AWS Certified Cloud Practitioner (CLF-C02) — Question 465

A company needs a firewall that will control network connections to and from a single Amazon EC2 instance. This firewall will not control network connections to and from other instances that are in the same subnet.

Which AWS service or feature can the company use to meet these requirements?

Answer options

• A. Network ACL
• B. AWS WAF
• C. Route table
• D. Security group

Correct answer: D

Explanation

A Security group acts as a stateful virtual firewall that controls inbound and outbound traffic at the individual Amazon EC2 instance level. In contrast, a Network ACL operates at the subnet level, affecting all instances in that subnet, while Route tables control traffic routing and AWS WAF protects web applications from web exploits.