AWS Certified Cloud Practitioner (CLF-C02) — Question 48

Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?

Answer options

• A. Security group
• B. AWS WAF
• C. AWS Firewall Manager
• D. Network ACL

Correct answer: D

Explanation

The correct answer is D, Network ACL, as it is specifically designed to control inbound and outbound traffic at the subnet level in a VPC. While A, Security group, also regulates traffic, it operates at the instance level, and B, AWS WAF, is focused on web application security. C, AWS Firewall Manager, is a tool for managing firewalls across accounts but does not directly set up traffic control for a specific subnet.