AWS Certified Cloud Practitioner (CLF-C02) — Question 456

Which AWS service or feature can a user configure to limit network access at the subnet level?

Answer options

• A. AWS Shield
• B. AWS WAF
• C. Network ACL
• D. Security group

Correct answer: C

Explanation

Network ACLs function as a stateless firewall that controls inbound and outbound traffic specifically at the subnet level. In contrast, security groups operate at the individual instance or resource level rather than the subnet level. AWS WAF and AWS Shield are security services designed for web application protection and DDoS mitigation, respectively.