AWS Certified Cloud Practitioner (CLF-C02) — Question 548

Which AWS service or feature provides a firewall at the subnet level within a VPC?

Answer options

• A. Security group
• B. Network ACL
• C. Elastic network interface
• D. AWS WAF

Correct answer: B

Explanation

Network ACLs (NACLs) operate at the subnet level to provide stateless filtering of inbound and outbound traffic. Security groups, on the other hand, act as stateful firewalls at the individual instance or ENI level, while AWS WAF is designed to protect web applications from common web exploits rather than filtering network-level traffic in a subnet.