AWS Certified Cloud Practitioner — Question 480

A cloud practitioner needs to apply security rules to a subnet for Amazon EC2 instances.

Which AWS service or feature can the cloud practitioner use to meet this requirement?

Answer options

• A. AWS WAF
• B. Network ACLs
• C. Security groups
• D. AWS Managed Services (AMS)

Correct answer: B

Explanation

Network ACLs (NACLs) act as a stateless firewall at the subnet level to control inbound and outbound traffic for all resources within that subnet. In contrast, Security groups operate at the instance level rather than the subnet level, while AWS WAF is designed for web application protection and AWS Managed Services provides operational management.