AWS Certified Cloud Practitioner — Question 524

A company has identified a high-risk network security issue during an AWS Well-Architected review. The company needs a managed solution that the company can use to deploy essential network protections for all of its VPCs.

Which AWS service or feature meets these requirements?

Answer options

• A. Security groups
• B. Network ACLs
• C. AWS Network Firewall
• D. Amazon VPC Network Access Analyzer

Correct answer: C

Explanation

AWS Network Firewall is a fully managed service that allows organizations to easily deploy essential network protections, such as stateful inspection and intrusion prevention, across all of their VPCs. While security groups and Network ACLs offer basic filtering at the instance and subnet levels, they lack the centralized management and advanced capabilities of a managed firewall solution. Amazon VPC Network Access Analyzer is a tool designed to analyze network reachability and identify unintended path exposure, rather than actively block or protect network traffic.