AWS Certified Cloud Practitioner (CLF-C02) — Question 536

Which AWS tool or feature acts as a VPC firewall at the subnet level?

Answer options

• A. Security group
• B. Network ACL
• C. Traffic Mirroring
• D. Internet gateway

Correct answer: B

Explanation

Network ACLs (Access Control Lists) act as a stateless firewall at the subnet level to control traffic entering and leaving one or more subnets. In contrast, Security groups function as stateful firewalls at the instance level (specifically, the elastic network interface). Internet gateways allow communication between your VPC and the internet, while Traffic Mirroring is used to copy and monitor network traffic rather than filter it.