AWS Certified SysOps Administrator – Associate (legacy) — Question 97

You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: Security groups and network access control lists (ACLs). You start to look into security groups first. Which statement below is incorrect in relation to security groups?

Answer options

• A. Are stateful: Return traffic is automatically allowed, regardless of any rules.
• B. Support addition of individual allow and deny rules in both inbound and outbound.
• C. Security Groups can be added or removed from EC2 instances in a VPC at any time.
• D. Evaluate all rules before deciding whether to allow traffic.

Correct answer: B

Explanation

The correct answer is B because security groups only allow the addition of inbound and outbound allow rules but do not support deny rules. Options A, C, and D are correct statements about security groups, highlighting their stateful nature, flexibility in management, and rule evaluation process.