AWS Certified Cloud Practitioner — Question 601

Which AWS service or feature can be used to control inbound and outbound traffic on an Amazon EC2 instance?

Answer options

• A. Internet gateways
• B. AWS Identity and Access Management (IAM)
• C. Network ACLs
• D. Security groups

Correct answer: D

Explanation

Security groups function as a stateful virtual firewall that directly controls inbound and outbound traffic for Amazon EC2 instances. In contrast, Network ACLs operate at the subnet level rather than the instance level, Internet gateways simply facilitate connection to the outside internet, and IAM manages user authentication and resource permissions rather than network traffic.