ANS-C01 · topic practice

Network Management and Operations practice questions

Practise AWS Certified Advanced Networking Specialty ANS-C01 Network Management and Operations practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Network Management and Operations

What the exam tests

What to know about Network Management and Operations

Network Management and Operations questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Network Management and Operations exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Network Management and Operations questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A company has deployed a centralized NAT gateway in a VPC and uses VPC Flow Logs to monitor traffic. The network team notices that traffic from an EC2 instance in a private subnet to the internet is not being logged in the flow logs. The flow logs are configured at the VPC level with the 'ALL' format. What is the most likely cause of this issue?

Question 2hardmultiple choice
Read the full VPN explanation →

A multinational corporation is using AWS Transit Gateway to connect multiple VPCs and on-premises networks via AWS Direct Connect and VPN. The network team is experiencing asymmetric routing for traffic between two VPCs that both have routes to the same on-premises network. Which feature should the team implement to resolve this issue?

Question 3easymultiple choice
Read the full VPN explanation →

A company uses AWS Site-to-Site VPN to connect its on-premises network to AWS. The VPN connection is established, but traffic from on-premises to AWS is not working. The on-premises network team confirms that the on-premises firewall is allowing traffic to the VPC CIDR. What should the network engineer check in AWS to resolve the issue?

Question 4mediummultiple choice
Read the full VPN explanation →

A company is using AWS Client VPN to provide remote access to its VPC. Users report that they can connect to the VPN but cannot reach resources in the VPC. The Client VPN endpoint is associated with a single subnet in the VPC, and the authorization rules allow access to the entire VPC CIDR (10.0.0.0/16). The security group assigned to the Client VPN endpoint allows all traffic. What is the most likely cause of this issue?

Question 5hardmultiple choice
Open the full BGP breakdown →

A company has a Direct Connect connection with a private VIF to a VPC. The on-premises router is advertising a default route (0.0.0.0/0) via BGP. The VPC has an internet gateway attached, and the route table has a default route to the internet gateway. The network team notices that traffic from on-premises to the internet is not working as expected. What is the most likely cause?

A company is using AWS Transit Gateway to interconnect multiple VPCs and on-premises networks. The network team wants to log and monitor all traffic flows across the Transit Gateway for security analysis. Which TWO actions should the team take? (Choose TWO.)

Question 7hardmulti select
Open the full BGP breakdown →

A company has a Direct Connect connection with multiple virtual interfaces (VIFs). The network team notices that traffic to a specific VPC is intermittently failing. The team suspects an issue with BGP routing. Which THREE steps should the team take to troubleshoot the BGP session? (Choose THREE.)

Question 8mediummultiple choice
Read the full VPN explanation →

A company uses AWS Transit Gateway to connect multiple VPCs and on-premises networks via VPN. Network engineers report intermittent connectivity issues between VPC A and the on-premises network. The transit gateway route table shows the on-premises CIDR (10.0.0.0/8) propagated from the VPN attachment. VPC A has a subnet route pointing to the transit gateway for 10.0.0.0/8. Which step should the engineer take FIRST to diagnose the issue?

A global e-commerce company is migrating to AWS and plans to use a hub-and-spoke topology with AWS Transit Gateway. The network team wants to ensure high availability for the connection between the hub VPC and the on-premises data center using AWS Direct Connect with multiple virtual interfaces (VIFs). They need to be able to fail over quickly with minimal packet loss. Which design should meet these requirements?

Question 10easymultiple choice
Read the full NAT/PAT explanation →

A company has deployed a web application in a VPC with public subnets for the web servers and private subnets for the database servers. The web servers need to access the internet for software updates. The network engineer configured a NAT Gateway in the public subnet and added a route in the private subnet route table pointing 0.0.0.0/0 to the NAT Gateway. However, the web servers cannot reach the internet. What is the most likely cause?

Question 11mediummultiple choice
Read the full VPN explanation →

A company uses AWS Client VPN to provide remote access to its VPC resources. Users report that they can connect to the VPN but cannot reach any resources in the VPC. The VPN endpoint is associated with a subnet in VPC A. The VPC's route table has a route for the Client VPN CIDR (10.200.0.0/16) pointing to the VPN endpoint. The security group assigned to the VPN endpoint allows inbound traffic from the VPN clients. What is the most likely cause of the issue?

Question 12hardmultiple choice
Open the full BGP breakdown →

A company is using an AWS Transit Gateway to connect multiple VPCs and on-premises networks via Direct Connect. The network team notices that traffic from an on-premises network (CIDR 172.16.0.0/12) to a VPC (CIDR 10.0.0.0/16) is being dropped. The transit gateway route table shows a static route for 10.0.0.0/16 pointing to the VPC attachment. The Direct Connect virtual interface (VIF) is associated with the transit gateway and the on-premises router is advertising 172.16.0.0/12 via BGP. What is the most likely cause of the traffic being dropped?

A company uses AWS Direct Connect to connect its on-premises data center to a VPC. The network team needs to monitor the Direct Connect connection for performance issues and receive alerts when latency exceeds a certain threshold. Which TWO actions should the team take to meet these requirements? (Choose TWO.)

A company is using AWS Transit Gateway to connect multiple VPCs and on-premises networks. The network team observes that traffic between two VPCs (VPC A and VPC B) is not being forwarded correctly. The transit gateway route table is configured with static routes for the VPC CIDRs. Which THREE steps should the engineer take to troubleshoot this issue? (Choose THREE.)

Refer to the exhibit. A network engineer is analyzing VPC Flow Logs to troubleshoot connectivity issues. The engineer notices that traffic from 10.0.1.5 to 192.168.1.1 on port 80 is logged as ACCEPT, but the application team reports that the web request failed. What is the most likely cause?

Exhibit

Refer to the exhibit.

VPC Flow Logs (vpc-flow-logs-1) - capture window: 2023-09-15T10:00:00Z to 2023-09-15T11:00:00Z
2 123456789010 eni-0a1b2c3d4e5f6g7h 10.0.1.5 10.0.2.10 443 54321 6 10 1000 1623456789 1623456790 ACCEPT OK
2 123456789010 eni-0a1b2c3d4e5f6g7h 10.0.2.10 10.0.1.5 54321 443 6 10 1000 1623456790 1623456795 ACCEPT OK
2 123456789010 eni-0a1b2c3d4e5f6g7h 10.0.1.5 192.168.1.1 80 12345 6 20 2000 1623456800 1623456810 ACCEPT OK
2 123456789010 eni-0a1b2c3d4e5f6g7h 10.0.1.5 10.0.2.10 443 54322 6 10 1000 1623456810 1623456820 ACCEPT OK
2 123456789010 eni-0a1b2c3d4e5f6g7h 10.0.2.10 10.0.1.5 54322 443 6 10 1000 1623456820 1623456830 ACCEPT OK
Question 16mediummultiple choice
Study the full ACL explanation →

A company is experiencing intermittent connectivity issues between two VPCs connected via a VPC peering connection. The VPCs are in different AWS regions. VPC A has CIDR 10.0.0.0/16 and VPC B has CIDR 10.1.0.0/16. The route tables in both VPCs have been updated to include routes pointing to the peering connection. Security groups and network ACLs are configured to allow all traffic for testing. However, traffic from VPC A to VPC B fails intermittently. Which of the following is the most likely cause of this intermittent failure?

Question 17easymultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting a Site-to-Site VPN connection between an on-premises network and AWS. The VPN tunnel is up, but traffic is not flowing from the on-premises network to a VPC. The VPC has a virtual private gateway attached, and the route table has a route pointing to the virtual private gateway for the on-premises CIDR (192.168.0.0/16). The on-premises firewall shows that traffic is being sent to the VPN tunnel. What should the engineer check next?

A company is using AWS Direct Connect with a private VIF to access their VPC. Users report intermittent connectivity issues. You check the Direct Connect console and see that the virtual interface state is 'down'. What is the MOST likely cause?

Question 19mediummulti select
Read the full VPN explanation →

A network engineer is troubleshooting high latency on an AWS Transit Gateway that connects multiple VPCs and an on-premises network via AWS Site-to-Site VPN. The engineer wants to identify potential causes. Which TWO actions should the engineer take? (Choose two.)

Question 20mediumdrag order
Read the full VPN explanation →

Arrange the steps to configure a site-to-site VPN connection between an AWS Virtual Private Gateway and an on-premises Cisco ASA in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Network Management and Operations sessions

Start a Network Management and Operations only practice session

Every question in these sessions is drawn from the Network Management and Operations domain — nothing else.

Related practice questions

Related ANS-C01 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the ANS-C01 exam test about Network Management and Operations?
Network Management and Operations questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Network Management and Operations questions in a focused session?
Yes — the session launcher on this page draws every question from the Network Management and Operations domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other ANS-C01 topics?
Use the topic links above to move to related areas, or go back to the ANS-C01 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the ANS-C01 exam covers. They are not copied from any real exam or dump site.