Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsANS-C01TopicsNetwork Implementation
Free · No Signup RequiredAmazon Web Services · ANS-C01

ANS-C01 Network Implementation Practice Questions

20+ practice questions focused on Network Implementation — one of the most tested topics on the AWS Certified Advanced Networking Specialty ANS-C01 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Network Implementation Practice

Exam Domains

Network Management and OperationsNetwork Security, Compliance and GovernanceNetwork DesignNetwork ImplementationAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Network Implementation Questions

Practice all 20+ →
1.

A company is deploying a multi-tier web application across two AWS Regions. The application uses an Application Load Balancer (ALB) in each region, and traffic must be distributed to the closest healthy ALB using Route 53 latency-based routing. The application requires that clients maintain the same source IP address when the request is forwarded from the ALB to the backend targets. The backend targets are EC2 instances in private subnets. The company also needs to ensure that traffic between the ALB and targets stays within AWS. What should the company implement to meet these requirements?

A.Deploy a Network Load Balancer (NLB) in each region with targets in public subnets. Use Route 53 latency-based routing to the NLB.
B.Deploy an internal ALB in each region. Place targets in private subnets. Use VPC endpoints for the ALB (AWS PrivateLink) and Route 53 latency-based routing to the VPC endpoint.
C.Deploy an Application Load Balancer (ALB) with internet-facing scheme in each region. Use Route 53 latency-based routing to the ALB.
D.Use AWS Global Accelerator with endpoints in each region. Attach the ALB as an endpoint and enable client IP preservation on the accelerator.

Explanation: Option B is correct because an internal ALB with targets in private subnets ensures traffic stays within AWS and preserves the client source IP by using VPC endpoints (AWS PrivateLink). Route 53 latency-based routing directs traffic to the closest healthy VPC endpoint, meeting the multi-region distribution requirement while maintaining source IP transparency for backend targets.

2.

A company has a Direct Connect connection with a private VIF connected to a VPC. The company wants to add a second Direct Connect connection for redundancy. They plan to use BGP AS_PATH prepending to influence traffic steering so that the primary connection is preferred for inbound traffic. The on-premises router advertises the same prefix over both connections. The company configures BGP on the primary VIF with AS_PATH prepending (prepend two AS numbers). However, after configuration, inbound traffic still uses both paths equally. What is the most likely cause?

A.The secondary VIF is not configured with BGP authentication.
B.AS_PATH prepending on the AWS side only affects outbound traffic, not inbound traffic.
C.The BGP hold time timer is set too low, causing the primary connection to flap.
D.The company did not set the MED attribute on the primary VIF.

Explanation: B is correct because AS_PATH prepending on the AWS side (the VIF) affects the AS_PATH attribute of routes advertised by AWS to the on-premises router. For inbound traffic (traffic coming from on-premises into AWS), the on-premises router makes the routing decision based on the BGP attributes it receives from AWS. Prepending on the AWS side makes the path through the primary VIF look longer to the on-premises router, so the on-premises router should prefer the secondary VIF. However, if the on-premises router is not honoring the prepended AS_PATH (e.g., due to local preference or other policies), or if the prepending is not actually being applied to the correct direction, traffic may still be balanced. The key point is that AS_PATH prepending on the AWS side influences outbound traffic from AWS, not inbound traffic to AWS; inbound traffic steering is controlled by the on-premises router's BGP decision process.

3.

A networking engineer is troubleshooting connectivity issues between two VPCs that are peered using a VPC peering connection. The VPCs are in different AWS accounts. The engineer has verified that the route tables are correct and the security groups allow traffic. However, ICMP ping fails from an instance in VPC A to an instance in VPC B. What is a likely cause?

A.The route tables in both VPCs do not have the route propagation enabled.
B.The VPC CIDR blocks overlap.
C.There is a VPN connection attached to both VPCs that creates a transitive routing issue.
D.The security group in VPC A does not allow inbound ICMP from VPC B.

Explanation: Option C is correct because a VPN connection attached to both VPCs can introduce transitive routing, which is not supported by VPC peering. VPC peering does not allow transitive routing; traffic must flow directly between the peered VPCs. If both VPCs have a VPN connection to the same on-premises network or another network, the VPN can create a path that interferes with the direct peering path, causing ICMP pings to fail even when route tables and security groups are correctly configured.

4.

A company has a centralized inspection VPC architecture where all traffic from spoke VPCs is routed through a Transit Gateway to a centralized VPC that hosts firewall appliances (NGFW). The company needs to inspect traffic between two instances in the same spoke VPC. What is the simplest way to achieve this?

A.Deploy a Gateway Load Balancer (GWLB) in the spoke VPC and route traffic to it.
B.Use AWS Transit Gateway with VPC attachments and configure route tables to force traffic between the two instances through the inspection VPC.
C.Enable VPC peering and use route propagation to send traffic to the inspection VPC.
D.Create a VPC peering connection between the two instances' VPCs.

Explanation: Option B is correct because AWS Transit Gateway can route traffic between instances in the same spoke VPC by using VPC attachments and route tables to force the traffic through the centralized inspection VPC. This is achieved by configuring the spoke VPC's route table to send inter-instance traffic to the Transit Gateway, which then forwards it to the inspection VPC for firewall inspection before returning it to the destination instance. This approach avoids the need for additional appliances or complex routing within the spoke VPC itself.

5.

A company is implementing a hybrid network with AWS Direct Connect and a VPN connection as backup. They have a Direct Connect gateway (DXGW) attached to a private VIF and a virtual private gateway (VGW) attached to a VPN connection. The VPC is attached to the VGW. They want to use the Direct Connect connection for all traffic when available. The on-premises router advertises the same prefix over both connections. However, traffic from on-premises to the VPC is using the VPN connection. BGP is configured correctly on both connections. What should the company do to prefer the Direct Connect path?

A.Set a higher weight on the Direct Connect BGP session.
B.Set a higher local preference on the Direct Connect VIF.
C.Change the BGP timers on the Direct Connect VIF to have a lower hold time.
D.Configure AS_PATH prepending on the VPN BGP session.

Explanation: Option E is correct because the Multi-Exit Discriminator (MED) is a BGP attribute used to influence inbound traffic from an AS to the local AS. By setting a lower MED on the Direct Connect VIF, the on-premises router will prefer the Direct Connect path over the VPN path when both advertise the same prefix, assuming all other BGP path selection criteria are equal. This directly addresses the requirement to prefer the Direct Connect connection for all traffic.

+15 more Network Implementation questions available

Practice all Network Implementation questions

How to master Network Implementation for ANS-C01

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Network Implementation. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Network Implementation questions on the ANS-C01 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many ANS-C01 Network Implementation questions are on the real exam?

The exact number varies per candidate. Network Implementation is tested as part of the AWS Certified Advanced Networking Specialty ANS-C01 blueprint. Practicing with targeted Network Implementation questions ensures you can handle any format or difficulty that appears.

Are these ANS-C01 Network Implementation practice questions free?

Yes. Courseiva provides free ANS-C01 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Network Implementation one of the harder ANS-C01 topics?

Difficulty is subjective, but Network Implementation is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Network Implementation practice session with instant scoring and detailed explanations.

Start Network Implementation Practice →

Topic Info

Topic

Network Implementation

Exam

ANS-C01

Questions available

20+