway don’t fit the protocol needs.
pressure, and location data through the MQTT messaging protocol. The hardware sensor modules
send this data to the company's on-premises MQTT brokers that run on Linux servers behind a load
balancer. The hardware sensor modules have been hardcoded with public IP addresses to reach the
brokers.
The company is growing and is acquiring customers across the world. The existing solution can no
longer scale and is introducing additional latency because of the company's global presence. As a
result, the company decides to migrate its entire infrastructure from on premises to the AWS Cloud.
The company needs to migrate without reconfiguring the hardware sensor modules that are already
deployed across the world. The solution also must minimize latency.
The company migrates the MQTT brokers to run on Amazon EC2 instances.
What should the company do next to meet these requirements?
Maybe B. Using Global Accelerator in front of the NLB can help direct traffic to the closest AWS region, reducing latency for global users. Since the sensor modules are hardcoded with public IPs, BYOIP paired with Global Accelerator lets them keep those IPs while benefiting from faster global routing. A only uses an NLB without Global Accelerator, so it might not handle worldwide latency as well. ALB (C) isn’t great for MQTT because MQTT uses TCP, not HTTP. CloudFront (D) is mostly for web content, so it doesn’t fit MQTT use cases here.
It’s A because using an NLB with TCP listeners supports MQTT directly, and BYOIP lets you keep the same IP addresses without reconfiguring hardware. Global Accelerator isn’t needed if latency is managed by keeping IPs consistent.
located on-premises that can be accessed by using AWS Direct Connect. The company wants to
ensure that the source IP addresses of clients connecting to the application are passed all the way to
the end server.
How can this requirement be achieved?
If the on-prem servers don’t support ProxyProtocol v2, option C could cause issues. Also, X-Forwarded-For headers (B and D) are mainly for HTTP traffic, so might not apply here. Doesn’t that make A the safest bet?
Maybe C, since ProxyProtocol v2 is designed to forward the client IP info at the transport layer, which might be better for non-web apps if the on-prem setup supports it. A is good, but this adds extra assurance.
VPC. The production VPC and the nonproduction VPC must each have communication with the
shared services VPC. There must be no communication between the production VPC and the
nonproduction VPC. A transit gateway is deployed to facilitate communication between VPCs.
Which route table configurations on the transit gateway will meet these requirements?
Maybe A works because it limits the route propagation so production and nonproduction only get routes to shared services, preventing direct communication. That aligns with the no communication rule between production and nonproduction.
D imo makes sense since disabling route propagation for production and nonproduction attachments ensures they don’t learn each other’s routes, while shared services can still communicate with both.
the AWS Cloud by using an AWS Direct Connect connection. The company uses a transit VIF that
connects the Direct Connect connection with a transit gateway that is hosted in the Europe (Paris)
Region. The company hosts workloads in private subnets in several VPCs that are attached to the
transit gateway.
The company recently acquired another corporation that hosts workloads on premises in an office
building in Tokyo, Japan. The company needs to migrate the workloads from the Tokyo office to AWS.
These workloads must have access to the company's existing workloads in Paris. The company also
must establish connectivity between the Tokyo office building and the Paris data center.
In the Asia Pacific (Tokyo) Region, the company creates a new VPC with private subnets for migration
of the workloads. The workload migration must be completed in 5 days. The workloads cannot be
directly accessible from the internet.
Which set of steps should a network engineer take to meet these requirements?
It’s C, since transit gateway peering isn’t cross-region but VPN to the Tokyo transit gateway works.
It’s C since transit gateway peering across regions isn’t possible, so VPN links make sense.
corporate data center to the Direct Connect location. The network engineer learns that the MACsec
secret key might have been compromised. The network engineer needs to update the connection
with an uncompromised secure key.
Which solution will meet this requirement?
This feels like it rules out C and D since modifying existing keys usually isn’t supported for security reasons, especially if the key is compromised. Between A and B, both suggest creating a new key but differ on AWS managed vs customer managed keys. Using AWS managed keys (A) typically means less hassle and automatic rotation, which seems better for quick key swaps after compromise. So I’d pick A here based on that.
Maybe A since AWS managed keys simplify rotation without extra customer management.
customer base to the United States (US). The company is targeting the western US for the expansion.
The company’s existing AWS architecture consists of four AWS accounts with multiple VPCs deployed
in the ap-southeast-2 Region. All VPCs are attached to a transit gateway in ap-southeast-2. There are
dedicated VPCs for each application service. The company also has VPCs for centralized security
features such as proxies, firewalls, and logging.
The company plans to duplicate the infrastructure from ap-southeast-2 to the us-west-1 Region. A
network engineer must establish connectivity between the various applications in the two Regions.
The solution must maximize bandwidth, minimize latency and minimize operational overhead.
Which solution will meet these requirements?
B imo—transit gateway peering between regions is designed for exactly this kind of scenario. It provides high bandwidth, low latency connections optimized by AWS, and it keeps your architecture clean without managing extra VPNs or servers. Plus, since the company already uses transit gateways in ap-southeast-2, extending that setup with peering in us-west-1 makes sense. Option A’s VPN attachments would work but usually add extra latency and complexity with BGP sessions over VPN tunnels. Definitely better to avoid that if direct peering is supported and available.
A/B? Peering (B) is usually better for latency and bandwidth than VPN (A), but if peering isn’t supported or set up yet between these regions, VPN (A) is a reliable fallback. D’s definitely out since cross-region VPC attachments aren’t possible.
workload. Amazon EC2 instances will require 10 Gbps flows and an aggregate throughput of up to
100 Gbps across many instances with low-latency communication.
Which architecture solution will optimize this workload?
Actually, D isn’t ideal since cluster placement groups require instances to be in the same AZ for low latency, and spreading across multiple AZs would add latency. That rules out cross-AZ setups for this HPC need.
B tbh doesn’t seem right because spread placement groups are more about fault tolerance than low latency or high throughput, which is key here. The question asks for low-latency and high aggregate throughput, so spreading nodes across subnets might increase latency and reduce performance. A cluster placement group keeps instances physically close, which aligns better with HPC needs. Plus, Elastic Fabric Adapter (EFA) is specifically designed for HPC workloads to provide that super low latency and high throughput, which option A nails.
premises data centers. The company has set up AWS Direct Connect connections between the on-
premises data centers and AWS. From each location, the company is using a transit VIF that connects
to a Direct Connect gateway that is associated with a transit gateway.
The network engineer must ensure that traffic from AWS to the data centers is routed first to the
primary data center. The traffic should be routed to the failover data center only in the case of an
outage.
Which solution will meet these requirements?
A/C? A makes sense since 7224:7100 is for preferred routes, ensuring primary data center traffic first. But I’m checking C because those values might represent similar preferences in some setups.
B vs A, AWS docs show 7300 prefers routes, so primary should get 7300 tag.
connect from the Direct Connect location provider to the port on your router in the same facility. To
enable the use of your first virtual interface, your router must be configured appropriately.
What are the minimum requirements for your router?
A seems more accurate since single mode fiber is usually for longer distances, and here it’s within the same facility, so multimode fits better. Also, IPsec stuff in C or D isn’t needed for Direct Connect.
It’s A because multi mode fiber is common for short-distance connections inside the same building.
subnets in three Availability Zones behind an Application Load Balancer (ALB). Security auditors
require encryption of all connections. The company uses Amazon Route 53 for DNS and uses AWS
Certificate Manager (ACM) to automate SSL/TLS certificate provisioning. SSL/TLS connections are
terminated on the ALB.
The company tests the application with a single EC2 instance and does not observe any problems.
However, after production deployment, users report that they can log in but that they cannot use the
application. Every new web request restarts the login process.
What should a network engineer do to resolve this issue?
It’s C, app-based cookies give more control over session persistence than group-level stickiness.
Probably C, app-based cookies handle session persistence better with ALB.
instances launch in an Amazon VPC associated with an appropriate IPv6 CIDR. The VPC IPv4 CIDR is
fully utilized. A single subnet exists in each of two Availability Zones with appropriately configured
IPv6 CIDR associations. Auto Scaling is properly configured, and no Elastic Load Balancing is used.
Customers say the service is unavailable during peak load times. The network engineer attempts to
launch an instance manually and receives the following message: “There are not enough free
addresses in subnet ‘subnet-12345677’ to satisfy the requested number of instances.”
What action will resolve the availability problem?
A seems right since you need more IPv6 addresses in the subnet for scaling.
A, adding new IPv6 subnet is the only way since current subnets are full.
to a virtual private gateway in the AWS Cloud Because of congestion, the company is experiencing
availability and performance issues as traffic travels across the internet before the traffic reaches
AWS. A network engineer must reduce these issues for the connection as quickly as possible with
minimum administration effort.
Which solution will meet these requirements?
A, since enabling acceleration on the existing VPN is the fastest fix with least hassle.
Guessing C too, since it avoids complex transit gateway setup but still adds acceleration fast.