AWS Certified Cloud Practitioner — Question 717

A company needs network access to be restricted to an Amazon EC2 instance for certain ports.

Which AWS services or features will support this requirement? (Choose two.)

Answer options

• A. Amazon Elastic Block Store (Amazon EBS)
• B. Network ACLs
• C. Security groups
• D. IAM password rotation policy
• E. Amazon Route 53 record sets

Correct answer: B, C

Explanation

Security groups act as an instance-level firewall that controls inbound and outbound traffic by specifying allowed ports and protocols. Network Access Control Lists (NACLs) function as a subnet-level firewall that can also allow or deny traffic based on port numbers. Other options like Amazon EBS, IAM password policies, and Route 53 are used for storage, identity management, and DNS routing respectively, rather than network port filtering.