AWS Certified Cloud Practitioner — Question 395

Which AWS service or feature can a company use to apply security rules to a subnet for Amazon EC2 instances?

Answer options

• A. AWS WAF
• B. AWS Shield
• C. Network ACLs
• D. Security groups

Correct answer: C

Explanation

Network ACLs act as a stateless firewall at the subnet level to control inbound and outbound traffic for Amazon EC2 instances. In contrast, security groups operate at the instance level rather than the subnet level. AWS WAF and AWS Shield are designed for web application firewall protection and DDoS defense, respectively, rather than subnet-level network filtering.