AWS Certified Advanced Networking Specialty (ANS-C01) - 340 Questions

1. A company hosts a static website in an Amazon S3 bucket and uses Amazon CloudFront to deliver content globally. The security team requires that users cannot access the S3 bucket directly through S3 URLs — all requests must be routed through CloudFront. Which configuration achieves this requirement with the least operational overhead?

2. A company wants to serve dynamic web content through Amazon CloudFront. The content differs based on the value of a custom HTTP request header named X-User-Tier. The company needs CloudFront to cache separate versions of each object for each unique value of this header. What should a network engineer configure to achieve this?

3. A startup is launching a global mobile gaming application. The app requires ultra-low latency for real-time game state synchronization using TCP connections. The architecture uses Amazon EC2 instances in us-east-1 and eu-west-1. Which AWS service should a network architect recommend to minimize latency for players worldwide?

4. A company manages a public hosted zone in Amazon Route 53 for example.com. They want to create a DNS record for app.example.com that points to an Application Load Balancer. The load balancer's DNS name changes occasionally when it is replaced. Which record type should the network engineer use to avoid hardcoding the load balancer's DNS name as a CNAME?

5. A company's Route 53 hosted zone has a health check configured for their primary endpoint. The health check is set to evaluate every 30 seconds with a threshold of 3 consecutive failures before marking the endpoint unhealthy. How long at minimum must the endpoint be unresponsive before Route 53 marks it as unhealthy?