AWS Certified Cloud Practitioner — Question 704

Which VPC component provides a layer of security at the subnet level?

Answer options

• A. Security groups
• B. Network ACLs
• C. NAT gateways
• D. Route tables

Correct answer: B

Explanation

Network ACLs serve as a stateless firewall to control inbound and outbound traffic at the subnet boundary. Security groups, on the other hand, function as stateful firewalls at the individual instance level. NAT gateways and route tables are routing and connectivity components, not security mechanisms.