AWS Certified Advanced Networking Specialty
2023
1. In order to ensure the high availability of the NAT gateway, you should: Have one NAT gateway per AZ and
route outbound traffic from that AZ via corresponding NAT gateway
2. In order to decrease the number of instances that have inbound web access, your team has recently placed a
Network Address Translation (NAT) instance on Amazon Linux in the public subnet. The private subnet has a
0.0.0.0/0 route to the elastic network interface of the NAT instance. Users are complaining that web responses are
slower than normal. What are practical steps to fix this issue?: Replace the NAT instance with a NAT gateway
3. Which of the following entity of VPC has an effect of the stateful traffic?: -
Security groups
4. Which Amazon Virtual Private Cloud (Amazon VPC) feature allows you to create a dual homed instance?:
Elastic network interface
5. You have configured private subnets so that applications can download security updates from public
website.You have a Network Address Translation (NAT) instance in each Availability Zone as the default gateway
to the Internet for each private subnet. You find that you cannot reach port 8080 of a server on the Internet from
any of your private subnets. Which of the following most likely to cause the problem?: The NAT instances are
blocking traffic to port 8080
6. What is not required for Internet connectivity from a public subnet?: NAT gateway
7. You discover that the default VPC has been deleted from region us-east-1 by a coworker in the morning. You
will be deploying a lot of new services such as EC2, EKS, RDS in the afternoon. What should you do?: Perform an
Application Programming Interface (API) call or go through the AWS Management Console to create a new default
VPC
8. You are responsible for your company's AWS resources. You notice a sig- nificant amount of traffic from an
IP address range in a foreign country where your company does not have customers. Further investigation of the
traffic indicates that the source of the traffic is scanning for open ports on your Amazon EC2 instances. Which
one of the following resources can prevent the IP address from reaching the instances?: Network ACL (NACL)
rules - can be ALLOW or DENY
9. You are a solutions architect working for a large travel company that is migrating its existing server estate to
AWS. You have recommended that they use a custom Virtual Private Cloud (VPC), and they have agreed to
proceed.
They will need a public subnet for their web servers and a private subnet for their databases. They also require
the web servers and database servers to be highly available, and there is a minimum of two web servers and two
, AWS Certified Advanced Networking Specialty
2023
database servers each. How many subnets should you have to maintain high availability?: 4
10.You launch multiple Amazon Elastic Compute Cloud (Amazon EC2) in- stances into a private subnet.
These instances need to access the Internet to download patches. You decide to create a Network Address
Translation
(NAT) gateway. Where in the VPC should the NAT gateway reside?: In the Public Subnet
11.What happens when you create a new Virtual Private Cloud (VPC)?: A main route table is created by default
12.You have an existing Virtual Private Cloud (VPC).You try to add a Classless Inter-Domain Routing (CIDR)
range, but the additional CIDR range is not being applied. Which of the following could solve this issue?: Delete
unused routes if you are at the maximum allowed routes & Define a valid CIDR range based on the original VPC CIDR
13.You have defined your original Virtual Private Cloud (VPC) Classless In- ter-Domain Routing (CIDR) as
192.168.20.0/24. Your on-premises infrastruc- ture is defined as 192.168.128.0/17. You have configured a route to
on-premis- es as 192.168.0.0/16 in your VPC route table.You have added a new CIDR range of 192.168.100.0/24 to
your VPC. Which of the following is true?: This is a valid configuration, the more specific route takes precedence and
hence VPC traffic will be routed internally and on-premises traffic will be routed as per VPC route table configuration
14.Your networking group has decided to migrate all of the 192.168.0.0/16 Virtual Private Cloud (VPC)
instances to 10.0.0.0/16. Which of the following is a valid option?: Create a new 10.0.0.0/16 VPC and migrate the
existing workload with appropriate method, e.g. for EC2, create AMIs and launch new instances in the new VPC
15.With the enableDnsHostname attribute set to true, Amazon will do which of the following?: Auto-assign DNS
hostnames to Amazon Elastic Compute Cloud (Amazon EC2) instances.
16.You have the enableDnsHostname attribute set to true for your VPC. Your Amazon Elastic Compute Cloud
(Amazon EC2) instances are not receiving DNS hostnames, however. What could be the potential cause?:
enableDnsSup- port is not set to true
17.Your team has created a Multi-AZ Amazon RDS instance. The front-end application tier connects to the
database through a Database DNS endpoint. What change needs to be made to ensure the application
connectivity to the database in the event of a database failover?: No action required as the same DNS will point to
the secondary database in the event of failover
, AWS Certified Advanced Networking Specialty
2023
18.You recently set up Amazon Route 53 for a private hosted zone for a highly-available application hosted on
AWS. After adding a few A records, you notice that the instance hostnames are not resolving within the VPC.
What actions should be taken? (Choose two.): C. Set enableDnsHostnames to true on the VPC.
D. Set enableDnsSupport to true on the VPC.
19.You are supporting a customer that executes tightly coupled High Perfor- mance Computing (HPC)
workloads. What Virtual Private Cloud (VPC) option provides high-throughput, low-latency, and high packet-
per-second perfor- mance?: Placement groups
20.Voice calls to international numbers from inside your company must go through an opensource Session
Border Controller (SBC) installed on a cus- tom Linux Amazon Machine Image (AMI) in your Virtual Private
Cloud (VPC) public subnet. The SBC handles the real-time media and voice signaling. International calls often
have garbled voice, and it is difficult to understand what people are saying. What may increase the quality of
international voice calls?: Enable enhanced networking on the device
21.Your big data team is trying to determine why their proof of concept is running slowly. For the demo, they
are trying to ingest 1 TB of data from Amazon Simple Storage Service (Amazon S3) on their c4.8xl instance. They
have already enabled enhanced networking. What should they do to increase Amazon S3 ingest rates?: Split the
data ingest on more than one instance, such as two c4.4xl instances
22.Your database instance running on an r4.large instance seems to be drop- ping Transmission Control
Protocol (TCP) packets based on a packet capture from a host with which it was communicating. During initial
performance baseline tests, the instance was able to handle peak load twice as high as
its current load. What could be the issue?: The r4.large instance may have accumulated network credits before load
testing, which would allow higher peak values
23.Your development team is testing the performance of a new application using enhanced networking. They
have updated the kernel to the latest version that supports the Elastic Network Adapter (ENA) driver. What is the
other requirement for support?: Flag the Amazon Machine Image (AMI) for enhanced networking support
24.The new architecture for your application involves replicating your stateful application data from your
Virtual Private Cloud (VPC) in US East (Ohio) to Asia Pacific (Tokyo). The replication instances are in public
subnets in each region and communicate with public addresses over Transport Layer Security
2023
1. In order to ensure the high availability of the NAT gateway, you should: Have one NAT gateway per AZ and
route outbound traffic from that AZ via corresponding NAT gateway
2. In order to decrease the number of instances that have inbound web access, your team has recently placed a
Network Address Translation (NAT) instance on Amazon Linux in the public subnet. The private subnet has a
0.0.0.0/0 route to the elastic network interface of the NAT instance. Users are complaining that web responses are
slower than normal. What are practical steps to fix this issue?: Replace the NAT instance with a NAT gateway
3. Which of the following entity of VPC has an effect of the stateful traffic?: -
Security groups
4. Which Amazon Virtual Private Cloud (Amazon VPC) feature allows you to create a dual homed instance?:
Elastic network interface
5. You have configured private subnets so that applications can download security updates from public
website.You have a Network Address Translation (NAT) instance in each Availability Zone as the default gateway
to the Internet for each private subnet. You find that you cannot reach port 8080 of a server on the Internet from
any of your private subnets. Which of the following most likely to cause the problem?: The NAT instances are
blocking traffic to port 8080
6. What is not required for Internet connectivity from a public subnet?: NAT gateway
7. You discover that the default VPC has been deleted from region us-east-1 by a coworker in the morning. You
will be deploying a lot of new services such as EC2, EKS, RDS in the afternoon. What should you do?: Perform an
Application Programming Interface (API) call or go through the AWS Management Console to create a new default
VPC
8. You are responsible for your company's AWS resources. You notice a sig- nificant amount of traffic from an
IP address range in a foreign country where your company does not have customers. Further investigation of the
traffic indicates that the source of the traffic is scanning for open ports on your Amazon EC2 instances. Which
one of the following resources can prevent the IP address from reaching the instances?: Network ACL (NACL)
rules - can be ALLOW or DENY
9. You are a solutions architect working for a large travel company that is migrating its existing server estate to
AWS. You have recommended that they use a custom Virtual Private Cloud (VPC), and they have agreed to
proceed.
They will need a public subnet for their web servers and a private subnet for their databases. They also require
the web servers and database servers to be highly available, and there is a minimum of two web servers and two
, AWS Certified Advanced Networking Specialty
2023
database servers each. How many subnets should you have to maintain high availability?: 4
10.You launch multiple Amazon Elastic Compute Cloud (Amazon EC2) in- stances into a private subnet.
These instances need to access the Internet to download patches. You decide to create a Network Address
Translation
(NAT) gateway. Where in the VPC should the NAT gateway reside?: In the Public Subnet
11.What happens when you create a new Virtual Private Cloud (VPC)?: A main route table is created by default
12.You have an existing Virtual Private Cloud (VPC).You try to add a Classless Inter-Domain Routing (CIDR)
range, but the additional CIDR range is not being applied. Which of the following could solve this issue?: Delete
unused routes if you are at the maximum allowed routes & Define a valid CIDR range based on the original VPC CIDR
13.You have defined your original Virtual Private Cloud (VPC) Classless In- ter-Domain Routing (CIDR) as
192.168.20.0/24. Your on-premises infrastruc- ture is defined as 192.168.128.0/17. You have configured a route to
on-premis- es as 192.168.0.0/16 in your VPC route table.You have added a new CIDR range of 192.168.100.0/24 to
your VPC. Which of the following is true?: This is a valid configuration, the more specific route takes precedence and
hence VPC traffic will be routed internally and on-premises traffic will be routed as per VPC route table configuration
14.Your networking group has decided to migrate all of the 192.168.0.0/16 Virtual Private Cloud (VPC)
instances to 10.0.0.0/16. Which of the following is a valid option?: Create a new 10.0.0.0/16 VPC and migrate the
existing workload with appropriate method, e.g. for EC2, create AMIs and launch new instances in the new VPC
15.With the enableDnsHostname attribute set to true, Amazon will do which of the following?: Auto-assign DNS
hostnames to Amazon Elastic Compute Cloud (Amazon EC2) instances.
16.You have the enableDnsHostname attribute set to true for your VPC. Your Amazon Elastic Compute Cloud
(Amazon EC2) instances are not receiving DNS hostnames, however. What could be the potential cause?:
enableDnsSup- port is not set to true
17.Your team has created a Multi-AZ Amazon RDS instance. The front-end application tier connects to the
database through a Database DNS endpoint. What change needs to be made to ensure the application
connectivity to the database in the event of a database failover?: No action required as the same DNS will point to
the secondary database in the event of failover
, AWS Certified Advanced Networking Specialty
2023
18.You recently set up Amazon Route 53 for a private hosted zone for a highly-available application hosted on
AWS. After adding a few A records, you notice that the instance hostnames are not resolving within the VPC.
What actions should be taken? (Choose two.): C. Set enableDnsHostnames to true on the VPC.
D. Set enableDnsSupport to true on the VPC.
19.You are supporting a customer that executes tightly coupled High Perfor- mance Computing (HPC)
workloads. What Virtual Private Cloud (VPC) option provides high-throughput, low-latency, and high packet-
per-second perfor- mance?: Placement groups
20.Voice calls to international numbers from inside your company must go through an opensource Session
Border Controller (SBC) installed on a cus- tom Linux Amazon Machine Image (AMI) in your Virtual Private
Cloud (VPC) public subnet. The SBC handles the real-time media and voice signaling. International calls often
have garbled voice, and it is difficult to understand what people are saying. What may increase the quality of
international voice calls?: Enable enhanced networking on the device
21.Your big data team is trying to determine why their proof of concept is running slowly. For the demo, they
are trying to ingest 1 TB of data from Amazon Simple Storage Service (Amazon S3) on their c4.8xl instance. They
have already enabled enhanced networking. What should they do to increase Amazon S3 ingest rates?: Split the
data ingest on more than one instance, such as two c4.4xl instances
22.Your database instance running on an r4.large instance seems to be drop- ping Transmission Control
Protocol (TCP) packets based on a packet capture from a host with which it was communicating. During initial
performance baseline tests, the instance was able to handle peak load twice as high as
its current load. What could be the issue?: The r4.large instance may have accumulated network credits before load
testing, which would allow higher peak values
23.Your development team is testing the performance of a new application using enhanced networking. They
have updated the kernel to the latest version that supports the Elastic Network Adapter (ENA) driver. What is the
other requirement for support?: Flag the Amazon Machine Image (AMI) for enhanced networking support
24.The new architecture for your application involves replicating your stateful application data from your
Virtual Private Cloud (VPC) in US East (Ohio) to Asia Pacific (Tokyo). The replication instances are in public
subnets in each region and communicate with public addresses over Transport Layer Security
