Learn the difference between Security Groups and Network ACLs.
Table of Contents
Question
Which types of rules can be configured in Security Groups and Network ACLs?
A. Network ACLs can only have allow rules, Security Groups can have allow and block rules
B. Both Security Groups and Network ACLs can have allow and block rules
C. Security Groups can only have allow rules, Network ACLs can have allow and block rules
Answer
C. Security Groups can only have allow rules, Network ACLs can have allow and block rules
Explanation
The correct answer is C. Security Groups can only have allow rules, Network ACLs can have allow and block rules. This is because Security Groups are stateful, meaning they automatically allow the return traffic for any allowed inbound or outbound traffic. Network ACLs are stateless, meaning they do not track the state of the traffic and require explicit rules for both inbound and outbound traffic. Therefore, Network ACLs can have both allow and deny rules to filter the traffic at the subnet level, while Security Groups can only have allow rules to filter the traffic at the instance level.
The latest AWS Certified Advanced Networking – Specialty ANS-C01 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.