Free Amazon ANS-C01 Exam Questions

Become Amazon Certified with updated ANS-C01 exam questions and correct answers

Page: 1 / 47

Total 232 Questions | Updated On: Mar 27, 2025

Add To Cart

Question 1

A company wants to enforce a compliance requirement that its Amazon EC2 instances use only on-premises DNS servers tor name resolution Outbound DNS requests lo all other name servers must be denied. A network engineer configures the following set of outbound rules for a security group.

Other-Image-27ab13157-f384-454f-8031-3b5776e261be

The network engineer discovers that the EC2 instances are still able to resolve DNS requests by using Amazon DNS servers inside the VPC Why is the solution tailing to meet the compliance requirement9

A : security group cannot filter outbound traffic to the Amazon DNS servers

B : security group must have inbound rules to prevent DNS requests from coming back to EC2 instances.

C : EC2 instances are using the HTTPS port to send DNS queries to Amazon DNS servers

D : security group cannot filter outbound traffic to destinations within the same VPC

Answer: A

Question 2

A company has an application running on Amazon EC2 instances in a VPC The application must publish custom metrics to Amazon CloudWatch in the same AWS Region The metrics include proprietary information All connectivity must be over private IP addresses.

Which solution will meet these requirements'?

A : nnect to CloudWatch through a NAT gateway

B : nnect to CloudWatch through a gateway endpoint

C : nnect to CloudWatch through an internet gateway

D : nnect to CloudWatch through an interface endpoint

Answer: D

Question 3

The security team in its report has flagged malicious activity from 100 random IP addresses for malicious activity. As a network security engineer, you have to ensure the safety and accessibility of the AWS resources.

Which of the following actions would you suggest to ensure safety from such types of threats?

A : Route Table propagation to pass the data of malicious IP addresses to the network routers and block them using WAF

B : inbound Network ACL rules of the VPC to block the IP addresses

C : AWS WAF rate-based rule capability to block the IP addresses

D : inbound security group rules of the VPC to block the IP addresses

Answer: C

Question 4

A company runs a large-scale application on a feel of Amazon EC2 instances that ate distributed across several VPCs A Network Load Balancer (NLB) in a separate VPC routes traffic to the EC2 instances The NLB's VPC is peered to all the application VPCs

The application must process millions of requests each minute during times of peak utilization Users are reporting that the connections to the application are failing during peak times Monitoring shows an increase in port allocation errors on the NLB.

Which action will solve this issue with the LEAST change to the architecture?

A : crease the number of EC2 instances in the target group

B : eate an Application Load Balancer for the target group

C : a new target group to the same NLB listener

D : ange the target group type to 'instance'

Answer: C

Question 5

A company provisions an AWS Direct Connect connection to permit access to Amazon EC2 resources in several Amazon VPCs and to data stored in private Amazon S3 buckets. The Network Engineer needs to configure the company's on-premises router for this Direct Connect connection.

Which of the following actions will require the LEAST amount of configuration overhead on the customer router?

A : nfigure private virtual interfaces for the VPC resources and for Amazon S3.

B : nfigure private virtual interfaces for the VPC resources and a public virtual interface for Amazon S3.

C : nfigure a private virtual interface to a Direct Connect gateway for the VPC resources and for Amazon S3

D : nfigure a private virtual interface to a Direct Connect gateway for the VPC resources and a public virtual interface for Amazon S3.

Answer: A

Page: 1 / 47

Total 232 Questions | Updated On: Mar 27, 2025

Add To Cart