AWS Certified Cloud Practitioner — Question 378
A company wants to establish a security layer in its VPC that will act as a firewall to control subnet traffic.
Which AWS service or feature will meet this requirement?
Answer options
- A. Routing tables
- B. Network access control lists (network ACLs)
- C. Security groups
- D. Amazon GuardDuty
Correct answer: B
Explanation
Network access control lists (network ACLs) act as a stateless firewall at the subnet level to control inbound and outbound traffic. Security groups perform a similar firewall function but operate at the instance level rather than the subnet level. Route tables are used to direct network traffic rather than filter it, and Amazon GuardDuty is an intelligent threat detection service, not an inline firewall.