AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company needs to set up a virtual firewall that is specific to a single Amazon EC2 instance. Which AWS feature provides this functionality?

Real Exam

Community

RRitesh

NAT gateway

Network ACL

Route table

Security group

Explanation:

Explanation

Security groups act as virtual firewalls for EC2 instances and control inbound and outbound traffic at the instance level. Here's why this is the correct answer:

Instance-level protection: Security groups are associated with individual EC2 instances and provide granular control over traffic to and from that specific instance
Stateful filtering: Security groups are stateful, meaning if you allow inbound traffic, the corresponding outbound traffic is automatically allowed
Default deny: Security groups deny all traffic by default, and you must explicitly allow the traffic you want

Why the other options are incorrect:

NAT gateway: Provides internet connectivity for private subnets but doesn't function as a firewall for individual instances
Network ACL: Operates at the subnet level (not instance level) and provides stateless filtering for all instances in a subnet
Route table: Controls traffic routing between subnets and to external networks, but doesn't provide firewall functionality

Security groups are the appropriate choice when you need firewall protection specific to individual EC2 instances.

Powered ByGemini-3 Flash

Comments

Loading comments...