AWS Certified Cloud Practitioner (CLF-C02) — Question 333

A company created an Amazon EC2 instance. The company wants to control the incoming and outgoing network traffic at the instance level.

Which AWS resource or service will meet this requirement?

Answer options

• A. AWS Shield
• B. Security groups
• C. Network Access Analyzer
• D. VPC endpoints

Correct answer: B

Explanation

Security groups act as a virtual firewall for Amazon EC2 instances, allowing control over both inbound and outbound traffic at the instance level. AWS Shield is designed for DDoS protection, Network Access Analyzer is used to analyze network reachability, and VPC endpoints provide private connections to AWS services rather than filtering instance-level traffic.