20+ practice questions focused on Network Implementation — one of the most tested topics on the AWS Certified Advanced Networking Specialty ANS-C01 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Network Implementation PracticeA company is deploying a multi-tier web application across two AWS Regions. The application uses an Application Load Balancer (ALB) in each region, and traffic must be distributed to the closest healthy ALB using Route 53 latency-based routing. The application requires that clients maintain the same source IP address when the request is forwarded from the ALB to the backend targets. The backend targets are EC2 instances in private subnets. The company also needs to ensure that traffic between the ALB and targets stays within AWS. What should the company implement to meet these requirements?
Explanation: Option B is correct because an internal ALB with targets in private subnets ensures traffic stays within AWS and preserves the client source IP by using VPC endpoints (AWS PrivateLink). Route 53 latency-based routing directs traffic to the closest healthy VPC endpoint, meeting the multi-region distribution requirement while maintaining source IP transparency for backend targets.
A company has a Direct Connect connection with a private VIF connected to a VPC. The company wants to add a second Direct Connect connection for redundancy. They plan to use BGP AS_PATH prepending to influence traffic steering so that the primary connection is preferred for inbound traffic. The on-premises router advertises the same prefix over both connections. The company configures BGP on the primary VIF with AS_PATH prepending (prepend two AS numbers). However, after configuration, inbound traffic still uses both paths equally. What is the most likely cause?
Explanation: B is correct because AS_PATH prepending on the AWS side (the VIF) affects the AS_PATH attribute of routes advertised by AWS to the on-premises router. For inbound traffic (traffic coming from on-premises into AWS), the on-premises router makes the routing decision based on the BGP attributes it receives from AWS. Prepending on the AWS side makes the path through the primary VIF look longer to the on-premises router, so the on-premises router should prefer the secondary VIF. However, if the on-premises router is not honoring the prepended AS_PATH (e.g., due to local preference or other policies), or if the prepending is not actually being applied to the correct direction, traffic may still be balanced. The key point is that AS_PATH prepending on the AWS side influences outbound traffic from AWS, not inbound traffic to AWS; inbound traffic steering is controlled by the on-premises router's BGP decision process.
A networking engineer is troubleshooting connectivity issues between two VPCs that are peered using a VPC peering connection. The VPCs are in different AWS accounts. The engineer has verified that the route tables are correct and the security groups allow traffic. However, ICMP ping fails from an instance in VPC A to an instance in VPC B. What is a likely cause?
Explanation: Option C is correct because a VPN connection attached to both VPCs can introduce transitive routing, which is not supported by VPC peering. VPC peering does not allow transitive routing; traffic must flow directly between the peered VPCs. If both VPCs have a VPN connection to the same on-premises network or another network, the VPN can create a path that interferes with the direct peering path, causing ICMP pings to fail even when route tables and security groups are correctly configured.
A company has a centralized inspection VPC architecture where all traffic from spoke VPCs is routed through a Transit Gateway to a centralized VPC that hosts firewall appliances (NGFW). The company needs to inspect traffic between two instances in the same spoke VPC. What is the simplest way to achieve this?
Explanation: Option B is correct because AWS Transit Gateway can route traffic between instances in the same spoke VPC by using VPC attachments and route tables to force the traffic through the centralized inspection VPC. This is achieved by configuring the spoke VPC's route table to send inter-instance traffic to the Transit Gateway, which then forwards it to the inspection VPC for firewall inspection before returning it to the destination instance. This approach avoids the need for additional appliances or complex routing within the spoke VPC itself.
A company is implementing a hybrid network with AWS Direct Connect and a VPN connection as backup. They have a Direct Connect gateway (DXGW) attached to a private VIF and a virtual private gateway (VGW) attached to a VPN connection. The VPC is attached to the VGW. They want to use the Direct Connect connection for all traffic when available. The on-premises router advertises the same prefix over both connections. However, traffic from on-premises to the VPC is using the VPN connection. BGP is configured correctly on both connections. What should the company do to prefer the Direct Connect path?
Explanation: Option E is correct because the Multi-Exit Discriminator (MED) is a BGP attribute used to influence inbound traffic from an AS to the local AS. By setting a lower MED on the Direct Connect VIF, the on-premises router will prefer the Direct Connect path over the VPN path when both advertise the same prefix, assuming all other BGP path selection criteria are equal. This directly addresses the requirement to prefer the Direct Connect connection for all traffic.
+15 more Network Implementation questions available
Practice all Network Implementation questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Network Implementation. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Network Implementation questions on the ANS-C01 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Network Implementation is tested as part of the AWS Certified Advanced Networking Specialty ANS-C01 blueprint. Practicing with targeted Network Implementation questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free ANS-C01 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Network Implementation is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Network Implementation practice session with instant scoring and detailed explanations.
Start Network Implementation Practice →