AWS Certified Cloud Practitioner (CLF-C02) — Question 603

Which VPC component can a company use to set up a virtual firewall at the Amazon EC2 instance level?

Answer options

• A. Network ACL
• B. Security group
• C. Route table
• D. NAT gateway

Correct answer: B

Explanation

Security groups function as stateful virtual firewalls that control inbound and outbound traffic specifically at the Amazon EC2 instance level. In contrast, Network ACLs act as stateless firewalls at the subnet level, while route tables and NAT gateways manage network traffic routing and outbound internet connectivity respectively.