AWS Certified Cloud Practitioner (CLF-C02) — Question 191

Which of the following acts as an instance-level firewall to control inbound and outbound access?

Answer options

• A. Network access control list
• B. Security groups
• C. AWS Trusted Advisor
• D. Virtual private gateways

Correct answer: B

Explanation

The correct answer is B, as security groups are specifically designed to operate as instance-level firewalls, allowing users to define rules for inbound and outbound traffic. Option A, network access control lists, operate at the subnet level rather than the instance level. Option C, AWS Trusted Advisor, provides recommendations for best practices but does not function as a firewall. Option D, virtual private gateways, connect a VPC to external networks but do not control traffic at the instance level.