AWS Certified Cloud Practitioner — Question 877

Which of the following acts as an instance-level firewall to control inbound and outbound access?

Answer options

• A. Network access control list
• B. Security groups
• C. AWS Trusted Advisor
• D. Virtual private gateways

Correct answer: B

Explanation

Security groups act as stateful, instance-level firewalls that control inbound and outbound traffic for EC2 instances. In contrast, Network Access Control Lists (NACLs) operate as stateless firewalls at the subnet level, not the instance level. AWS Trusted Advisor offers optimization recommendations, and Virtual Private Gateways establish VPN connections, neither of which function as instance-level firewalls.