AWS Certified Cloud Practitioner — Question 738

Which task can a company perform by using security groups in the AWS Cloud?

Answer options

• A. Allow access to an Amazon EC2 instance through only a specific port.
• B. Deny access to malicious IP addresses at a subnet level.
• C. Protect data that is cached by Amazon Cloud Front.
• D. Apply a stateless firewall to an Amazon EC2 instance.

Correct answer: A

Explanation

Security groups in AWS act as stateful firewalls at the instance level, allowing users to define rules that permit traffic through specific ports to Amazon EC2 instances. In contrast, Network Access Control Lists (NACLs) operate at the subnet level and act as stateless firewalls, which makes options B and D incorrect. Amazon CloudFront security is managed through other services like AWS WAF or signed cookies, not security groups.