AWS (Amazon Web Services) Certification Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for your AWS Certification Exam with flashcards and multiple-choice questions. Each question comes with hints and detailed explanations to help you succeed. Enhance your skills and be ready for the exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which best describes how Security Groups differ from Network Access Control Lists (NACLs)?

  1. Security Groups operate at the VPC level, NACLs at the instance level

  2. Security Groups control inbound and outbound traffic for instances, NACLs control traffic at the subnet level

  3. Security Groups are mandatory, NACLs are optional

  4. Security Groups can be applied to multiple subnets, NACLs cannot

The correct answer is: Security Groups control inbound and outbound traffic for instances, NACLs control traffic at the subnet level

The correct choice highlights a fundamental architectural distinction between Security Groups and Network Access Control Lists (NACLs) within an AWS environment. Security Groups are designed to operate specifically on an instance level, controlling both inbound and outbound traffic to EC2 instances. They act as virtual firewalls that define allowed traffic based on rules specified for each instance. Thus, a Security Group can be assigned to multiple instances, providing a way to enforce consistent rules across similar resources. On the other hand, NACLs function at the subnet level, controlling traffic entering and exiting a subnet in a VPC. Each NACL can have rules that either allow or deny traffic for both inbound and outbound connections, impacting all instances within that subnet. This means that while Security Groups can be more dynamic and instance-specific, NACLs provide broader control at the subnet level. Understanding this distinction helps in effectively designing a security architecture within AWS, ensuring that traffic is appropriately managed at both the instance and subnet levels.

More Questions Like This