AWS Certification Practice Exam: Prep, Practice Test & Study Guide

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all
Session length

1 / 20

Which best describes how Security Groups differ from Network Access Control Lists (NACLs)?

Security Groups operate at the VPC level, NACLs at the instance level

Security Groups control inbound and outbound traffic for instances, NACLs control traffic at the subnet level

The correct choice highlights a fundamental architectural distinction between Security Groups and Network Access Control Lists (NACLs) within an AWS environment. Security Groups are designed to operate specifically on an instance level, controlling both inbound and outbound traffic to EC2 instances. They act as virtual firewalls that define allowed traffic based on rules specified for each instance. Thus, a Security Group can be assigned to multiple instances, providing a way to enforce consistent rules across similar resources.

On the other hand, NACLs function at the subnet level, controlling traffic entering and exiting a subnet in a VPC. Each NACL can have rules that either allow or deny traffic for both inbound and outbound connections, impacting all instances within that subnet. This means that while Security Groups can be more dynamic and instance-specific, NACLs provide broader control at the subnet level.

Understanding this distinction helps in effectively designing a security architecture within AWS, ensuring that traffic is appropriately managed at both the instance and subnet levels.

Get further explanation with Examzify DeepDiveBeta

Security Groups are mandatory, NACLs are optional

Security Groups can be applied to multiple subnets, NACLs cannot

Next Question
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy