AWS Certified Security – Specialty — Question 36

A company has complex connectivity rules governing ingress, egress, and communications between Amazon EC2 instances. The rules are so complex that they cannot be implemented within the limits of the maximum number of security groups and network access control lists (network ACLs).
What mechanism will allow the company to implement all required network rules without incurring additional cost?

Answer options

• A. Configure AWS WAF rules to implement the required rules.
• B. Use the operating system built-in, host-based firewall to implement the required rules.
• C. Use a NAT gateway to control ingress and egress according to the requirements.
• D. Launch an EC2-based firewall product from the AWS Marketplace, and implement the required rules in that product.

Correct answer: B

Explanation

The correct answer is B because using the operating system's built-in firewall allows for granular control of network traffic without additional costs. Options A, C, and D either involve additional services that may incur costs or do not provide the extensive control needed for complex rules.