AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?
Real Exam
Community
RRitesh
A
Security group
B
AWS WAF
C
AWS Firewall Manager
D
Network ACL
Explanation:
Explanation
Network ACL (Network Access Control List) is the correct answer because:
-
Network ACLs operate at the subnet level in Amazon VPC and can control both inbound and outbound traffic
-
They are stateless - meaning return traffic must be explicitly allowed by outbound rules
-
Network ACLs can be used to create firewall-like rules for entire subnets
Why the other options are incorrect:
-
Security groups: These operate at the instance level (not subnet level) and are stateful
-
AWS WAF: This is a web application firewall that protects web applications from common exploits, not VPC subnet traffic
-
AWS Firewall Manager: This is a security management service that allows you to centrally configure and manage firewall rules across accounts and applications, but it's not the direct tool for setting up subnet-level firewalls
Network ACLs provide the fundamental firewall functionality for controlling traffic at the VPC subnet level in AWS.
Comments
Loading comments...