Back to AWS Certified Advanced Networking Specialty ANS-C01

Amazon Web Services exam questions

AWS Certified Advanced Networking Specialty ANS-C01 practice test

Practise identifying and comparing LAN, WAN, PAN, MAN, and WLAN network types for the ANS-C01 exam.

1,705
practice questions
4
topics covered
ANS-C01
exam code
Amazon Web Services
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 1,705 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 1,705 ANS-C01 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

23 pages · 75 questions per page · 1,705 total

Domain practice

Study ANS-C01 by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study ANS-C01 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

AWS Certified Advanced Networking Specialty ANS-C01 practice questions

Start practice test

A company is designing a network security architecture for a multi-account environment using AWS Transit Gateway. The security team needs to centralize inspection of all traffic between VPCs using a third-party firewall appliance in a shared services VPC. What is the most scalable and highly available design?

A company is using AWS Direct Connect to connect its on-premises network to AWS. The company wants to encrypt all traffic between its on-premises network and AWS. Which solution meets this requirement?

Question 3hardmultiple choice
Read the full VPN explanation →

A company uses AWS Transit Gateway to connect multiple VPCs and on-premises networks via AWS Site-to-Site VPN. The security team wants to inspect all traffic between VPCs using a centralized inspection VPC with third-party firewall appliances. Which architecture ensures that traffic from VPC A to VPC B is routed through the inspection VPC?

Question 4hardmultiple choice
Read the full VPN explanation →

A global e-commerce company uses a hub-and-spoke network topology with a transit VPC in us-east-1. Each spoke VPC has an AWS Site-to-Site VPN connection to its respective on-premises office. Users report intermittent connectivity issues when accessing a web application hosted in a spoke VPC in eu-west-1 from an on-premises office in ap-southeast-1. The network engineer checks the VPN connection and finds it is up. Which design change would MOST likely resolve the issue?

A company is designing a multi-VPC architecture in the same region. The VPCs need to communicate with each other using private IP addresses. The company must minimize cost and operational overhead. Which solution should the company use?

Question 6mediummultiple choice
Read the full Network Design explanation →

A company is deploying an application that requires low-latency communication between EC2 instances in two different AWS Regions. The application traffic is latency-sensitive and the company wants to minimize jitter. Which network design provides the lowest and most consistent latency?

Which TWO of the following are valid components of an AWS Transit Gateway design for connecting multiple VPCs and on-premises networks?

Question 8easymultiple choice
Review the full subnetting walkthrough →

A solutions architect is designing a VPC with public and private subnets in two Availability Zones. The private subnets require outbound internet access for software updates, but inbound internet access must be blocked. Which solution meets these requirements?

Question 9hardmulti select
Open the full BGP breakdown →

A company has a Direct Connect connection with a private VIF attached to a virtual private gateway. The VPC has multiple subnets in two Availability Zones. The on-premises network advertises a default route (0.0.0.0/0) via BGP. The company wants all internet-bound traffic from the VPC to go through the on-premises network. Which THREE actions are required to achieve this?

A company is designing a network for a three-tier web application on AWS. The web tier must be accessible from the internet, and the application and database tiers must be in private subnets. The company wants to use a single AWS Region and ensure high availability. Which TWO configurations should be implemented? (Choose two.)

Question 11hardmultiple choice
Review the full subnetting walkthrough →

A network engineer is troubleshooting connectivity between two VPCs (VPC-A and VPC-B) connected via a VPC peering connection. Both VPCs have CIDR blocks: VPC-A = 10.0.0.0/16, VPC-B = 10.1.0.0/16. An EC2 instance in VPC-A (10.0.1.10) cannot ping an EC2 instance in VPC-B (10.1.1.10). Security groups and NACLs allow all traffic. The route tables are configured as follows: In VPC-A, a route to 10.1.0.0/16 via the peering connection. In VPC-B, a route to 10.0.0.0/16 via the peering connection. What is the most likely cause?

Question 12mediummulti select
Study the full multicast explanation →

A company is migrating a legacy application to AWS. The application requires multicast communication between EC2 instances in the same VPC. Which THREE options can support this requirement? (Choose three.)

A company wants to ensure that traffic between two VPCs in the same region is encrypted in transit. The VPCs are connected via a VPC peering connection. What should the network engineer do to meet this requirement?

Question 14mediummultiple choice
Review the full routing breakdown →

A network engineer is troubleshooting connectivity issues from an on-premises network to an AWS VPC over a Direct Connect private VIF. The VPC has a virtual private gateway attached. The on-premises router can ping the private IP of an EC2 instance in the VPC, but application traffic (TCP port 443) fails. What is the most likely cause?

Question 15hardmulti select
Read the full NAT/PAT explanation →

A company is using AWS Transit Gateway to interconnect multiple VPCs and on-premises networks. The network engineer needs to ensure that traffic between VPC A and VPC B follows a specific path through a Network Virtual Appliance (NVA) in VPC C. Which TWO actions should the engineer take?

Question 16hardmultiple choice
Read the full VPN explanation →

A multinational corporation is using AWS Transit Gateway to connect multiple VPCs and on-premises networks via AWS Direct Connect and VPN. The network team is experiencing asymmetric routing for traffic between two VPCs that both have routes to the same on-premises network. Which feature should the team implement to resolve this issue?

A company is using AWS Transit Gateway to connect multiple VPCs and on-premises networks. The network team observes that traffic between two VPCs (VPC A and VPC B) is not being forwarded correctly. The transit gateway route table is configured with static routes for the VPC CIDRs. Which THREE steps should the engineer take to troubleshoot this issue? (Choose THREE.)

Question 18easymultiple choice
Read the full VPN explanation →

A company uses AWS Site-to-Site VPN to connect its on-premises network to AWS. The VPN connection is established, but traffic from on-premises to AWS is not working. The on-premises network team confirms that the on-premises firewall is allowing traffic to the VPC CIDR. What should the network engineer check in AWS to resolve the issue?

Question 19mediummultiple choice
Read the full VPN explanation →

A company uses AWS Transit Gateway to connect multiple VPCs and on-premises networks via VPN. Network engineers report intermittent connectivity issues between VPC A and the on-premises network. The transit gateway route table shows the on-premises CIDR (10.0.0.0/8) propagated from the VPN attachment. VPC A has a subnet route pointing to the transit gateway for 10.0.0.0/8. Which step should the engineer take FIRST to diagnose the issue?

A global e-commerce company is migrating to AWS and plans to use a hub-and-spoke topology with AWS Transit Gateway. The network team wants to ensure high availability for the connection between the hub VPC and the on-premises data center using AWS Direct Connect with multiple virtual interfaces (VIFs). They need to be able to fail over quickly with minimal packet loss. Which design should meet these requirements?

Question 21mediummultiple choice
Study the full ACL explanation →

A company is experiencing intermittent connectivity issues between two VPCs connected via a VPC peering connection. The VPCs are in different AWS regions. VPC A has CIDR 10.0.0.0/16 and VPC B has CIDR 10.1.0.0/16. The route tables in both VPCs have been updated to include routes pointing to the peering connection. Security groups and network ACLs are configured to allow all traffic for testing. However, traffic from VPC A to VPC B fails intermittently. Which of the following is the most likely cause of this intermittent failure?

Question 22easymultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting a Site-to-Site VPN connection between an on-premises network and AWS. The VPN tunnel is up, but traffic is not flowing from the on-premises network to a VPC. The VPC has a virtual private gateway attached, and the route table has a route pointing to the virtual private gateway for the on-premises CIDR (192.168.0.0/16). The on-premises firewall shows that traffic is being sent to the VPN tunnel. What should the engineer check next?

Arrange the steps to configure an AWS Transit Gateway with attachments to multiple VPCs:

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Order the steps to set up a Network Load Balancer with a TCP listener in front of an Auto Scaling group:

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these ANS-C01 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests your ability to identify and differentiate LAN, WAN, PAN, MAN, and WLAN types.

Identify LAN vs WAN characteristics and use cases

Distinguish PAN from WLAN based on range and devices

Recognize MAN as a network spanning a city

Understand WLAN as a wireless local area network

These ANS-C01 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style ANS-C01 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.