AWS Certified Cloud Practitioner — Question 851

Which AWS service or feature offers security for a VPC by acting as a firewall to control traffic in and out of subnets?

Answer options

• A. AWS Security Hub
• B. Security groups
• C. Network ACL
• D. AWS WAF

Correct answer: C

Explanation

A Network ACL functions as a stateless firewall that controls inbound and outbound traffic specifically at the subnet level. Security groups provide similar firewall capabilities but operate at the individual instance level, while AWS WAF secures web applications from exploits and AWS Security Hub aggregates security alerts.