Table of Contents
Question
A company needs to apply security rules to a subnet for Amazon EC2 instances. Which AWS service or feature provides this functionality?
A. Network ACLs
B. Security groups
C. AWS Certificate Manager (ACM)
D. AWS Config
Answer
B. Security groups
Explanation
The answer is B. Security groups.
Here is the detailed explanation:
Amazon EC2 instances can be placed within subnets in a VPC (Virtual Private Cloud). Security groups act as a virtual firewall that controls inbound and outbound traffic for EC2 instances within a subnet. Security groups are stateful – responses to allowed inbound traffic will be allowed outbound.
The key points:
- Security groups can be applied at the instance level or the subnet level to control network access for all instances within the subnet. This matches the question requirement of applying rules to a subnet.
- Network ACLs operate at the subnet level but are not configurable from the instance level. They control whether traffic is allowed in or out of a subnet.
- AWS Certificate Manager (ACM) manages SSL/TLS certificates, but does not provide network access control functionality.
- AWS Config records configuration of AWS resources for auditing purposes, but does not directly control network access.
Therefore, the best answer among the options provided is B – Security Groups, as this AWS service allows defining ingress and egress rules that can be applied to control network access for all EC2 instances placed within a specific subnet, as required by the question.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.