Winter Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

ANS-C01 Exam Dumps : Amazon AWS Certified Advanced Networking - Specialty

PDF
ANS-C01 pdf
 Real Exam Questions and Answer
 Last Update: Jan 23, 2026
 Question and Answers: 290 With Explanation
 Compatible with all Devices
 Printable Format
 100% Pass Guaranteed
$29.75  $84.99
ANS-C01 exam
PDF + Testing Engine
ANS-C01 PDF + engine
 Both PDF & Practice Software
 Last Update: Jan 23, 2026
 Question and Answers: 290
 Discount Offer
 Download Free Demo
 24/7 Customer Support
$47.25  $134.99
Testing Engine
ANS-C01 Engine
 Desktop Based Application
 Last Update: Jan 23, 2026
 Question and Answers: 290
 Create Multiple Test Sets
 Questions Regularly Updated
  90 Days Free Updates
  Windows and Mac Compatible
$35  $99.99

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Certification Exams with Helpful Questions And Answers

What our customers are saying

Papua new Guinea certstopics Papua new Guinea
Africa
Dec 13, 2025
certstopics verified questions and answers accurately reflected the content of the ANS-C01 exam. Real exams made easy!
Portugal certstopics Portugal
Saige
Oct 21, 2025
Certstopics's verified questions and answers for ANS-C01 were spot-on. They provided me with a clear understanding of the exam format and content.

Amazon AWS Certified Advanced Networking - Specialty Questions and Answers

Question 1

A company is planning to use an AWS Transit Gateway hub and spoke architecture to migrate to AWS. The current on-premises multi-protocol label switching (MPLS) network has strict controls that enforce network segmentation by using MPLS VPNs. The company has provisioned two 10 Gbps AWS Direct Connect connections to provide resilient, high-speed, low-latency connectivity to AWS.

A security engineer needs to apply the concept of network segmentation to the AWS environment to ensure that virtual routing and forwarding (VRF) is logically separated for each of the company's software development environments. The number of MPLS VPNs will increase in the future. On-premises MPLS VPNs will have overlapping address space. The company's AWS network design must support overlapping address space for the VPNs.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Deploy a software-defined WAN (SD-WAN) head-end virtual appliance and an SD-WAN controller into a Transit Gateway Connect VPC. Configure the company's edge routers to be managed by the new SD-WAN controller and to use SD-WAN to segment the traffic into the defined segments for each of the company's development environments.

B.

Configure IPsec VPNs on the company edge routers for each MPLS VPN for each of the company's development environments. Attach each IPsec VPN tunnel to a discrete MPLS VPN. Configure AWS Site-to-Site VPN connections that terminate at a transit gateway for each MPLS VPN. Configure a transit gateway route table that matches the MPLS VPN for each Transit Gateway VPN attachment.

C.

Create a transit VPC that terminates at the AWS Site-to-Site VRF-aware IPsec VPN. Configure IPsec VPN connections to each VPC for each of the company's development environment VRFs.

D.

Configure a Transit Gateway Connect attachment for each MPLS VPN between the company's edge routers and Transit Gateway. Configure a transit gateway route table that matches the MPLS VPN for each of the company's development environments.

Buy Now
Question 2

A company's network engineer is configuring an AWS Site-to-Site VPN connection between a transit gateway and the company's on-premises network. The Site-to-Site VPN connection is configured to use BGP over two tunnels in active/active mode with equal-cost multi-path (ECMP) routing activated on the transit gateway.

When the network engineer attempts to send traffic from the on-premises network to an Amazon EC2 instance, traffic is sent over the first tunnel. However, return traffic is received over the second tunnel and is dropped at the customer gateway. The network engineer must resolve this issue without reducing the overall VPN bandwidth.

Which solution will meet these requirements?

Options:

A.

Configure the customer gateway to use AS PATH prepending and local preference to prefer one tunnel over the other.

B.

Configure the Site-to-Site VPN options to set the first tunnel as the primary tunnel to eliminate asymmetric routing.

C.

Configure the virtual tunnel interfaces on the customer gateway to allow asymmetric routing.

D.

Configure the Site-to-Site VPN to use static routing in active/active mode to ensure that traffic flows over a preferred path.

Question 3

A company plans to run a computationally intensive data processing application on AWS. The data is highly sensitive. The VPC must have no direct internet access, and the company has applied strict network security to control access.

Data scientists will transfer data from the company's on-premises data center to the instances by using an AWS Site-to-Site VPN connection. The on-premises data center uses the network range 172.31.0.0/20 and will use the network range 172.31.16.0/20 in the application VPC.

The data scientists report that they can start new instances of the application but that they cannot transfer any data from the on-premises data center. A network engineer enables VPC flow logs and sends a ping to one of the instances to test reachability. The flow logs show the following:

The network engineer must recommend a solution that will give the data scientists the ability to transfer data from the on-premises data center.

Which solution will meet these requirements?

Options:

A.

Modify the security group for the application. Add an inbound rule to allow traffic from the on-premises data center network range to the application.

B.

Modify the network ACLs for the VPC subnet. Add an inbound rule to allow traffic from the on-premises data center network range to the VPC subnet range.

C.

Modify the network ACLs for the VPC subnet. Add an outbound rule to allow traffic from the VPC subnet range to the on-premises data center network range.

D.

Modify the security group for the application. Add an outbound rule to allow traffic from the application to the on-premises data center network range.