AWS Certified SysOps Administrator – Associate (legacy) — Question 792

Security groups in VPC operate at the ______.

Answer options

• A. data transport layer level
• B. subnet level
• C. instance level
• D. gateway level

Correct answer: C

Explanation

Security groups in an AWS VPC act as a virtual firewall that controls inbound and outbound traffic at the individual instance level, specifically at the elastic network interface (ENI). In contrast, Network Access Control Lists (NACLs) operate at the subnet level, whereas gateways and transport layers do not host security group configurations. This ensures that security group rules are evaluated directly for each EC2 instance.