AWS Certified Cloud Practitioner — Question 139

Which AWS service or tool is associated with an Amazon EC2 instance and acts as a virtual firewall to control inbound and outbound traffic?

Answer options

• A. AWS WAF
• B. AWS Shield
• C. Network access control list (ACL)
• D. Security group

Correct answer: D

Explanation

The correct answer is D, Security group, as it acts as a virtual firewall specifically for EC2 instances, allowing you to set rules for inbound and outbound traffic. Option A, AWS WAF, is designed for web applications and does not directly manage EC2 instance traffic. Option B, AWS Shield, provides DDoS protection but does not function as a firewall. Option C, Network access control list (ACL), is a different method of controlling traffic at the subnet level rather than specifically at the instance level.