Table of Contents
Question
Which AWS service or feature offers security for a VPC by acting as a firewall to control traffic in and out of subnets?
A. AWS Security Hub
B. Security groups
C. Network ACL
D. AWS WAF
Answer
C. Network ACL
Explanation
The correct answer is C. Network ACL.
A network ACL (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to those of your security groups.
Security groups are also used to control traffic to and from EC2 instances, but they are applied at the instance level, while NACLs are applied at the subnet level. This means that NACLs can be used to control traffic to and from all instances in a subnet, regardless of which security groups they are associated with.
AWS Security Hub and AWS WAF are both security services, but they do not act as firewalls to control traffic in and out of subnets. AWS Security Hub provides a centralized view of your security alerts and findings from AWS services, while AWS WAF is a web application firewall that helps protect web applications from common web exploits.
Here is a table that summarizes the differences between NACLs, security groups, AWS Security Hub, and AWS WAF:
| Feature | Network ACL | Security group | AWS Security Hub | AWS WAF |
|---|---|---|---|---|
| Firewall for subnets | Yes | No | No | No |
| Firewall for instances | No | Yes | No | No |
| Centralized view of security alerts | No | No | Yes | No |
| Protects web applications from common web exploits | No | No | No | Yes |
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.