AWS Certified SysOps Administrator – Associate (legacy) — Question 12

A custom network ACL that you create ____ until you add rules, and is not associated with a sub-net until you explicitly associate it with one.

Answer options

• A. blocks only inbound traffic by default
• B. allows outbound traffic by default
• C. allows all inbound and outbound traffic by default
• D. blocks all inbound and outbound traffic by default

Correct answer: D

Explanation

The correct answer is D because a custom network ACL by default blocks all traffic until specific rules are defined. Options A and B are incorrect as they do not accurately describe the default behavior of a custom network ACL. Option C is also incorrect because it suggests that all traffic is allowed by default, which is not the case.