AWS Certified Cloud Practitioner — Question 529

Which AWS services or features can control VPC traffic? (Choose two.)

Answer options

• A. Security groups
• B. AWS Direct Connect
• C. Amazon GuardDuty
• D. Network ACLs
• E. Amazon Connect

Correct answer: A, D

Explanation

Security groups function as stateful firewalls controlling inbound and outbound traffic at the resource level, such as for EC2 instances. Network ACLs provide stateless filtering of traffic at the subnet level to secure the VPC. Other listed services, like AWS Direct Connect for physical connections or Amazon GuardDuty for threat detection, do not directly control VPC network traffic.