Test your knowledge of AWS Advanced Networking topics

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

How much do you know about the AWS Advanced Networking Specialty exam (ANS-C00)? Let's find out!The Advanced Networking Specialty exam (ANS-C00) consists of six domains: 1) Design and implement hybrid IT network architectures at scale; 2) Design and implement AWS networks; 3) Automate AWS tasks; 4) Configure network integration with application services; 5) Design and implement for security and compliance; 6) Manage, optimize, and troubleshoot the network.

The ANS-C00 exam i\s targeted at candidates with between two and five years of experience in the AWS cloud space. The questions on the exam are all multiple choice or multiple response questions,  and the current price is $300, with the certification good for two years (recertification exams are priced at $75).

How well do you know the Amazon Web Services ecosystem and how familiar are you with its advanced networking concepts? What follows is a self-test of 25 questions based on the general concepts documented at the AWS certification website. In all cases, pick the best answer(s) to each question. The answers appear at the end of the questions. Good luck!

1. In order to allow IPsec traffic to successfully pass through a NAT device, AWS VGWs support NAT-T (NAT Traversal). Which port is used for this?
A. 500
B. 1701
C. 4500
D. 5353

2. Which of the following is the AWS end of a VPN connection?
A. Egress-Only Internet Gateway
B. Virtual Private Gateway
C. NAT Gateway
D. PAT Gateway

3. Which of the following automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define?
A. AWS CodePipeline
C. AWS Lightsail

4. To create a health check that sends automated requests to an application to verify it is reachable and available, sign in to the AWS Management Console and open which console?
A. Kafka
B. Kubernetes
C. Route 53

5. Which of the following is a security service that protects web applications hosted on the AWS public cloud against DDoS (distributed denial of service) attacks?
B. AWS Shield
C. GuardDuty
D. CloudFront

6. You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and Route 53, among others. By default, logs are kept for how long?
A. indefinitely
B. 1 day
C. 1 year
D. 1 year and 1 day

7. A network connection between two VPCs that allows either to communicate with each other as if they were on the same network is known as which of the following?
A. VPC Scaling
B. VPC Tunneling
C. VPC Peering
D. VPC Endpoint

8. Which of the following is a network protocol used to detect faults between two forwarding engines connected by a link and is independent of media and routing protocol?
B. Meraki

9. In each Availability Zone, a default AWS VPC subnet is created within which CIDR block?

10. Which of the following is a logical interface that uses LACP (Link Aggregation Control Protocol) to aggregate multiple connections at a single AWS Direct Connect endpoint, allowing you to treat them as a single, managed connection?

11. CloudFront is used to help websites speed up delivery of content by storing copies in servers around the world. If there is a mismatch between the domain names (server wanting to go to and server reaching), the SSL/TLS handshake fails, and CloudFront returns which HTTP status code?
A. 404 (Not Found)
B. 424 (Failed Dependency)
C. 502 (Bad Gateway)
D. 526 (Invalid Certificate)

12. With which AWS VPC route priority level indicates a dynamic route propagated from a VPN?
A. 1
B. 2
C. 4
D. 6
E. 8

13. To protect data stored in Amazon S3, which of the following uses machine learning to automatically discover, classify, and protect sensitive data such as personally identifiable information (PII) or intellectual property?
A. Amazon Inspector
B. Amazon Macie
C. Amazon Cognito
D. Amazon Artificat

14. Which of the following simplifies the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet?
A. AWS EndPoint
B. AWS Dynamo
C. AWS PrivateLink

15. All connections in a Link Aggregation Group must use the same bandwidth. Which two bandwidths are supported (choose two)?
A. 1 Gbps
B. 10 Gbps
C. 20 Gbps
D. 100 Gbps
E. 200 Gbps

Please visit GoCertify to attempt the remaining 10 questions of this quiz.


1. C
2. B
3. A
4. C
5. B
6. A
7. C
8. D
9. C
10. B
11. C
12. D
13. B
14. C
15. A and B

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
Emmett Dulaney


Emmett Dulaney is a professor at a small university and the author of the CompTIA Network+ Exam Cram, CompTIA Security+ Study Guide and CompTIA Cloud+ LiveLessons.

Posted in Certification|