Back to AWS Certified Advanced Networking Specialty ANS-C01 questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise AWS Certified Advanced Networking Specialty ANS-C01 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
ANS-C01
exam code
Amazon Web Services
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related ANS-C01 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymulti select
Full question →

Which TWO of the following are valid components of an AWS Transit Gateway design for connecting multiple VPCs and on-premises networks?

Question 2hardmulti select
Open the full BGP breakdown →

A company has a Direct Connect connection with a private VIF attached to a virtual private gateway. The VPC has multiple subnets in two Availability Zones. The on-premises network advertises a default route (0.0.0.0/0) via BGP. The company wants all internet-bound traffic from the VPC to go through the on-premises network. Which THREE actions are required to achieve this?

A company is designing a network for a three-tier web application on AWS. The web tier must be accessible from the internet, and the application and database tiers must be in private subnets. The company wants to use a single AWS Region and ensure high availability. Which TWO configurations should be implemented? (Choose two.)

Question 4mediummulti select
Study the full multicast explanation →

A company is migrating a legacy application to AWS. The application requires multicast communication between EC2 instances in the same VPC. Which THREE options can support this requirement? (Choose three.)

Question 5hardmulti select
Read the full NAT/PAT explanation →

A company is using AWS Transit Gateway to interconnect multiple VPCs and on-premises networks. The network engineer needs to ensure that traffic between VPC A and VPC B follows a specific path through a Network Virtual Appliance (NVA) in VPC C. Which TWO actions should the engineer take?

A company is using AWS Transit Gateway to connect multiple VPCs and on-premises networks. The network team observes that traffic between two VPCs (VPC A and VPC B) is not being forwarded correctly. The transit gateway route table is configured with static routes for the VPC CIDRs. Which THREE steps should the engineer take to troubleshoot this issue? (Choose THREE.)

Question 7hardmulti select
Full question →

A company is designing a network security architecture for a VPC that hosts a multi-tier application. The security team requires that the web tier can only be accessed from the internet, the application tier can only be accessed from the web tier, and the database tier can only be accessed from the application tier. Additionally, the team needs to ensure that no traffic can bypass these controls. Which THREE actions should the team take?

Question 8mediummulti select
Read the full VPN explanation →

A network engineer is troubleshooting high latency on an AWS Transit Gateway that connects multiple VPCs and an on-premises network via AWS Site-to-Site VPN. The engineer wants to identify potential causes. Which TWO actions should the engineer take? (Choose two.)

Question 9mediummulti select
Review the full subnetting walkthrough →

A company has a VPC with public and private subnets. The security team wants to inspect all traffic between the private subnets and the internet using a centralized inspection VPC. The company uses AWS Network Firewall and wants to ensure that traffic cannot bypass the firewall. Which TWO actions should the company take? (Choose TWO.)

Question 10hardmulti select
Full question →

A company is designing a hybrid network using AWS Transit Gateway. The company has three VPCs (VPC-A, VPC-B, VPC-C) all attached to the same Transit Gateway. The on-premises network connects to the Transit Gateway via a Direct Connect gateway. The company needs to ensure that VPC-C can communicate with the on-premises network but not with VPC-A or VPC-B. Which TWO actions should the network engineer take?

Question 11mediummulti select
Read the full NAT/PAT explanation →

A company has a VPC with an internet gateway and a NAT Gateway. The private subnet route table has a default route to the NAT Gateway. The company wants to enable instances in the private subnet to access an S3 bucket in the same region without traversing the internet. Which TWO actions should the company take?

Question 12mediummulti select
Open the full BGP breakdown →

A network engineer is designing a hybrid network architecture that connects an on-premises data center to AWS using AWS Direct Connect and a VPN connection as a backup. The on-premises network uses BGP to advertise routes to AWS. Which of the following are best practices for this setup? (Choose TWO.)

A company has a VPC with multiple subnets spanning three Availability Zones. They have deployed an Application Load Balancer (ALB) in the VPC and need to ensure high availability and scalability for a web application. Which of the following are design considerations for implementing the ALB in this environment? (Choose THREE.)

Question 14mediummulti select
Full question →

A company is using AWS Transit Gateway to interconnect multiple VPCs and on-premises networks. The network team wants to log and monitor all traffic flows across the Transit Gateway for security analysis. Which TWO actions should the team take? (Choose TWO.)

Question 15mediummulti select
Full question →

A company uses AWS Direct Connect to connect its on-premises data center to a VPC. The network team needs to monitor the Direct Connect connection for performance issues and receive alerts when latency exceeds a certain threshold. Which TWO actions should the team take to meet these requirements? (Choose TWO.)

Question 16mediummulti select
Full question →

A security engineer is designing a security group configuration for a web application that consists of an Application Load Balancer (ALB), Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS database. Which TWO actions should the engineer take to follow security best practices? (Choose TWO.)

Question 17hardmulti select
Open the full BGP breakdown →

A company has a Direct Connect connection with a private VIF to a VPC. They want to add a second Direct Connect connection for redundancy. Both connections will terminate at the same Direct Connect gateway. Which TWO steps are required to enable BGP multipath (ECMP) across the two connections?

A company is designing a hybrid network using AWS Direct Connect. They have a VPC with CIDR 10.0.0.0/16 and an on-premises network with CIDR 192.168.0.0/16. They want to establish a Direct Connect private virtual interface with a virtual private gateway. Which THREE steps are required to complete the connectivity? (Choose three.)

Question 19hardmulti select
Full question →

A company wants to connect its on-premises data center to AWS using AWS Direct Connect and wants to use the same connection to access multiple VPCs in the same AWS region. The company also needs to maintain private IP connectivity between the VPCs. Which THREE components should the company use to meet these requirements? (Choose three.)

Question 20mediummulti select
Full question →

A company is deploying a containerized application on Amazon ECS using the Fargate launch type. The application requires outbound internet access to download updates, but the company does not want to assign public IP addresses to the tasks. Which TWO actions should the company take to provide internet access to the tasks? (Choose two.)

These ANS-C01 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style ANS-C01 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.