Answer-first summary for fast verification
Answer: Network ACL
## Explanation **Network ACL (Network Access Control List)** is the correct answer because: - **Network ACLs** operate at the subnet level in Amazon VPC and can control both inbound and outbound traffic - They are stateless - meaning return traffic must be explicitly allowed by outbound rules - Network ACLs can be used to create firewall-like rules for entire subnets **Why the other options are incorrect:** - **Security groups**: These operate at the instance level (not subnet level) and are stateful - **AWS WAF**: This is a web application firewall that protects web applications from common exploits, not VPC subnet traffic - **AWS Firewall Manager**: This is a security management service that allows you to centrally configure and manage firewall rules across accounts and applications, but it's not the direct tool for setting up subnet-level firewalls Network ACLs provide the fundamental firewall functionality for controlling traffic at the VPC subnet level in AWS.
Author: Ritesh Yadav
Ultimate access to all questions.
No comments yet.