AWS Certified Advanced Networking Specialty Sample Questions
Which AWS certification is the best, you ask. The AWS Certified Advanced Networking – Specialty (ANS-C00) exam is the ideal way to prove your knowledge and progress your career, therefore you have come to the right place. Your career will advance and new doors will open up as a result of this exam. We also give you access to our AWS Certified Advanced Networking – Specialty study guide, which will help you pass the test on your first try. The article provides a list of AWS Certified Advanced Networking Specialty Sample Questions that cover core exam topics including –
- Designing, developing, and deploying cloud-based solutions using AWS
- Implementing AWS core services with basic architecture best practices
- Maintaining and designing network architecture for all AWS services
- Leveraging tools to automate AWS networking tasks
Advanced Sample Questions
What type of network traffic does VPC Flow Logs capture?
- a) Traffic between instances in the same VPC
- b) Traffic between instances in different VPCs
- c) Traffic to and from the Internet
- d) All of the above
Answer: d) All of the above
Explanation: VPC Flow Logs captures information about the IP traffic going to and from network interfaces in a VPC, including traffic between instances in the same VPC, traffic between instances in different VPCs, and traffic to and from the Internet.
Reference: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
What service do you use to host a highly available and scalable web application in the AWS Cloud?
- a) EC2
- b) ELB
- c) Auto Scaling
- d) All of the above
Answer: d) All of the above
Explanation: To host a highly available and scalable web application in the AWS Cloud, you would use EC2 instances to run your application, ELB to distribute incoming traffic across multiple instances, and Auto Scaling to ensure you have the right number of instances to handle the traffic.
Reference: https://aws.amazon.com/solutions/web-app-hosting/
Which AWS service allows you to route traffic between VPCs based on IP addresses and port numbers?
- a) VPC Peering
- b) Direct Connect
- c) VPC Endpoints
- d) Amazon Route 53
Answer: a) VPC Peering
Explanation: VPC Peering allows you to route traffic between VPCs as if they were in the same network. You can route traffic based on IP addresses and port numbers.
Reference: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
Which service provides a global content delivery network to deliver high-performance and low-latency access to static and dynamic web content?
- a) S3
- b) CloudFront
- c) EC2
- d) ELB
Answer: b) CloudFront
Explanation: CloudFront is a global content delivery network that provides high-performance and low-latency access to static and dynamic web content such as HTML, CSS, JavaScript, and images. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end-users with low latency, high data transfer speeds, and no commitments.
Reference: https://aws.amazon.com/cloudfront/
What service do you use to securely connect your on-premises data center to the AWS Cloud?
- a) VPC Peering
- b) Direct Connect
- c) VPC Endpoints
- d) Amazon Route 53
Answer: b) Direct Connect
Explanation: Direct Connect is a dedicated network connection from your on-premises data center to the AWS Cloud. It provides a secure and dedicated connection, with higher bandwidth and lower latency compared to the public Internet.
What service can you use to monitor network performance and diagnose network issues in the AWS Cloud?
- a) Amazon CloudWatch
- b) Amazon VPC Flow Logs
- c) Amazon CloudTrail
- d) Amazon Trusted Advisor
Answer: a) Amazon CloudWatch
Explanation: Amazon CloudWatch is a monitoring service for AWS resources and the applications you run on the AWS Cloud. You can use CloudWatch to monitor network performance, set alarms, and diagnose network issues. It integrates with other AWS services such as VPC Flow Logs and EC2 to provide a complete picture of your network performance.
Reference: https://aws.amazon.com/cloudwatch/
What service provides a scalable and highly available DNS service for distributing traffic to applications in the AWS Cloud?
- a) Amazon Route 53
- b) Amazon VPC Peering
- c) Amazon Direct Connect
- d) Amazon EC2
Answer: a) Amazon Route 53
Explanation: Amazon Route 53 is a scalable and highly available DNS service that routes traffic to applications in the AWS Cloud. It integrates with other AWS services such as ELB, EC2, and CloudFront to provide a complete solution for traffic management in the AWS Cloud.
Reference: https://aws.amazon.com/route53/
What service provides secure and fast access to data stored in S3 from within a VPC?
- a) Amazon S3
- b) Amazon VPC Peering
- c) Amazon Direct Connect
- d) Amazon S3 VPC Endpoints
Answer: d) Amazon S3 VPC Endpoints
Explanation: Amazon S3 VPC Endpoints provide secure and fast access to data stored in S3 from within a VPC. VPC Endpoints use an Amazon VPC endpoint instead of using the Internet to access S3, providing improved security and network performance.
Reference: https://aws.amazon.com/vpc/endpoints/
What service provides a secure and scalable way to manage and distribute SSL/TLS certificates in the AWS Cloud?
- a) Amazon Certificate Manager
- b) Amazon Direct Connect
- c) Amazon VPC Peering
- d) Amazon CloudFront
Answer: a) Amazon Certificate Manager
Explanation: Amazon Certificate Manager is a secure and scalable way to manage and distribute SSL/TLS certificates in the AWS Cloud. It eliminates the need to purchase, configure, and manage certificates separately, making it easier to secure your applications and resources.
Reference: https://aws.amazon.com/certificate-manager/
What service provides a scalable, managed, and highly available database service for mission-critical applications in the AWS Cloud?
- a) Amazon RDS
- b) Amazon DynamoDB
- c) Amazon Redshift
- d) Amazon Aurora
Answer: d) Amazon Aurora
Explanation: Amazon Aurora is a scalable, managed, and highly available database service for mission-critical applications in the AWS Cloud. It provides up to five times the performance of traditional databases, while still providing compatibility with MySQL and PostgreSQL.
Basic Sample Questions
Q1) Which of the following can be utilised when creating a web distribution in Amazon CloudFront as the origin servers?
- A. Any combination of an Oracle server and AWS Glacier archives
- B. Any mix of XML servers and Amazon DB instances
- C. Any mix of HTTP servers and Amazon S3 buckets
- D. Any mix of PHP servers and Amazon Data Insights
Correct Answer: C
Explanation:One or more Amazon S3 buckets can be set up as your origin servers in Amazon CloudFront when creating a web distribution, or HTTP servers can be used instead. The place where you save the initial copy of your web content is known as an origin. The files that CloudFront distributes at edge locations are obtained from the origin when CloudFront receives a request for them. Your origin servers might be any set up of HTTP servers and Amazon S3 buckets.
Refer: Steps for creating a distribution (overview)
Q2) You should use which of these addresses to send a broadcast message to your 10.0.0.0/24 subnet.
- A. 10.0.0.255
- B. 10.0.0.1
- C. 10.0.0.2
- D. You cannot send a broadcast in an AWS VPC.
Correct Answer: D
Q3) You must first create a baseline of typical traffic flow before deploying security improvements in your organisation. What are the best two items to choose? (Choose two.)
- A. Wireshark
- B. CloudTrail
- C. An IDS
- D. CloudWatch
Correct Answer: A and D
Q4) If you have one VPC peering with two VPCs that have overlapping CIDRs, which route will be given preference?
- A. 10.1.0.0/16
- B. 10.0.0.0/8
- C. 10.1.1.5/32
- D. 10.1.1.0/24
Correct Answer: C
Q5) Which ports for HTTP and HTTPS do you need to open?
- A. 25/465
- B. 21/22
- C. 3389/3306
- D. 80/443
Correct Answer: D
Q6) Which of the following should you carry out in order to begin using AWS Direct Connect?
- A. Complete the Cross Connect
- B. Verify your Virtual Interface
- C. Create a Virtual Interface
- D. Submit AWS Direct Connect Connection Request
Correct Answer: C
Explanation: To connect to Amazon Virtual Private Cloud via AWS Direct Connect, your network must support BGP and BGP MD5 authentication, and you must give a private Autonomous System Number (ASN) for that (VPC). You will also need to offer a public ASN that you own (recommended) or a private ASN in order to connect to public AWS products like Amazon EC2 and Amazon S3. BGP configuration is required at the Create a Virtual Interface stage.
Refer: Create a virtual interface
Q7) Which AWS service enables you to reliably and affordably backup and archive CloudTrail log data?
- A. Amazon Archiver
- B. Amazon Glacier
- C. AWS Storage Gateway
- D. Amazon Elastic Block Store
Correct Answer: B
Explanation: The CloudTrail log files’ retention rules are under your discretion. In order to save money, you could choose to erase old log files or archive them to Amazon Glacier, a storage service designed for data archiving and backup of infrequently used data. Log files are typically stored forever by default.
Q8) Which AWS service enables you to reliably and affordably backup and archive CloudTrail log data?
- A. By definition, HTTP is a connection-less oriented protocol and therefore utilises TCP
- B. By definition, HTTP is a connection orientated protocol and therefore utilises TCP
- C. By definition, HTTP is a connection-less oriented protocol and therefore utilises UDP
- D. By definition, HTTP can be configured to be either connection or connection-less oriented ג€” by specifying the appropriate HTTP header.
Correct Answer: B
Q9)Which of the following Ethernet standards does AWS Direct Link use to connect your internal network to an AWS Direct Connect facility?
- A. Copper backplane cable
- B. Twisted pair cable
- C. Single mode fiber-optic cable
- D. Shielded balanced copper cable
Correct Answer: C
Explanation: Using a common 1 or 10 gigabit Ethernet single-mode fibre-optic connection, AWS Direct Connect connects your internal network to an AWS Direct Connect facility.
Refer: What is AWS Direct Connect?
Q10) A company sets up a virtual interface using a newly created 1-Gbps AWS Direct Connect connection to access Amazon S3. Which setup options do network engineers need to use? (Choose two.)
- A. Connection speed
- B. VLAN ID
- C. IP prefixes to advertise
- D. Direct Connect location
- E. Virtual private gateway
Correct Answer: B and E
Q11) You have just finished setting up an elastic load balancer. How long will it take for an instance to become healthy with a 6 second HealthCheck Interval, an unhealthy threshold of 5, and a healthy threshold of 10?
- A. 120 seconds
- B. 30 seconds
- C. 6 seconds
- D. 60 seconds
Correct Answer: D
Q12) Which of the aforementioned statements regarding Amazon CloudFront is true?
- A. You are unable to forward cookies to your origin for HTTPS web deployments.
- B. You have the option to forward cookies to your origin for both HTTP and HTTPS web deployments.
- C. You are unable to forward cookies to your origin for HTTP web distributions.
- D. You can set up CloudFront to handle cookies while distributing Real Time Messaging Protocol (RTMP) messages.
Correct Answer: B
Explanation: You can decide whether you want Amazon CloudFront to forward cookies to your origin for HTTP and HTTPS web distributions. You cannot set CloudFront to process cookies for RTMP distributions.
Refer: Maximum length of cookie names
Q13) A user has enabled comprehensive CloudWatch monitoring by enabling the AWS Simple Notification Service. Which of the following statements best helps the user understand comprehensive monitoring?
- A. SNS cannot provide data every minute
- B. There is no need to enable since SNS provides data every minute
- C. SNS will send data every minute after configuration
- D. AWS CloudWatch does not support monitoring for SN
Correct Answer: A
Explanation: AWS and the customised services are both monitored using CloudWatch. It gives the supported AWS products either basic or in-depth monitoring. While a service sends data points to CloudWatch every five minutes for basic monitoring, it does so every minute for comprehensive monitoring. Every 5 minutes, data is sent using the AWS SNS service. As a result, it only enables minimal monitoring. With SN, the user cannot activate in-depth monitoring.
Refer: AWS services that publish CloudWatch metrics
Q14) Which two settings need to be turned on in order for all traffic to be able to reach a “Subnet 1” instance using “Security Group 1”? (Choose two.)
- A. NACL rule allowing 0.0.0.0/0 to access “Subnet 1”
- B. Security Group rule in “Security Group 1” that allows 0.0.0.0/0 inbound
- C. Security Group rule in “Security Group 1” that allows outbound traffic to 0.0.0.0/0
- D. NACL rule allowing 0.0.0.0/0 to access “Security Group 1”
Correct Answer: A and B
Q15) Three virtual private clouds (VPCs) that you have must be able to communicate with one another. How will you accomplish this in two ways? (Choose two.)
- A. To create a full mesh peering, peer every VPC to every other VPC.
- B. Peer them; as of December 2017, VPC peering permits transitive peering.
- C. Make an AWS call to activate transitive peering.
- D. Establish VPN connections between them, then modify the routing tables.
Correct Answer: A and D
Q16) If you need to quickly remove something from an Amazon CloudFront distribution, you can:
- A. Clear the cache of the objects.
- B. render the items invalid.
- C. Delete your Amazon S3 bucket, option.
- D. Restart your distribution after deleting it.
Correct Answer: B
Explanation: You can invalidate objects in Amazon CloudFront if you need to swiftly remove them from a distribution.
Refer: Adding, removing, or replacing content that CloudFront distributes
Q17) Which of the following statements concerning Amazon CloudFront’s Smooth Streaming is accurate?
- A. It is a Microsoft format for media files streaming.
- B. It is a CloudFront format for RTMP distribution of media files.
- C. It uses the Adobe format for media file streaming.
- D. It is a CloudFront format for media file streaming on the web.
Correct Answer: A
Explanation: For on-demand streaming of media files that you have converted into the Microsoft Smooth Streaming format, you can use Amazon CloudFront. You have two choices for distributing Smooth Streaming on-demand content: Choose a web server that can stream files that have been converted into the Microsoft Smooth Streaming format as the origin for your distribution. In a CloudFront distribution, enable Smooth Streaming. Because Smooth Streaming is a cache behaviour, you can use one distribution to share both content and media assets that support Smooth Streaming.
Refer: What is Amazon CloudFront?
Q18) The Virtual Private Cloud (VPC) and Amazon Elastic Compute Cloud (EC2) systems used by your company require strict adherence to a change control policy. AWS CloudFormation is the AWS service that the business controls and uses to deploy changes. Of the following three services, which one notifies you of alterations made outside of AWS CloudFormation? (Choose three.)
- A. AWS Config
- B. AWS Simple Notification Service
- C. AWS CloudWatch metrics
- D. AWS Lambda
- E. AWS CloudFormation
- F. AWS Identify and Access Management
Correct Answer: BCD
Q19) You must ensure that the files provided by your CloudFront distribution are only accessible to authorised users. You wish to provide service to plenty of customers. What are the two actions that you ought to take? (Choose two.)
- A. Configure signed cookies.
- B. Configure a WAF.
- C. Configure a bucket policy restricting the bucket to only CloudFront OAI.
- D. Configure an SSL on the distribution.
Correct Answer: A and C
Q20) Which of the following types of content can’t be supplied over HTTP or HTTPS in Amazon CloudFront in AWS Certified Advanced Networking Specialty?
- A. Apple HTTP Live Streaming
- B. Static and dynamic download content
- C. Adobe Flash multimedia content
- D. CloudFront RTMP distribution
Correct Answer: C
Explanation: You can utilise web distributions in Amazon CloudFront to offer the following content through HTTP or HTTPS: Use HTTP or HTTPS to download static and dynamic content, such as.html,.css,.php, and picture files. Apple HTTP Live Streaming and progressive download are used to deliver multimedia material on demand (HLS). a real-time live event, such a meeting, conference, or performance. HTTP or HTTPS cannot be used to serve Adobe Flash multimedia content.
Refer: Overview of distributions