Back to AWS Certified Advanced Networking Specialty ANS-C01 questions

Scenario-based practice

Drag and Drop Matching Questions

Practise AWS Certified Advanced Networking Specialty ANS-C01 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
ANS-C01
exam code
Amazon Web Services
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related ANS-C01 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each AWS security feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Stateful firewall that controls inbound and outbound traffic at instance level

Stateless firewall that controls traffic at subnet level

Web application firewall that protects against common web exploits

Managed DDoS protection service with enhanced detection and mitigation

Managed firewall service that provides stateful inspection for VPC traffic

Question 2mediummatching
Open the full BGP breakdown →

Match each BGP attribute to its role in route selection.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco-proprietary attribute, highest weight preferred

Used to influence outbound traffic from an AS

Shorter path is preferred

Used to influence inbound traffic to an AS

IP address of the next router to reach the destination

Question 3mediummatching
Read the full VPN explanation →

Match each VPN term to its correct description in the context of AWS Site-to-Site VPN.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

VPN concentrator on the AWS side attached to a VPC

VPN device on the on-premises side

Encrypted IPsec connection between VGW and CGW

Secret key used to authenticate the VPN tunnel endpoints

Dynamic routing protocol used to exchange routes over VPN tunnels

Question 4mediummatching
Full question →

Match each AWS Direct Connect virtual interface type to its use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Access to VPCs using private IP addresses

Access to public AWS services (e.g., S3, DynamoDB) using public IPs

Connect to a Direct Connect Gateway for multiple VPCs

Virtual interface provisioned by an AWS Direct Connect Partner

Encrypted virtual interface using MACsec

Question 5mediummatching
Full question →

Match each AWS networking feature to its purpose for high availability or fault tolerance.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Static public IP that can be remapped to another instance

DNS-based routing to healthy endpoints

Distributes traffic evenly across all registered targets in all AZs

Improves availability and performance using Anycast IPs

Captures IP traffic information for troubleshooting

Question 6mediummatching
Full question →

Match each AWS networking feature to its use case for hybrid connectivity.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Central hub connecting multiple VPCs and on-premises networks

Connect multiple VPCs across regions to a single Direct Connect

Hub-and-spoke VPN topology between multiple on-premises sites

Managed OpenVPN-based service for remote users

Private access to S3 and DynamoDB without internet gateway

Question 7mediummatching
Full question →

Match each AWS Direct Connect term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Logical connection over a Direct Connect link to access AWS services

Bundle of multiple physical connections for higher bandwidth and redundancy

Document authorizing you to connect to an AWS Direct Connect location

Globally available resource to connect multiple VPCs across regions

Layer 2 encryption for Direct Connect connections

Question 8mediummatching
Full question →

Match each AWS networking monitoring or troubleshooting tool to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Capture IP traffic information for security and troubleshooting

Monitor network performance metrics like throughput and latency

Test network path between two resources and identify configuration issues

Copy network traffic for content inspection or security analysis

Trace requests through distributed applications, including network calls

Question 9mediummatching
Full question →

Match each AWS service or feature to its primary function in network architecture.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Hub-and-spoke connectivity between VPCs and on-premises

Dedicated network connection from on-premises to AWS

Direct network connection between two VPCs

Private access to services across VPCs and accounts

Encrypted tunnel over the internet to AWS

Question 10mediummatching
Full question →

Match each AWS networking service to the OSI layer it primarily operates at.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Layer 4 (Transport)

Layer 7 (Application)

Layer 3 and 4 (Network and Transport)

Layer 3 (Network)

Layer 2 (Data Link) or Layer 1 (Physical)

These ANS-C01 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style ANS-C01 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.