AWS Certified Cloud Practitioner — Question 59

A company recently deployed an Amazon RDS instance in its VPC. The company needs to implement a stateful firewall to limit traffic to the private corporate network.
Which AWS service or feature should the company use to limit network traffic directly to its RDS instance?

Answer options

• A. Network ACLs
• B. Security groups
• C. AWS WAF
• D. Amazon GuardDuty

Correct answer: B

Explanation

The correct answer is B, Security groups, as they are specifically designed to act as stateful firewalls for Amazon RDS instances, allowing or blocking traffic based on defined rules. Network ACLs (A) are stateless and apply to subnets rather than individual instances, while AWS WAF (C) is meant for web applications and Amazon GuardDuty (D) is a threat detection service, not a firewall.