AWS Certified Cloud Practitioner — Question 856

A company needs to apply security rules to specific Amazon EC2 instances.

Which AWS service or feature provides this functionality?

Answer options

• A. AWS Shield
• B. Network ACLs
• C. Security groups
• D. AWS Firewall Manager

Correct answer: C

Explanation

Security groups act as virtual firewalls that control inbound and outbound traffic at the individual Amazon EC2 instance level. In contrast, Network ACLs operate at the subnet level rather than the instance level. AWS Shield is designed for DDoS protection, and AWS Firewall Manager is used for centralizing firewall rule management across multiple accounts.