Preparing for the AWS Certified Advanced Networking – Specialty ANS-C01 can feel overwhelming, especially when you’re unsure what kind of questions to expect on exam day. This practice test is designed to give you a realistic preview of the exam format while helping you strengthen your understanding of key concepts. Instead of just memorizing answers, you’ll get a chance to think through scenarios, improve your accuracy, and build confidence. Use this as part of your daily study routine to identify weak areas and gradually improve your performance.
Updated for 2026: This guide provides a structured approach to help you prepare effectively, understand key concepts, and practice real exam-level questions.
How to Use This Practice Test
- Start by reviewing key concepts before attempting questions
- Take the test in a timed environment
- Analyze your mistakes and revisit weak areas
Why This Practice Test Matters
This practice test is designed to simulate the real exam environment and help you identify knowledge gaps, improve accuracy, and build confidence.
| Exam Name | ANS-C01 Practice Exam – AWS Certified Advanced Networking Specialty (2026 Updated) |
|---|---|
| Exam Provider | Amazon Web Services (AWS) |
| Certification Type | Advanced Specialty Certification (Cloud Networking & Hybrid Infrastructure) |
| Total Practice Questions | 150 Advanced MCQs (Real Exam-Level + Scenario-Based + Hybrid Networking + Troubleshooting) |
| Exam Domains Covered | • Hybrid Connectivity (VPN, Direct Connect, BGP Routing) • Core Networking (VPC Design, Subnetting, CIDR Planning) • Routing & Traffic Management (Route Tables, NAT, IGW, TGW) • DNS & Name Resolution (Route 53, Resolver, Hybrid DNS) • Network Security (Security Groups, NACLs, WAF, Shield) • Performance Optimization (CloudFront, Global Accelerator, Load Balancing) • Monitoring & Troubleshooting (Flow Logs, Traffic Mirroring, CloudWatch) |
| Questions in Real Exam | • Total: 65 Questions • Scenario-heavy questions with real-world networking cases • Focus on architecture decisions, troubleshooting, and hybrid design |
| Exam Duration | • Total Time: 170 Minutes • Long, complex scenarios requiring deep analysis • Strong time management needed for success |
| Passing Score | • Scaled Score: 750 / 1000 • Requires deep understanding of networking concepts • Emphasis on correct architectural decision-making |
| Question Format | • Multiple Choice (Single & Multiple Answer) • Scenario-Based Networking Architectures • Hybrid Connectivity & Troubleshooting Cases • Performance Optimization Questions • Security & Compliance Decision-Making |
| Difficulty Level | Advanced (Deep Networking Knowledge + Real AWS Scenarios + Architecture Trade-Offs) |
| Key Knowledge Areas | • VPC design, subnetting, CIDR overlap handling • Hybrid networking (VPN vs Direct Connect decision-making) • BGP routing (AS path, local preference, failover design) • DNS architecture (Route 53 routing policies, Resolver endpoints) • Traffic flow (IGW, NAT, TGW, VPC endpoints, PrivateLink) • Network security layers (SG vs NACL vs WAF vs Shield) • Performance optimization (CloudFront vs Global Accelerator) • Monitoring and troubleshooting tools |
| Common Exam Traps | • Confusing PrivateLink vs VPC Peering vs Transit Gateway • Selecting VPN instead of Direct Connect for performance scenarios • Ignoring CIDR overlap limitations in VPC designs • Choosing wrong DNS routing policy (latency vs failover vs weighted) • Missing asymmetric routing issues in inspection architectures • Overlooking security layer differences (SG vs NACL vs WAF) • Misunderstanding BGP attributes (local preference vs AS path) |
| Skills Developed | • Advanced cloud network design and architecture • Hybrid connectivity planning and implementation • Troubleshooting complex networking issues • Performance optimization for global applications • Security design and layered protection strategies • Real-world decision-making for AWS networking solutions |
| Study Strategy | • Master core networking fundamentals (routing, DNS, CIDR) • Focus on hybrid scenarios and architecture trade-offs • Practice scenario-based MCQs consistently • Learn differences between AWS networking services deeply • Take full-length timed mock exams regularly • Analyze rationales to understand AWS decision logic • Identify weak areas and reinforce with targeted practice |
| Best For | • Network Engineers transitioning to AWS • Solutions Architects working on hybrid/cloud environments • DevOps Engineers managing infrastructure at scale • IT professionals preparing for AWS Specialty certifications |
| Career Benefits | • Validates advanced AWS networking expertise • High demand in cloud architecture and DevOps roles • Opens opportunities in enterprise and hybrid cloud projects • Increases earning potential and professional credibility |
| Updated | 2026 Latest Version – Based on AWS Exam Guide & Real Exam Patterns |
1.
A company wants to connect its on-premises data center to AWS using a dedicated private connection. Which service should they use?
A. Site-to-Site VPN
B. Direct Connect
C. VPC Peering
D. NAT Gateway
Answer: B
Rationale: AWS Direct Connect provides a dedicated private network connection between on-premises infrastructure and AWS. It offers consistent latency, higher bandwidth, and improved security compared to internet-based VPN connections.
2.
Which AWS service provides DNS resolution for both public and private domains?
A. CloudFront
B. Route 53
C. ELB
D. NAT Gateway
Answer: B
Rationale: Route 53 supports both public hosted zones for internet-facing domains and private hosted zones for internal VPC DNS resolution, making it a unified DNS solution.
3.
Which AWS component allows instances in private subnets to access the internet?
A. Internet Gateway
B. NAT Gateway
C. VPC Endpoint
D. Transit Gateway
Answer: B
Rationale: NAT Gateway enables outbound internet access for instances in private subnets while preventing inbound connections, ensuring security and controlled connectivity.
4.
Which AWS feature enables communication between two VPCs without using the internet?
A. Internet Gateway
B. VPC Peering
C. NAT Gateway
D. Route 53
Answer: B
Rationale: VPC Peering allows direct private communication between VPCs using AWS backbone, avoiding public internet exposure and reducing latency.
5.
Which routing protocol is used in AWS Site-to-Site VPN?
A. OSPF
B. BGP
C. RIP
D. EIGRP
Answer: B
Rationale: AWS Site-to-Site VPN uses BGP for dynamic routing, allowing automatic route updates and failover between on-premises and AWS environments.
6.
Which AWS service provides content caching at edge locations?
A. Route 53
B. CloudFront
C. ELB
D. NAT Gateway
Answer: B
Rationale: CloudFront caches content at edge locations globally, reducing latency and improving performance for end users.
7.
Which AWS feature allows restricting inbound and outbound traffic at the instance level?
A. NACL
B. Security Group
C. Route Table
D. IGW
Answer: B
Rationale: Security groups are stateful firewalls applied at the instance level, controlling inbound and outbound traffic based on rules.
8.
Which AWS service enables centralized routing across multiple VPCs?
A. VPC Peering
B. Transit Gateway
C. NAT Gateway
D. IGW
Answer: B
Rationale: Transit Gateway simplifies network architecture by acting as a central hub for connecting multiple VPCs and on-premises networks.
9.
Which AWS feature is stateless?
A. Security Group
B. NACL
C. Route 53
D. ELB
Answer: B
Rationale: Network ACLs are stateless, meaning return traffic must be explicitly allowed, unlike security groups which are stateful.
10.
Which AWS service supports hybrid DNS resolution?
A. Route 53 Resolver
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Route 53 Resolver enables DNS forwarding between AWS and on-premises environments using inbound and outbound endpoints.
11.
Which AWS service provides DDoS protection by default?
A. WAF
B. Shield Standard
C. GuardDuty
D. Inspector
Answer: B
Rationale: AWS Shield Standard provides automatic protection against common DDoS attacks at no additional cost.
12.
Which load balancer supports HTTP/HTTPS routing?
A. NLB
B. ALB
C. GWLB
D. CLB
Answer: B
Rationale: ALB operates at Layer 7 and supports advanced routing based on HTTP/HTTPS attributes like paths and headers.
13.
Which AWS service allows private access to S3 without internet?
A. NAT Gateway
B. VPC Endpoint
C. IGW
D. Transit Gateway
Answer: B
Rationale: Gateway VPC endpoints provide private connectivity to S3 without requiring internet access.
14.
Which AWS feature enables failover between endpoints?
A. Weighted routing
B. Latency routing
C. Failover routing
D. Simple routing
Answer: C
Rationale: Failover routing directs traffic to a secondary endpoint when the primary becomes unavailable using health checks.
15.
Which AWS service monitors API activity?
A. CloudTrail
B. CloudWatch
C. GuardDuty
D. Inspector
Answer: A
Rationale: CloudTrail logs all API calls, enabling auditing and compliance tracking.
16.
Which AWS service enables secure connectivity between VPCs and AWS services?
A. NAT Gateway
B. PrivateLink
C. IGW
D. Route 53
Answer: B
Rationale: PrivateLink provides secure, private connectivity to services without exposing traffic to the internet.
17.
Which AWS feature allows outbound-only IPv6 traffic?
A. NAT Gateway
B. IGW
C. Egress-only IGW
D. Transit Gateway
Answer: C
Rationale: Egress-only IGW allows IPv6 instances to initiate outbound connections while blocking inbound traffic.
18.
Which AWS service supports UDP traffic?
A. ALB
B. NLB
C. CloudFront
D. Route 53
Answer: B
Rationale: NLB supports TCP and UDP, making it suitable for real-time applications like gaming or VoIP.
19.
Which AWS service supports global DNS routing?
A. Route 53
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Route 53 provides global DNS routing with policies like latency, weighted, and failover.
20.
Which AWS feature provides packet-level traffic capture?
A. Flow Logs
B. Traffic Mirroring
C. CloudTrail
D. GuardDuty
Answer: B
Rationale: Traffic Mirroring captures full packets for deep inspection and troubleshooting.
21.
Which AWS service supports static IP addresses for load balancing?
A. ALB
B. NLB
C. CloudFront
D. Route 53
Answer: B
Rationale: NLB supports static IPs, useful for whitelisting and compliance requirements.
22.
Which AWS service detects suspicious network activity?
A. GuardDuty
B. Inspector
C. Macie
D. Shield
Answer: A
Rationale: GuardDuty analyzes logs to detect threats like port scanning and data exfiltration.
23.
Which AWS feature allows routing traffic based on latency?
A. Weighted routing
B. Latency routing
C. Failover routing
D. Simple routing
Answer: B
Rationale: Latency routing directs users to the region with the lowest latency for better performance.
24.
Which AWS service supports SSL certificate management?
A. IAM
B. ACM
C. CloudTrail
D. Route 53
Answer: B
Rationale: AWS Certificate Manager manages SSL/TLS certificates for secure communication.
25.
Which AWS feature allows centralized firewall management?
A. WAF
B. Firewall Manager
C. Shield
D. GuardDuty
Answer: B
Rationale: Firewall Manager centralizes security rule management across multiple accounts.
26.
Which AWS service supports hybrid encrypted connectivity?
A. Direct Connect
B. VPN
C. NAT Gateway
D. IGW
Answer: B
Rationale: VPN uses IPSec encryption to secure communication over the internet.
27.
Which AWS feature improves network performance using larger packets?
A. ENA
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: ENA supports jumbo frames, improving throughput and reducing overhead.
28.
Which AWS service supports traffic distribution across regions?
A. Route 53
B. ALB
C. NLB
D. CloudFront
Answer: A
Rationale: Route 53 enables cross-region traffic distribution using DNS routing policies.
29.
Which AWS feature enables centralized logging?
A. CloudTrail
B. CloudWatch
C. S3
D. All of the above
Answer: D
Rationale: All these services can aggregate logs, providing centralized visibility across AWS environments.
30.
Which AWS service improves application availability globally?
A. Global Accelerator
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: Global Accelerator routes traffic over AWS backbone, improving performance, availability, and failover speed.
31.
A company has two VPCs with overlapping CIDR ranges that must communicate securely. What is the BEST solution?
A. VPC Peering
B. Transit Gateway
C. PrivateLink
D. NAT Gateway
Answer: C
Rationale: Both VPC Peering and Transit Gateway require non-overlapping CIDR blocks. PrivateLink allows service-level connectivity using interface endpoints, avoiding IP conflicts entirely while maintaining secure, private communication.
32.
A company uses Direct Connect but requires encrypted traffic. What should they implement?
A. MACsec only
B. Direct Connect + VPN
C. NAT Gateway
D. IGW
Answer: B
Rationale: Direct Connect does not encrypt traffic by default. Combining it with a Site-to-Site VPN ensures encryption while maintaining the performance benefits of Direct Connect.
33.
A company needs centralized inspection of traffic between multiple VPCs. Which architecture is BEST?
A. VPC Peering mesh
B. Transit Gateway with inspection VPC
C. NAT Gateway
D. IGW
Answer: B
Rationale: Transit Gateway with an inspection VPC allows routing all traffic through centralized security appliances using appliance mode, avoiding complex peering and ensuring consistent inspection.
34.
A workload requires near-instant failover across regions. Which service should be used?
A. Route 53 failover
B. Route 53 latency routing
C. Global Accelerator
D. CloudFront
Answer: C
Rationale: DNS failover depends on TTL and propagation delays. Global Accelerator provides near-instant failover using anycast IPs and health checks, making it ideal for mission-critical applications.
35.
A company experiences asymmetric routing issues when using third-party firewalls. What is the BEST fix?
A. NAT Gateway
B. GWLB
C. Route 53
D. CloudFront
Answer: B
Rationale: Gateway Load Balancer ensures symmetric routing by maintaining flow stickiness, ensuring both inbound and outbound traffic pass through the same firewall instance.
36.
Which AWS service should be used to expose internal services securely to external partners without public IPs?
A. VPC Peering
B. PrivateLink
C. Transit Gateway
D. NAT Gateway
Answer: B
Rationale: PrivateLink enables secure service exposure without requiring public IPs or routing changes, reducing attack surface and simplifying connectivity.
37.
A company needs hybrid DNS where AWS resolves on-prem domains. What is required?
A. Resolver inbound endpoint
B. Resolver outbound endpoint
C. Public hosted zone
D. NAT Gateway
Answer: B
Rationale: Outbound endpoints allow AWS resources to forward DNS queries to on-prem DNS servers, enabling hybrid name resolution.
38.
A company uses multiple AWS accounts and needs centralized network management. What should they use?
A. VPC Peering
B. Transit Gateway + RAM
C. NAT Gateway
D. IGW
Answer: B
Rationale: Transit Gateway combined with AWS RAM allows centralized networking across accounts, reducing complexity and improving scalability.
39.
Which routing policy should be used for active-active multi-region deployment?
A. Failover
B. Weighted
C. Latency
D. Simple
Answer: C
Rationale: Latency routing directs users to the nearest region, enabling active-active architectures with optimal performance.
40.
A company wants to capture full packet data for forensic analysis. What should they use?
A. Flow Logs
B. Traffic Mirroring
C. GuardDuty
D. CloudTrail
Answer: B
Rationale: Traffic Mirroring captures complete packets for deep analysis, unlike Flow Logs which only provide metadata.
41.
A company needs to isolate traffic between departments within a shared Transit Gateway. What should they use?
A. Security Groups
B. NACLs
C. TGW route tables
D. IGW
Answer: C
Rationale: TGW route tables enable segmentation and isolation between networks, ensuring controlled communication.
42.
A company needs global static IPs for a TCP application. What is the BEST solution?
A. Route 53
B. Global Accelerator + NLB
C. CloudFront
D. ALB
Answer: B
Rationale: NLB supports TCP and static IPs, while Global Accelerator provides global anycast IPs and optimized routing.
43.
A company wants to reduce DNS failover time. What is the BEST approach?
A. Lower TTL
B. Use Global Accelerator
C. Use CloudFront
D. Use NAT Gateway
Answer: B
Rationale: Lowering TTL helps but still relies on DNS propagation. Global Accelerator bypasses DNS delays entirely.
44.
Which AWS feature allows centralized firewall rule enforcement?
A. WAF
B. Firewall Manager
C. Shield
D. GuardDuty
Answer: B
Rationale: Firewall Manager enables centralized management of security policies across accounts.
45.
A company wants private access to AWS services without NAT. What should they use?
A. VPC Endpoint
B. IGW
C. NAT Gateway
D. Transit Gateway
Answer: A
Rationale: VPC Endpoints provide private connectivity to AWS services via AWS network.
46.
Which AWS service detects anomalous DNS activity?
A. GuardDuty
B. Inspector
C. Macie
D. Shield
Answer: A
Rationale: GuardDuty analyzes DNS logs for suspicious patterns like data exfiltration.
47.
A company needs to enforce Layer 7 filtering. Which service is BEST?
A. Shield
B. WAF
C. GuardDuty
D. Inspector
Answer: B
Rationale: WAF operates at Layer 7, filtering HTTP traffic based on rules.
48.
Which AWS feature ensures high-throughput networking?
A. ENA
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: ENA provides enhanced networking with high bandwidth and low latency.
49.
A company needs to forward DNS queries from on-prem to AWS. What is required?
A. Resolver inbound endpoint
B. Resolver outbound endpoint
C. NAT Gateway
D. IGW
Answer: A
Rationale: Inbound endpoints allow on-prem systems to query AWS DNS.
50.
A company needs centralized logging across accounts. What should they use?
A. CloudTrail org trail
B. CloudWatch
C. S3
D. All of the above
Answer: D
Rationale: Combining these services enables centralized logging and analysis.
51.
Which AWS service supports UDP traffic globally?
A. ALB
B. NLB + Global Accelerator
C. CloudFront
D. Route 53
Answer: B
Rationale: NLB supports UDP, and Global Accelerator improves global delivery.
52.
A company needs service discovery for microservices. What should they use?
A. Route 53
B. Cloud Map
C. ELB
D. NAT Gateway
Answer: B
Rationale: Cloud Map enables dynamic service discovery.
53.
Which AWS feature supports split-horizon DNS?
A. Private hosted zones
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Private hosted zones allow internal DNS resolution separate from public DNS.
54.
A company needs encrypted hybrid connectivity. What should they use?
A. Direct Connect
B. VPN
C. NAT Gateway
D. IGW
Answer: B
Rationale: VPN provides encryption over the internet.
55.
Which AWS service supports HTTP header-based routing?
A. ALB
B. NLB
C. GWLB
D. Route 53
Answer: A
Rationale: ALB supports advanced Layer 7 routing.
56.
Which AWS feature supports multi-region failover?
A. Route 53 failover
B. NAT Gateway
C. IGW
D. NACL
Answer: A
Rationale: Route 53 redirects traffic based on health checks.
57.
Which AWS feature supports packet inspection?
A. Traffic Mirroring
B. Flow Logs
C. CloudTrail
D. GuardDuty
Answer: A
Rationale: Traffic Mirroring captures packets for inspection.
58.
Which AWS service supports centralized routing?
A. Transit Gateway
B. VPC Peering
C. NAT Gateway
D. IGW
Answer: A
Rationale: Transit Gateway centralizes routing across networks.
59.
Which AWS service improves global performance?
A. Global Accelerator
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: Global Accelerator uses AWS backbone for optimized routing.
60.
Which AWS service supports private SaaS connectivity?
A. VPC Peering
B. PrivateLink
C. Transit Gateway
D. NAT Gateway
Answer: B
Rationale: PrivateLink enables secure private access to SaaS providers without public exposure.
61.
A company has multiple VPCs across regions and wants to minimize latency while maintaining centralized control. What is the BEST approach?
A. VPC Peering across regions
B. Transit Gateway with inter-region peering
C. NAT Gateway
D. IGW
Answer: B
Rationale: Transit Gateway inter-region peering provides scalable, centralized connectivity with optimized routing across AWS backbone, reducing latency compared to managing multiple VPC peering connections.
62.
A company needs to ensure that traffic between VPCs always passes through a firewall appliance. What is the BEST solution?
A. VPC Peering
B. Transit Gateway with appliance mode
C. NAT Gateway
D. Route 53
Answer: B
Rationale: Appliance mode ensures traffic is routed through inspection appliances, maintaining symmetric flows and ensuring consistent security enforcement.
63.
A company wants to reduce jitter and latency for global users accessing a TCP application. What should they use?
A. Route 53 latency routing
B. Global Accelerator
C. CloudFront
D. NAT Gateway
Answer: B
Rationale: Global Accelerator routes traffic through AWS global network, reducing jitter, latency, and packet loss compared to internet routing.
64.
A company needs to connect to AWS using encrypted tunnels with automatic failover. What is the BEST option?
A. Single VPN tunnel
B. Dual VPN tunnels
C. Direct Connect only
D. NAT Gateway
Answer: B
Rationale: AWS VPN provides two tunnels for redundancy. If one fails, traffic automatically switches to the other, ensuring high availability.
65.
A company wants to expose a service privately to multiple AWS accounts without routing complexity. What should they use?
A. VPC Peering
B. Transit Gateway
C. PrivateLink
D. NAT Gateway
Answer: C
Rationale: PrivateLink allows secure service sharing without modifying route tables or exposing IPs, making it ideal for multi-account architectures.
66.
Which solution allows AWS to resolve on-prem DNS queries?
A. Resolver outbound endpoint
B. Resolver inbound endpoint
C. NAT Gateway
D. IGW
Answer: B
Rationale: Inbound endpoints allow on-prem systems to query AWS DNS resources, enabling hybrid DNS resolution.
67.
A company wants to control inbound traffic at subnet level with explicit deny rules. What should they use?
A. Security Groups
B. NACLs
C. Route tables
D. IGW
Answer: B
Rationale: NACLs are stateless and support explicit deny rules, making them suitable for subnet-level filtering.
68.
A company needs to deploy a highly scalable UDP-based application. What is the BEST load balancing solution?
A. ALB
B. NLB
C. CloudFront
D. Route 53
Answer: B
Rationale: NLB supports UDP and provides high throughput and low latency, making it ideal for real-time applications.
69.
A company wants to route traffic to the closest region automatically. What should they use?
A. Weighted routing
B. Latency routing
C. Failover routing
D. Simple routing
Answer: B
Rationale: Latency routing directs traffic based on lowest latency to the user, improving performance.
70.
A company needs to inspect traffic without modifying applications. What should they use?
A. Flow Logs
B. Traffic Mirroring
C. GuardDuty
D. CloudTrail
Answer: B
Rationale: Traffic Mirroring captures packets without impacting application performance, enabling passive inspection.
71.
A company wants to centralize logging across multiple accounts. What is the BEST solution?
A. CloudTrail organization trail
B. CloudWatch
C. S3
D. All of the above
Answer: D
Rationale: Combining these services ensures centralized logging, monitoring, and long-term storage.
72.
Which AWS service protects against application-layer attacks?
A. Shield
B. WAF
C. GuardDuty
D. Inspector
Answer: B
Rationale: WAF filters HTTP requests and protects against SQL injection and XSS.
73.
A company needs to connect multiple VPCs without full mesh complexity. What should they use?
A. VPC Peering
B. Transit Gateway
C. NAT Gateway
D. IGW
Answer: B
Rationale: Transit Gateway simplifies connectivity with a hub-and-spoke model.
74.
A company needs to allow outbound internet access for private instances. What should they use?
A. IGW
B. NAT Gateway
C. VPC Endpoint
D. Transit Gateway
Answer: B
Rationale: NAT Gateway allows outbound access while blocking inbound connections.
75.
Which AWS service supports DNS-based failover?
A. Route 53
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Route 53 uses health checks to reroute traffic during failures.
76.
Which AWS service supports TLS termination?
A. ALB
B. NLB
C. Route 53
D. IGW
Answer: A
Rationale: ALB handles TLS termination at Layer 7.
77.
Which AWS feature allows segmentation of network traffic?
A. TGW route tables
B. Security groups
C. NACLs
D. IGW
Answer: A
Rationale: TGW route tables allow segmentation across networks.
78.
Which AWS service detects suspicious behavior in network logs?
A. GuardDuty
B. Inspector
C. Macie
D. Shield
Answer: A
Rationale: GuardDuty analyzes logs for anomalies and threats.
79.
A company wants private access to AWS services. What should they use?
A. NAT Gateway
B. VPC Endpoint
C. IGW
D. Transit Gateway
Answer: B
Rationale: VPC Endpoints provide private connectivity without internet.
80.
Which AWS service supports global content delivery?
A. CloudFront
B. Route 53
C. ELB
D. NAT Gateway
Answer: A
Rationale: CloudFront caches content globally at edge locations.
81.
Which AWS service supports hybrid encrypted connectivity?
A. Direct Connect
B. VPN
C. NAT Gateway
D. IGW
Answer: B
Rationale: VPN uses IPSec encryption for secure communication.
82.
Which AWS feature improves network throughput?
A. ENA
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: ENA supports high bandwidth and low latency.
83.
Which AWS service supports weighted traffic distribution?
A. Route 53
B. ALB
C. NLB
D. CloudFront
Answer: A
Rationale: Weighted routing distributes traffic proportionally.
84.
Which AWS service supports private SaaS connectivity?
A. PrivateLink
B. VPC Peering
C. Transit Gateway
D. NAT Gateway
Answer: A
Rationale: PrivateLink enables secure SaaS access without internet.
85.
Which AWS service supports packet capture?
A. Traffic Mirroring
B. Flow Logs
C. GuardDuty
D. CloudTrail
Answer: A
Rationale: Traffic Mirroring captures full packets.
86.
Which AWS service supports DNS forwarding?
A. Route 53 Resolver
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Resolver supports hybrid DNS forwarding.
87.
Which AWS service improves global application performance?
A. Global Accelerator
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: Global Accelerator optimizes routing using AWS backbone.
88.
Which AWS service supports API logging?
A. CloudTrail
B. CloudWatch
C. GuardDuty
D. Inspector
Answer: A
Rationale: CloudTrail records API activity.
89.
Which AWS feature allows inbound internet access?
A. IGW
B. NAT Gateway
C. VPC Endpoint
D. Transit Gateway
Answer: A
Rationale: Internet Gateway enables inbound/outbound internet traffic.
90.
Which AWS service supports centralized routing across networks?
A. Transit Gateway
B. VPC Peering
C. NAT Gateway
D. IGW
Answer: A
Rationale: Transit Gateway centralizes routing and simplifies architecture.
91.
A company uses Direct Connect with multiple VIFs and wants to control outbound traffic preference. What should they configure?
A. AS Path
B. MED
C. Local Preference
D. NAT Gateway
Answer: C
Rationale: Local Preference is used to influence outbound traffic decisions within BGP. Higher local preference values are preferred, allowing precise control of routing over multiple Direct Connect links.
92.
A company needs to allow traffic between overlapping CIDR VPCs for a shared service. What is the BEST solution?
A. VPC Peering
B. Transit Gateway
C. PrivateLink
D. NAT Gateway
Answer: C
Rationale: PrivateLink allows communication at the service level without requiring IP-level routing, avoiding CIDR overlap issues that break peering and Transit Gateway connectivity.
93.
A company wants to route traffic through a centralized firewall VPC. What is required?
A. VPC Peering
B. Transit Gateway with appliance mode
C. NAT Gateway
D. Route 53
Answer: B
Rationale: Appliance mode ensures traffic is routed through inspection appliances with symmetric flow, preventing issues with stateful firewalls.
94.
Which AWS service provides fastest failover without DNS changes?
A. Route 53
B. CloudFront
C. Global Accelerator
D. ALB
Answer: C
Rationale: Global Accelerator uses static anycast IPs and health checks for near-instant failover, unlike DNS-based solutions.
95.
A company needs DNS resolution from AWS to on-prem domains. What should they configure?
A. Resolver inbound endpoint
B. Resolver outbound endpoint
C. Public hosted zone
D. NAT Gateway
Answer: B
Rationale: Outbound endpoints allow AWS resources to query on-prem DNS servers, enabling hybrid DNS resolution.
96.
Which AWS feature ensures symmetric routing for inspection?
A. NACL
B. Security Group
C. GWLB
D. Route 53
Answer: C
Rationale: Gateway Load Balancer ensures both directions of traffic pass through the same appliance, which is required for stateful inspection.
97.
A company needs global load balancing with static IPs for TCP traffic. What is the BEST solution?
A. Route 53
B. ALB
C. NLB + Global Accelerator
D. CloudFront
Answer: C
Rationale: NLB supports TCP and static IPs, while Global Accelerator provides global anycast IPs and optimal routing.
98.
Which AWS feature allows segmentation between VPCs attached to Transit Gateway?
A. Security Groups
B. NACLs
C. TGW route tables
D. IGW
Answer: C
Rationale: TGW route tables allow controlling which VPCs can communicate, enabling segmentation and isolation.
99.
A company needs packet-level inspection for troubleshooting. What should they use?
A. Flow Logs
B. Traffic Mirroring
C. GuardDuty
D. CloudTrail
Answer: B
Rationale: Traffic Mirroring provides full packet capture, unlike Flow Logs which only provide metadata.
100.
Which AWS service allows secure SaaS connectivity without public internet?
A. VPC Peering
B. PrivateLink
C. Transit Gateway
D. NAT Gateway
Answer: B
Rationale: PrivateLink enables private access to SaaS providers using interface endpoints.
101.
A company needs high availability VPN connectivity. What should they use?
A. Single tunnel
B. Dual tunnels
C. NAT Gateway
D. IGW
Answer: B
Rationale: AWS VPN uses two tunnels for redundancy and automatic failover.
102.
Which AWS service protects against Layer 7 attacks?
A. Shield
B. WAF
C. GuardDuty
D. Inspector
Answer: B
Rationale: WAF filters HTTP traffic and protects against application-layer attacks.
103.
Which AWS feature supports hybrid DNS forwarding?
A. Route 53 Resolver
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Resolver supports conditional forwarding between AWS and on-prem systems.
104.
Which AWS service detects network anomalies?
A. GuardDuty
B. Inspector
C. Macie
D. Shield
Answer: A
Rationale: GuardDuty analyzes logs to detect suspicious activity.
105.
A company needs outbound-only IPv6 access. What should they use?
A. NAT Gateway
B. IGW
C. Egress-only IGW
D. Transit Gateway
Answer: C
Rationale: Egress-only IGW allows outbound IPv6 traffic while blocking inbound connections.
106.
Which AWS service supports HTTP header routing?
A. ALB
B. NLB
C. GWLB
D. Route 53
Answer: A
Rationale: ALB supports advanced Layer 7 routing based on headers and paths.
107.
A company needs centralized logging across accounts. What should they use?
A. CloudTrail org trail
B. CloudWatch
C. S3
D. All of the above
Answer: D
Rationale: Combined logging provides visibility and compliance.
108.
Which AWS feature improves throughput with large packets?
A. ENA
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: ENA supports jumbo frames for improved performance.
109.
Which AWS service supports latency-based routing?
A. Route 53
B. ALB
C. NLB
D. CloudFront
Answer: A
Rationale: Route 53 directs traffic based on latency.
110.
Which AWS service supports UDP globally?
A. ALB
B. NLB + Global Accelerator
C. CloudFront
D. Route 53
Answer: B
Rationale: NLB supports UDP, and Global Accelerator improves delivery.
111.
Which AWS service supports DNS failover?
A. Route 53
B. ALB
C. NLB
D. NAT Gateway
Answer: A
Rationale: Route 53 reroutes traffic based on health checks.
112.
Which AWS service supports private connectivity to AWS services?
A. VPC Endpoint
B. NAT Gateway
C. IGW
D. Transit Gateway
Answer: A
Rationale: VPC Endpoints allow private access without internet.
113.
Which AWS feature enables centralized routing?
A. Transit Gateway
B. VPC Peering
C. NAT Gateway
D. IGW
Answer: A
Rationale: Transit Gateway simplifies routing across networks.
114.
Which AWS service supports SSL certificate management?
A. IAM
B. ACM
C. CloudTrail
D. Route 53
Answer: B
Rationale: ACM manages SSL/TLS certificates.
115.
Which AWS service supports packet inspection?
A. Traffic Mirroring
B. Flow Logs
C. GuardDuty
D. CloudTrail
Answer: A
Rationale: Traffic Mirroring captures packets for inspection.
116.
Which AWS service improves global performance?
A. Global Accelerator
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: Global Accelerator routes traffic over AWS backbone.
117.
Which AWS feature allows DNS split-view?
A. Private hosted zones
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Private hosted zones allow internal DNS resolution.
118.
Which AWS service supports API logging?
A. CloudTrail
B. CloudWatch
C. GuardDuty
D. Inspector
Answer: A
Rationale: CloudTrail logs API calls.
119.
Which AWS service supports centralized firewall policies?
A. Firewall Manager
B. WAF
C. Shield
D. GuardDuty
Answer: A
Rationale: Firewall Manager centralizes security policy management.
120.
Which AWS feature allows inbound internet access?
A. IGW
B. NAT Gateway
C. VPC Endpoint
D. Transit Gateway
Answer: A
Rationale: Internet Gateway enables inbound and outbound internet connectivity.
121.
A company has two Direct Connect connections in different locations and wants automatic failover with minimal disruption. What should they configure?
A. Static routing
B. BGP with AS path prepending
C. BGP with local preference
D. Route 53
Answer: C
Rationale: Local preference is used to influence outbound routing decisions. By assigning higher preference to the primary link, traffic will fail over automatically to the secondary when needed, ensuring minimal disruption.
122.
A company needs to share a service across multiple VPCs without allowing full network access. What is the BEST solution?
A. VPC Peering
B. Transit Gateway
C. PrivateLink
D. NAT Gateway
Answer: C
Rationale: PrivateLink allows service-level connectivity without exposing entire VPC networks, ensuring secure and controlled access.
123.
A company wants all inter-VPC traffic inspected before reaching its destination. What should they implement?
A. VPC Peering
B. Transit Gateway with inspection VPC
C. NAT Gateway
D. IGW
Answer: B
Rationale: Transit Gateway with an inspection VPC ensures all traffic passes through security appliances for inspection.
124.
Which AWS service provides consistent global entry points with static IPs?
A. Route 53
B. Global Accelerator
C. CloudFront
D. ALB
Answer: B
Rationale: Global Accelerator provides static anycast IPs that remain constant across regions, enabling fast failover and improved performance.
125.
A company needs AWS resources to resolve on-prem DNS queries. What is required?
A. Resolver outbound endpoint
B. Resolver inbound endpoint
C. NAT Gateway
D. IGW
Answer: B
Rationale: Inbound endpoints allow on-prem systems to query AWS DNS, enabling hybrid DNS resolution.
126.
Which AWS feature ensures symmetric traffic flow through firewalls?
A. NACL
B. Security Group
C. GWLB
D. Route 53
Answer: C
Rationale: GWLB ensures traffic flows through the same appliance in both directions, which is required for stateful inspection.
127.
A company needs global TCP load balancing with low latency. What is the BEST solution?
A. Route 53
B. ALB
C. NLB + Global Accelerator
D. CloudFront
Answer: C
Rationale: NLB supports TCP traffic, while Global Accelerator improves latency and availability globally.
128.
Which AWS feature enables segmentation of traffic across VPCs?
A. Security Groups
B. NACLs
C. Transit Gateway route tables
D. IGW
Answer: C
Rationale: TGW route tables allow isolation and segmentation across connected networks.
129.
A company needs deep packet inspection for troubleshooting. What should they use?
A. Flow Logs
B. Traffic Mirroring
C. GuardDuty
D. CloudTrail
Answer: B
Rationale: Traffic Mirroring provides full packet capture, enabling deep inspection.
130.
Which AWS service allows private SaaS connectivity?
A. VPC Peering
B. PrivateLink
C. Transit Gateway
D. NAT Gateway
Answer: B
Rationale: PrivateLink allows secure service access without internet exposure.
131.
Which AWS feature provides high availability for VPN?
A. Single tunnel
B. Dual tunnels
C. NAT Gateway
D. IGW
Answer: B
Rationale: AWS VPN uses two tunnels for redundancy and failover.
132.
Which AWS service protects against HTTP attacks?
A. Shield
B. WAF
C. GuardDuty
D. Inspector
Answer: B
Rationale: WAF filters HTTP requests and blocks malicious traffic.
133.
Which AWS feature supports hybrid DNS forwarding?
A. Route 53 Resolver
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Resolver enables DNS forwarding between AWS and on-prem.
134.
Which AWS service detects suspicious activity?
A. GuardDuty
B. Inspector
C. Macie
D. Shield
Answer: A
Rationale: GuardDuty analyzes logs to detect threats.
135.
A company needs outbound-only IPv6 connectivity. What should they use?
A. NAT Gateway
B. IGW
C. Egress-only IGW
D. Transit Gateway
Answer: C
Rationale: Egress-only IGW allows outbound IPv6 traffic while blocking inbound.
136.
Which AWS service supports HTTP-based routing?
A. ALB
B. NLB
C. GWLB
D. Route 53
Answer: A
Rationale: ALB supports Layer 7 routing based on HTTP attributes.
137.
Which AWS service centralizes logs across accounts?
A. CloudTrail org trail
B. CloudWatch
C. S3
D. All of the above
Answer: D
Rationale: All services together provide centralized logging and monitoring.
138.
Which AWS feature improves network performance?
A. ENA
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: ENA provides enhanced networking performance.
139.
Which AWS service supports latency-based routing?
A. Route 53
B. ALB
C. NLB
D. CloudFront
Answer: A
Rationale: Route 53 routes traffic based on latency.
140.
Which AWS service supports UDP traffic globally?
A. ALB
B. NLB + Global Accelerator
C. CloudFront
D. Route 53
Answer: B
Rationale: NLB supports UDP, and Global Accelerator improves global routing.
141.
Which AWS service supports DNS failover?
A. Route 53
B. ALB
C. NLB
D. NAT Gateway
Answer: A
Rationale: Route 53 uses health checks for failover.
142.
Which AWS feature allows private access to AWS services?
A. VPC Endpoint
B. NAT Gateway
C. IGW
D. Transit Gateway
Answer: A
Rationale: VPC Endpoints provide private connectivity.
143.
Which AWS feature centralizes routing?
A. Transit Gateway
B. VPC Peering
C. NAT Gateway
D. IGW
Answer: A
Rationale: Transit Gateway simplifies routing across networks.
144.
Which AWS service manages SSL certificates?
A. IAM
B. ACM
C. CloudTrail
D. Route 53
Answer: B
Rationale: ACM manages SSL/TLS certificates.
145.
Which AWS feature enables packet capture?
A. Traffic Mirroring
B. Flow Logs
C. GuardDuty
D. CloudTrail
Answer: A
Rationale: Traffic Mirroring captures packets.
146.
Which AWS service improves global performance?
A. Global Accelerator
B. NAT Gateway
C. IGW
D. Route 53
Answer: A
Rationale: Global Accelerator uses AWS backbone for better performance.
147.
Which AWS feature supports DNS split-view?
A. Private hosted zones
B. CloudFront
C. ELB
D. NAT Gateway
Answer: A
Rationale: Private hosted zones enable internal DNS resolution.
148.
Which AWS service logs API calls?
A. CloudTrail
B. CloudWatch
C. GuardDuty
D. Inspector
Answer: A
Rationale: CloudTrail records API activity.
149.
Which AWS service centralizes firewall rules?
A. Firewall Manager
B. WAF
C. Shield
D. GuardDuty
Answer: A
Rationale: Firewall Manager centralizes policies across accounts.
150.
Which AWS feature allows internet access?
A. IGW
B. NAT Gateway
C. VPC Endpoint
D. Transit Gateway
Answer: A
Rationale: Internet Gateway enables inbound and outbound internet connectivity.
Frequently Asked Questions
Is this AWS Certified Advanced Networking – Specialty ANS-C01 practice test similar to the real exam?
Yes, this practice test is designed to reflect real exam patterns, structure, and difficulty level to help you prepare effectively.
What is the best way to use this AWS Certified Advanced Networking – Specialty ANS-C01 test for preparation?
Take the test in a timed setting, review your answers carefully, and focus on improving weak areas after each attempt.
How many times should I attempt this AWS Certified Advanced Networking – Specialty ANS-C01 test?
Yes, repeating the test helps reinforce concepts, improve accuracy, and build confidence for the actual exam.
Is this AWS Certified Advanced Networking – Specialty ANS-C01 suitable for beginners?
This practice test is suitable for both beginners and retakers who want to improve their understanding and performance.