AWS Certified Cloud Practitioner (CLF-C02) — Question 282

Which task can a company perform by using security groups in the AWS Cloud?

Answer options

• A. Allow access to an Amazon EC2 instance through only a specific port.
• B. Deny access to malicious IP addresses at a subnet level.
• C. Protect data that is cached by Amazon CloudFront.
• D. Apply a stateless firewall to an Amazon EC2 instance.

Correct answer: A

Explanation

Security groups function as stateful firewalls for Amazon EC2 instances, enabling users to permit traffic on specific ports, making Option A correct. Subnet-level filtering and stateless firewalling are functions of Network Access Control Lists (NACLs), which rules out Options B and D. Amazon CloudFront protection is managed through other services like AWS WAF rather than EC2 security groups, eliminating Option C.