100% Free Amazon ANS-C01 Practice Test Questions

Question 1

An online retail organization runs its e-commerce website on AWS. The Amazon EC2 instances running the application are fronted by an Application Load Balancer (ALB). Amazon Route 53 provides public DNS services. Different URLs (mobile.shopping.com, web.shopping.com, api.shopping.com) will serve the required content to the end-users.

Which combination of services must be used to serve the content correctly to the end-users? (Select two)

A : Use Path conditions in ALB listener to route *.shopping.com to appropriate target groups

B : Use Host conditions in ALB listener to route *.shopping.com to appropriate target groups

C : Use Host conditions in ALB listener to route shopping.com to appropriate target groups

D : Use Host conditions in ALB listener to route $$$$.shopping.com to appropriate target groups

E : Use Path component of Redirect actions in ALB listener configuration to route shopping.com to appropriate target groups

Answer: B,C

Question 2

A legacy, on-premises web application cannot be load balances effectively. There are both planned and unplanned events that cause usage spikes to millions of concurrent users. The existing infrastructure cannot handle the usage spikes. The CIO has mandated that the application be moved to the cloud to avoid further disruptions, with the additional requirement that source IP addresses be unaltered to support network traffic-monitoring needs. Which of the following designs will meet these requirements?

A : Use an Auto Scaling group of Amazon EC2 instances behind a Classic Load Balancer.

B : Use an Auto Scaling group of EC2 instances in a target group behind an Application Load Balancer.

C : Use an Auto Scaling group of EC2 instances in a target group behind a Classic Load Balancer.

D : Use an Auto Scaling group of EC2 instances in a target group behind a Network Load Balancer.

Answer: D

Question 3

A company is deploying a non-web application on an AWS load balancer. All targets are servers located on-premises that can be accessed by using AWS Direct Connect. The company wants to ensure that the source IP addresses of clients connecting to the application are passed all the way to the end server.

How can this requirement be achieved?

A : Use a Network Load Balancer to automatically preserve the source IP address.

B : Use a Network Load Balancer and enable the X-Forwarded-For attribute.

C : Use a Network Load Balancer and enable the ProxyProtocol v2 attribute.

D : Use an Application Load Balancer to automatically preserve the source IP address in the X-Forwarded-For header.

Answer: C

Question 4

A company has been using an outdated application layer protocol for communication among applications. The company decides not to use this protocol anymore and must migrate all applications to support a new protocol. The old protocol and the new protocol are TCP-based, but the protocols use different port numbers. After several months of work, the company has migrated dozens of applications that run on Amazon EC2 instances and in containers. The company believes that all the applications have been migrated, but the company wants to verify this belief. A network engineer needs to verify that no application is still using the old protocol. Which solution will meet these requirements without causing any downtime?

A : Use Amazon Inspector and its Network Reachability rules package. Wait until the analysis has finished running to find out which EC2 instances are still listening to the old port.

B : Enable Amazon GuardDuty. Use the graphical visualizations to filter for traffic that uses the port of the old protocol. Exclude all internet traffic to filter out occasions when the same port is used as an ephemeral port.

C : Configure VPC flow logs to be delivered into an Amazon S3 bucket. Use Amazon Athena to query the data and to filter for the port number that is used by the old protocol.

D : nspect all security groups that are assigned to the EC2 instances that host the applications. Remove the port of the old protocol if that port is in the list of allowed ports. Verify that the applications are operating properly after the port is removed from the security groups.

Answer: C

Question 5

The security team in its report has flagged malicious activity from 100 random IP addresses for malicious activity. As a network security engineer, you have to ensure the safety and accessibility of the AWS resources.

Which of the following actions would you suggest to ensure safety from such types of threats?

A : Use Route Table propagation to pass the data of malicious IP addresses to the network routers and block them using WAF

B : Use inbound Network ACL rules of the VPC to block the IP addresses

C : Use AWS WAF rate-based rule capability to block the IP addresses

D : Use inbound security group rules of the VPC to block the IP addresses

Answer: C

Free Practice Amazon ANS-C01 Exam Questions 2025