AWS Certified Cloud Practitioner — Question 936

Which AWS service or feature acts as a firewall for Amazon EC2 instances?

Answer options

• A. Network ACL
• B. Elastic network interface
• C. Amazon VPC
• D. Security group

Correct answer: D

Explanation

A Security group acts as a stateful, instance-level virtual firewall that controls inbound and outbound traffic for Amazon EC2 instances. In contrast, a Network ACL operates at the subnet level rather than the instance level, Amazon VPC is the overall virtual network environment, and an Elastic network interface is simply a logical networking component used to connect instances to the network.