Home/ Practice Exams/ ANS-C01 Practice Exam
Specialty

AWS Certified Advanced Networking - Specialty (ANS-C01) Practice Exam

The ANS-C01 exam validates deep expertise in designing, implementing, and managing complex AWS networking architectures including hybrid connectivity, VPNs, Direct Connect, and SD-WAN.

200+
Practice Questions
3
Free Pages
4.9★
Rating
2026
Updated
Start Free Practice → Get Full Access

ANS-C01 Exam Overview

Exam CodeANS-C01
Full NameAWS Certified Advanced Networking - Specialty
LevelSpecialty
Questions on Exam65
Duration170 minutes
Passing Score750 / 1000
Exam Cost$300 USD
Recommended Study Time80–120 hours
AWSReady Practice Questions200+

Exam Domains

Sample ANS-C01 Practice Questions

Try these free practice questions. Full answers and explanations are included.

Question 1

A company is planning to create a service that requires encryption in transit. The traffic must not be decrypted between the client and the backend of the service. The company will implement the service by using the gRPC protocol over TCP port 443. The service will scale up to thousands of simultaneous connections. The backend of the service will be hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with the Kubernetes Cluster Autoscaler and the Horizontal Pod Autoscaler configured. The company needs to use mutual TLS for two-way authentication between the client and the backend. Which solution will meet these requirements?

A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, Configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
B. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, Configure an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the IP addresses of the backend service Pods.
C. Create a target group. Add the EKS managed node group's Auto Scaling group as a target. Create an Application Load Balancer with an HTTPS listener on port 443 to forward traffic to the target group.
D. Create a target group. Add the EKS managed node group’s Auto Scaling group as a target. Create a Network Load Balancer with a TLS listener on port 443 to forward traffic to the target group.
Show Answer & Explanation

Correct Answer: A. Install the AWS Load Balancer Controller for Kubernetes. Using that controller, Configure a Network Load Balancer with a TCP listener on port 443 to forward traffic to the IP addresses of the backend service Pods.

Network Load Balancer (NLB) with TCP listener on port 443 is the correct choice because the traffic must not be decrypted between client and backend (end-to-end encryption). NLB operates at Layer 4 and passes through encrypted gRPC/TCP traffic without decryption, allowing mutual TLS authentication to occur directly between client and backend pods. The AWS Load Balancer Controller enables the NLB to forward traffic directly to pod IP addresses using IP target mode. Option B (ALB with HTTPS listener) is incorrect because ALB terminates TLS connections, decrypting traffic at the load balancer level, which violates the requirement. Options C and D target the node group's Auto Scaling group rather than individual pods, which is less efficient and doesn't leverage the Kubernetes integration properly.

Question 2

A company is deploying a new application in the AWS Cloud. The company wants a highly available web server that will sit behind an Elastic Load Balancer. The load balancer will route requests to multiple target groups based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user’s IP address so that the company can keep accurate logs for security purposes. Which solution will meet these requirements?

A. Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the traffic to the correct target group. Include the X-Forwarded-For request header with traffic to the targets.
B. Deploy an Application Load Balancer with an HTTPS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Include the X-Forwarded-For request header with traffic to the targets.
C. Deploy a Network Load Balancer with a TLS listener. Use path-based routing rules to forward the traffic to the correct target group. Configure client IP address preservation for traffic to the targets.
D. Deploy a Network Load Balancer with a TLS listener for each domain. Use host-based routing rules to forward the traffic to the correct target group for each domain. Configure client IP address preservation for traffic to the targets.
Show Answer & Explanation

Correct Answer: A. Deploy an Application Load Balancer with an HTTPS listener. Use path-based routing rules to forward the traffic to the correct target group. Include the X-Forwarded-For request header with traffic to the targets.

Application Load Balancer (ALB) with HTTPS listener supports path-based routing rules to route requests to different target groups based on URL paths. ALB handles TLS termination (offloading TLS processing from web servers) and automatically includes the X-Forwarded-For header, which preserves the original client IP address for logging purposes. This single ALB can handle all routing needs. Option B suggests multiple HTTPS listeners for each domain, which is unnecessary - a single listener with path-based routing suffices for URL-based routing. Options C and D use Network Load Balancer, which doesn't support path-based or host-based routing rules - NLB operates at Layer 4 and cannot inspect HTTP/HTTPS URLs for routing decisions.

See All Free Questions →

Why Practice with AWSReady?

📝
Exam-Realistic Questions
Questions designed to match the difficulty and style of the official ANS-C01 exam.
💡
Detailed Explanations
Every answer includes a clear explanation referencing AWS documentation.
Free to Start
Sample questions available without an account. Premium unlocks all 200+ questions.
🔄
Updated for 2026
Question bank updated regularly to reflect the latest ANS-C01 exam guide.

Frequently Asked Questions — ANS-C01 Exam

How many questions are on the AWS ANS-C01 exam?
The ANS-C01 exam contains 65 questions to be completed in 170 minutes.
What is the passing score for ANS-C01?
The AWS Certified Advanced Networking Specialty (ANS-C01) passing score is 750 out of 1000.
Is ANS-C01 the hardest AWS specialty?
ANS-C01 is considered one of the most difficult AWS specialty exams due to the depth of networking knowledge required. It expects expert-level understanding of routing, BGP, Direct Connect, and hybrid architectures.
How long should I study for ANS-C01?
Plan on 8–16 weeks studying 1–2 hours per day. Focus on VPC, Transit Gateway, Direct Connect, VPN, Route 53, CloudFront, Global Accelerator, and BGP routing.
Do I need SAA-C03 before ANS-C01?
AWS recommends 5+ years of networking experience and hands-on AWS experience. SAA-C03 knowledge is foundational but not a formal prerequisite.
What topics does ANS-C01 cover?
ANS-C01 covers VPC design, Transit Gateway, Direct Connect, Site-to-Site VPN, Route 53, CloudFront, Global Accelerator, Network Firewall, WAF, and hybrid cloud networking.
Are AWSReady ANS-C01 questions representative of the real exam?
Yes. AWSReady ANS-C01 questions focus on complex networking scenarios, hybrid connectivity design, and network security architecture.

Related AWS Certifications

SAA-C03
Solutions Architect Associate
SAP-C02
Solutions Architect Professional
SCS-C02
Security Specialty

Ready to Pass ANS-C01?

Access all 200+ practice questions with interactive quiz mode, progress tracking, and detailed explanations.

Start Interactive Quiz →