AWS Certified Cloud Practitioner (CLF-C02) — Question 98
Which of the following services can be used to block network traffic to an instance? (Choose two.)
Answer options
- A. Security groups
- B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
- C. Network ACLs
- D. Amazon CloudWatch
- E. AWS CloudTrail
Correct answer: A, C
Explanation
Security groups and Network ACLs are both designed to control inbound and outbound traffic to instances. In contrast, Amazon VPC flow logs provide logging and monitoring of traffic but do not block it, while Amazon CloudWatch and AWS CloudTrail are focused on monitoring and auditing, not traffic control.