AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company needs to set up a virtual firewall that is specific to a single Amazon EC2 instance. Which AWS feature provides this functionality?
Real Exam
Community
RRitesh
A
NAT gateway
B
Network ACL
C
Route table
D
Security group
Explanation:
Explanation
Security groups act as virtual firewalls for EC2 instances and control inbound and outbound traffic at the instance level. Here's why this is the correct answer:
-
Instance-level protection: Security groups are associated with individual EC2 instances and provide granular control over traffic to and from that specific instance
-
Stateful filtering: Security groups are stateful, meaning if you allow inbound traffic, the corresponding outbound traffic is automatically allowed
-
Default deny: Security groups deny all traffic by default, and you must explicitly allow the traffic you want
Why the other options are incorrect:
-
NAT gateway: Provides internet connectivity for private subnets but doesn't function as a firewall for individual instances
-
Network ACL: Operates at the subnet level (not instance level) and provides stateless filtering for all instances in a subnet
-
Route table: Controls traffic routing between subnets and to external networks, but doesn't provide firewall functionality
Security groups are the appropriate choice when you need firewall protection specific to individual EC2 instances.
Comments
Loading comments...