Ultimate access to all questions.
Answer-first summary for fast verification
Answer: Security group
## Explanation **Security groups** are the correct answer because they provide a virtual firewall at the instance level for Amazon EC2 instances. ### Key Differences: - **Security Groups**: - Operate at the instance level - Stateful - return traffic is automatically allowed - Support allow rules only (no deny rules) - Can be associated with individual EC2 instances - Evaluate all rules before deciding whether to allow traffic - **Network ACLs**: - Operate at the subnet level - Stateless - return traffic must be explicitly allowed - Support both allow and deny rules - Apply to all instances in a subnet - Process rules in numerical order - **NAT Gateway**: - Used to allow instances in private subnets to connect to the internet - Not a firewall feature - **Route Tables**: - Control traffic routing between subnets and to external networks - Not a firewall feature Since the requirement is for a virtual firewall **specific to a single EC2 instance**, security groups are the appropriate choice as they can be directly associated with individual instances.
Author: Ritesh Yadav
No comments yet.
A company needs to set up a virtual firewall that is specific to a single Amazon EC2 instance. Which AWS feature provides this functionality?
A
NAT gateway
B
Network ACL
C
Route table
D
Security group