AWS Certified Cloud Practitioner — Question 796

A company needs to control inbound and outbound traffic for an Amazon EC2 instance.

Which AWS service or feature can the company associate with the EC2 instance to meet this requirement?

Answer options

• A. Network ACL
• B. Security group
• C. AWS WAF
• D. VPC route tables

Correct answer: B

Explanation

Security groups function as stateful virtual firewalls that control inbound and outbound traffic directly at the Amazon EC2 instance level. Network ACLs operate at the subnet level rather than the instance level, and VPC route tables are used to direct traffic between subnets and gateways. AWS WAF protects web applications from common web exploits but is not attached directly to EC2 instances for general port filtering.