A. Network ACLs
"Security groups are tied to an instance whereas Network ACLs are tied to the subnet.
Network ACLs are applicable at the subnet level, so any instance in the subnet with an associated NACL will follow the rules of NACL. That’s not the case with security groups, security groups have to be assigned explicitly to the instance."
https://medium.com/awesome-cloud/aws-difference-between-security-groups-and-network-acls-adc632ea29ae#:~:text=Security%20groups%20are,to%20the%20instance.
Use cases
Filter web traffic
SHOULD BE D: WAF.
EXPLANATION FROM WAF DOCUMENT
Create rules to filter web requests based on conditions such as IP addresses, HTTP headers and body, or custom URIs.
https://aws.amazon.com/waf/
NACL work at Subnet level,
Security groups are another important feature of Amazon VPCs, but they are not used to block incoming or outgoing traffic associated with specific IP addresses. Instead, they are used to control the traffic that is allowed to or from Amazon EC2 instances or other resources that are associated with a security group. Security groups control the inbound and outbound traffic at the instance level, while network ACLs control traffic at the subnet level. So in this case, the correct answer is network ACLs.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pranava_GCP
1 year, 10 months agoaws2380
2 years, 1 month agojtexam
2 years, 1 month agoRajithaR
2 years, 3 months agoPranava_GCP
1 year, 11 months agoSaif93
2 years, 4 months ago