NSE 7 – Public Cloud Security 6.4 — Question 21

Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

Answer options

• A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
• B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
• C. Network ACLs must be manually applied to virtual network interfaces.
• D. Network ACLs support allow rules and deny rules.

Correct answer: A, D

Explanation

The correct answer A states that Network ACLs are stateless, meaning they do not keep track of the state of connections, while D correctly notes that they support both allow and deny rules. Option B is incorrect because it describes Network ACLs as stateful, which they are not, and option C is misleading because Network ACLs are automatically applied at the subnet level, not directly to network interfaces.