Skip to Content

Amazon CLF-C02: Which service or feature can associate with EC2 instance to control inbound and outbound traffic?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Table of Contents

Question

A company needs to control inbound and outbound traffic for an Amazon EC2 instance. Which AWS service or feature can the company associate with the EC2 instance to meet this requirement?

A. Network ACL
B. Security group
C. AWS WAF
D. VPC route tables

Answer

B. Security group

Review

The correct answer is B. Security group.

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. You can create security groups to allow or deny traffic from specific IP addresses, ports, or security groups. When you launch an EC2 instance, you can associate it with one or more security groups.

Network ACLs and VPC route tables are also used to control traffic in and out of AWS resources, but they are not as granular as security groups. Network ACLs can only control inbound and outbound traffic at the subnet level, while VPC route tables can only control outbound traffic.

AWS WAF is a web application firewall that protects web applications from common web attacks. It can be used to block malicious traffic from reaching your EC2 instances, but it does not control inbound and outbound traffic for all types of traffic.

In this case, the company needs to control inbound and outbound traffic for an Amazon EC2 instance, so the best solution is to use a security group.

Here is a table that summarizes the differences between security groups, network ACLs, VPC route tables, and AWS WAF:

Feature Inbound and outbound traffic control Granularity
Security group Yes Fine-grained (IP addresses, ports, security groups)
Network ACL Yes Coarse-grained (subnets)
VPC route table No Coarse-grained (subnets)
AWS WAF No Fine-grained (malicious traffic)

Which service or feature can associate with EC2 instance to control inbound and outbound traffic?

Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.