AWS Certified Cloud Practitioner — Question 931

Which AWS service or feature gives a company the ability to control incoming traffic and outgoing traffic for Amazon EC2 instances?

Answer options

• A. Security groups
• B. Amazon Route 53
• C. AWS Direct Connect
• D. Amazon VPC

Correct answer: A

Explanation

Security groups function as virtual firewalls at the instance level, allowing users to define rules that control incoming and outgoing traffic for Amazon EC2 instances. While Amazon VPC defines the broader virtual network environment, it is security groups that directly filter traffic to and from the instances. Amazon Route 53 is a DNS service and AWS Direct Connect is a dedicated network connection service, neither of which directly filters instance-level traffic.