Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 95 discussion

ACL = subnet, Security Groups = instances

The Question states "AWS service or tool can be 'used' to set up a firewall" So option is C. And Network ACL is not a AWS service or tool. Correct me if i am wrong.

Read carefully its`s a TRAP : "control traffic going into and coming out of an Amazon VPC subnet" - NOT AT SUBNET LEVEL in my opinion it means that - control traffic at higher level that VPC subnet. My answer is C - AWS Firewall manager My explanation: network (ACL) allows or denies specific inbound or outbound traffic AT THE subnet level

The correct answer is: D. Network ACL Explanation: A Network Access Control List (Network ACL) is a security layer at the subnet level that controls inbound and outbound traffic for Amazon VPC. It acts as a firewall for controlling traffic going in and out of subnets, providing stateless filtering based on rules.

A: Security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don't specify a security group, Amazon EC2 uses the default security group for the VPC. After you launch an instance, you can change its security groups. C: Your VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic. You can create a custom network ACL and associate it with a subnet to allow or deny specific inbound or outbound traffic at the subnet level.

Network ACLs are used to control inbound and outbound traffic at the subnet level within an Amazon VPC. They provide a way to set up a firewall that operates at the network layer and are applied to all instances within a subnet.

TOOL, FIREWALL MANAGER = TOOL and is superset of NACL

D. Network ACL - key word is subnet

Network ACLs are used to control inbound and outbound traffic at the subnet level within an Amazon VPC. They provide a way to set up a firewall that operates at the network layer and are applied to all instances within a subnet.

As stated in the question, we're looking for a mechanism to control the subnet traffic, so it's a NACL.

Answer D : Network Access Control Lists (NACLs) Act as a firewall to control traffic at the subnet level, allowing or denying specific inbound or outbound traffic.

Like Pietro167 stated Network ACL = Subnet | Security Groups = Instances

The correct answer is D. Network ACL (Access Control List). Network ACLs act as a firewall for controlling traffic in and out of a subnet in Amazon Virtual Private Cloud (VPC). They operate at the subnet level and evaluate traffic based on rules defined for inbound and outbound traffic.

ACL = sub-rede, grupos de segurança = instâncias (by pietro167) Perfect

D. Network ACL (Access Control List) Network ACLs act as a firewall for controlling traffic at the subnet level. They are stateless and operate at the subnet level, allowing or denying traffic based on rules defined for inbound and outbound traffic. Network ACLs provide an added layer of security by allowing you to specify rules that govern traffic at the network level, complementing the security groups that operate at the instance level.

Network ACL

Correct answer is NACL Security Group is used for setup inbound and outbound rules in instance levels not in subnet levels. The question ask for a service or tool which serves at subnet levels. So, this answer is not correct. NACL: Allows to setup rules at subnet levels. So this is the correct answer. Firewall Manager: This is used for a broader perspective. It simplifies administration and maintenance tasks across multiple AWS accounts for variety of protections like WAF, Shield, Security Groups and Network Firewall etc.