ANS-C01 · topic practice

Network Implementation practice questions

Use this page to practise Network Implementation questions for this certification. Focus on how the exam tests network implementation in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Network Implementation

What the exam tests

What to know about Network Implementation

Network Implementation questions on this certification test your ability to deploy and manage network implementation concepts in scenario-based situations.

Core Network Implementation concepts and how they apply in real-world cloud scenarios.

How to deploy network implementation correctly and verify the outcome.

Troubleshooting network implementation issues by interpreting error output and system state.

Cloud best practices and Network Implementation design trade-offs tested by this certification.

Watch out for

Common Network Implementation exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Network Implementation questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Review the full subnetting walkthrough →

A company is deploying a multi-tier web application across two AWS Regions. The application uses an Application Load Balancer (ALB) in each region, and traffic must be distributed to the closest healthy ALB using Route 53 latency-based routing. The application requires that clients maintain the same source IP address when the request is forwarded from the ALB to the backend targets. The backend targets are EC2 instances in private subnets. The company also needs to ensure that traffic between the ALB and targets stays within AWS. What should the company implement to meet these requirements?

Question 2hardmultiple choice
Open the full BGP breakdown →

A company has a Direct Connect connection with a private VIF connected to a VPC. The company wants to add a second Direct Connect connection for redundancy. They plan to use BGP AS_PATH prepending to influence traffic steering so that the primary connection is preferred for inbound traffic. The on-premises router advertises the same prefix over both connections. The company configures BGP on the primary VIF with AS_PATH prepending (prepend two AS numbers). However, after configuration, inbound traffic still uses both paths equally. What is the most likely cause?

Question 3easymultiple choice
Review the full routing breakdown →

A networking engineer is troubleshooting connectivity issues between two VPCs that are peered using a VPC peering connection. The VPCs are in different AWS accounts. The engineer has verified that the route tables are correct and the security groups allow traffic. However, ICMP ping fails from an instance in VPC A to an instance in VPC B. What is a likely cause?

Question 4hardmultiple choice
Review the full routing breakdown →

A company has a centralized inspection VPC architecture where all traffic from spoke VPCs is routed through a Transit Gateway to a centralized VPC that hosts firewall appliances (NGFW). The company needs to inspect traffic between two instances in the same spoke VPC. What is the simplest way to achieve this?

Question 5mediummultiple choice
Open the full BGP breakdown →

A company is implementing a hybrid network with AWS Direct Connect and a VPN connection as backup. They have a Direct Connect gateway (DXGW) attached to a private VIF and a virtual private gateway (VGW) attached to a VPN connection. The VPC is attached to the VGW. They want to use the Direct Connect connection for all traffic when available. The on-premises router advertises the same prefix over both connections. However, traffic from on-premises to the VPC is using the VPN connection. BGP is configured correctly on both connections. What should the company do to prefer the Direct Connect path?

A company is designing a network for a three-tier web application on AWS. The web tier must be accessible from the internet, and the application and database tiers must be in private subnets. The company wants to use a single AWS Region and ensure high availability. Which TWO configurations should be implemented? (Choose two.)

Question 7mediummulti select
Study the full multicast explanation →

A company is migrating a legacy application to AWS. The application requires multicast communication between EC2 instances in the same VPC. Which THREE options can support this requirement? (Choose three.)

Question 8easymultiple choice
Review the full subnetting walkthrough →

A company is deploying a VPC with public and private subnets in two Availability Zones. They need to ensure that instances in private subnets can access the internet for software updates while remaining unreachable from the internet. Which solution meets these requirements?

A company has deployed a web application across multiple AWS Regions using Application Load Balancers (ALBs) and EC2 instances. They want to use AWS Global Accelerator to improve performance and provide a fixed entry point. The Global Accelerator is configured with endpoints pointing to the ALBs. However, users are experiencing intermittent failures. What is the most likely cause?

Question 10hardmultiple choice
Review the full subnetting walkthrough →

A network engineer is troubleshooting connectivity between two VPCs (VPC-A and VPC-B) connected via a VPC peering connection. Both VPCs have CIDR blocks: VPC-A = 10.0.0.0/16, VPC-B = 10.1.0.0/16. An EC2 instance in VPC-A (10.0.1.10) cannot ping an EC2 instance in VPC-B (10.1.1.10). Security groups and NACLs allow all traffic. The route tables are configured as follows: In VPC-A, a route to 10.1.0.0/16 via the peering connection. In VPC-B, a route to 10.0.0.0/16 via the peering connection. What is the most likely cause?

Question 11mediummultiple choice
Review the full routing breakdown →

A company is setting up a Direct Connect connection to connect its on-premises data center to AWS. The connection is established, and a private virtual interface (VIF) is configured. The on-premises router can ping the VIF's Amazon side IP address, but cannot ping an EC2 instance in the VPC. The VPC has a virtual private gateway attached, and the route tables are correctly configured. What should the company check next?

Question 12hardmultiple choice
Review the full subnetting walkthrough →

A company has a VPC with a CIDR of 10.0.0.0/16 and has enabled VPC Flow Logs to capture all traffic. The logs show that an EC2 instance (10.0.1.10) is sending outbound traffic to an external IP (203.0.113.50) on port 443, but the traffic is being rejected. The instance's security group allows outbound HTTPS to 0.0.0.0/0, and the subnet's NACL allows outbound traffic on port 443. The VPC has an internet gateway attached, and the route table directs 0.0.0.0/0 to the internet gateway. What is the most likely cause of the rejection?

Question 13mediummulti select
Open the full BGP breakdown →

A network engineer is designing a hybrid network architecture that connects an on-premises data center to AWS using AWS Direct Connect and a VPN connection as a backup. The on-premises network uses BGP to advertise routes to AWS. Which of the following are best practices for this setup? (Choose TWO.)

A company has a VPC with multiple subnets spanning three Availability Zones. They have deployed an Application Load Balancer (ALB) in the VPC and need to ensure high availability and scalability for a web application. Which of the following are design considerations for implementing the ALB in this environment? (Choose THREE.)

Question 15easymultiple choice
Review the full subnetting walkthrough →

A network engineer is analyzing VPC Flow Logs for a VPC with CIDR 10.0.0.0/16. The exhibit shows a sample log entry. The engineer notices that traffic from 10.0.1.10 to 10.0.2.10 on port 443 is being accepted. However, the application team reports that the connection is failing. What is the most likely reason for the disconnect?

Exhibit

Refer to the exhibit.

```
VPC Flow Logs version 2
account-id 123456789012
interface-id eni-0a1b2c3d4e5f67890
srcaddr 10.0.1.10
dstaddr 10.0.2.10
srcport 12345
dstport 443
protocol 6
packets 10
bytes 1500
start 1625097600
end 1625097660
action ACCEPT
log-status OK
```
Question 16mediummultiple choice
Review the full subnetting walkthrough →

A company has set up a transit gateway with attachments to VPC-A and VPC-B. The transit gateway route table shows routes to both VPCs and a blackhole for 0.0.0.0/0. VPC-A's public subnet route table sends 10.1.0.0/16 traffic to the transit gateway. However, an EC2 instance in VPC-A's public subnet cannot reach an instance in VPC-B. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
AWS Transit Gateway Route Table
Route Table ID: tgw-rtb-0123456789abcdef0
Routes:
10.0.0.0/16 attachment tgw-attach-11111111111111111 (VPC-A)
10.1.0.0/16 attachment tgw-attach-22222222222222222 (VPC-B)
0.0.0.0/0 blackhole
```

```
VPC-A Route Table (public subnet)
Destination Target
10.0.0.0/16 local
10.1.0.0/16 tgw-1234567890abcdef0
0.0.0.0/0 igw-1234567890abcdef0
```
Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A company is deploying a new VPC with both public and private subnets. The public subnet hosts an internet-facing Application Load Balancer (ALB), and the private subnet hosts EC2 instances running a web application. The EC2 instances need to download updates from the internet, but they must not be directly accessible from the internet. Which combination of steps should a network engineer implement to meet these requirements?

Question 18hardmultiple choice
Open the full BGP breakdown →

A company has a Direct Connect connection with a private VIF connected to a VPC. The network engineer notices that traffic from on-premises to the VPC is being dropped intermittently. The on-premises router shows BGP session is up, but the VPC route table does not have the on-premises prefix. What is the most likely cause?

A company wants to ensure that traffic between two VPCs in the same region is encrypted in transit. The VPCs are connected via a VPC peering connection. What should the network engineer do to meet this requirement?

Question 20mediummultiple choice
Review the full routing breakdown →

A network engineer is troubleshooting connectivity issues from an on-premises network to an AWS VPC over a Direct Connect private VIF. The VPC has a virtual private gateway attached. The on-premises router can ping the private IP of an EC2 instance in the VPC, but application traffic (TCP port 443) fails. What is the most likely cause?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Network Implementation sessions

Start a Network Implementation only practice session

Every question in these sessions is drawn from the Network Implementation domain — nothing else.

Related practice questions

Related ANS-C01 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the ANS-C01 exam test about Network Implementation?
Network Implementation questions on this certification test your ability to deploy and manage network implementation concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Network Implementation questions in a focused session?
Yes — the session launcher on this page draws every question from the Network Implementation domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other ANS-C01 topics?
Use the topic links above to move to related areas, or go back to the ANS-C01 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the ANS-C01 exam covers. They are not copied from any real exam or dump site.