Answer-first summary for fast verification
Answer: Security groups, providing instance-level traffic control
The correct answer is B, Security groups. Security groups in AWS act as stateful firewalls for controlling inbound and outbound traffic at the instance level. They provide granular control over traffic by allowing or denying specific protocols, ports, and IP ranges. In the context of an Amazon RDS instance, security groups can be configured to only allow inbound connections from the private corporate network, thereby limiting access to the necessary IP addresses or IP ranges. While Network ACLs (A) also control traffic at the subnet level, they are stateless and do not provide the same level of instance-level control as security groups. AWS WAF (C) is a web application firewall that protects web applications from common web exploits, but it is not directly related to limiting network traffic to an RDS instance. Amazon GuardDuty (D) is a threat detection service that monitors for malicious activity and unauthorized behavior, but it does not function as a firewall to limit traffic to an RDS instance.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Which AWS service should be used to implement a stateful firewall for an Amazon RDS instance within a VPC to restrict traffic to a private corporate network?
A
Network ACLs, which operate at the subnet level
B
Security groups, providing instance-level traffic control
C
AWS WAF, designed for web application protection
D
Amazon GuardDuty, focused on threat detection