AWS Certified SysOps Administrator – Associate (legacy) — Question 302

A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?

Answer options

• A. It can connect to the AWS services, such as S3 and RDS by default
• B. It will have all the inbound traffic by default
• C. It will have all the outbound traffic by default
• D. It will allow by default traffic to the internet gateway

Correct answer: C

Explanation

When a new security group is created in AWS, it automatically includes a default rule that allows all outbound traffic to any destination. In contrast, it starts with no inbound rules, meaning all incoming traffic is blocked until explicitly permitted. Therefore, only outbound traffic is allowed by default.