Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 95 discussion

ACL = subnet, Security Groups = instances

The Question states "AWS service or tool can be 'used' to set up a firewall" So option is C. And Network ACL is not a AWS service or tool. Correct me if i am wrong.

Network ACLs are used to control inbound and outbound traffic at the subnet level within an Amazon VPC. They provide a way to set up a firewall that operates at the network layer and are applied to all instances within a subnet.

TOOL, FIREWALL MANAGER = TOOL and is superset of NACL

D. Network ACL - key word is subnet

Network ACLs are used to control inbound and outbound traffic at the subnet level within an Amazon VPC. They provide a way to set up a firewall that operates at the network layer and are applied to all instances within a subnet.

As stated in the question, we're looking for a mechanism to control the subnet traffic, so it's a NACL.

Answer D : Network Access Control Lists (NACLs) Act as a firewall to control traffic at the subnet level, allowing or denying specific inbound or outbound traffic.

Like Pietro167 stated Network ACL = Subnet | Security Groups = Instances

The correct answer is D. Network ACL (Access Control List). Network ACLs act as a firewall for controlling traffic in and out of a subnet in Amazon Virtual Private Cloud (VPC). They operate at the subnet level and evaluate traffic based on rules defined for inbound and outbound traffic.

ACL = sub-rede, grupos de segurança = instâncias (by pietro167) Perfect

D. Network ACL (Access Control List) Network ACLs act as a firewall for controlling traffic at the subnet level. They are stateless and operate at the subnet level, allowing or denying traffic based on rules defined for inbound and outbound traffic. Network ACLs provide an added layer of security by allowing you to specify rules that govern traffic at the network level, complementing the security groups that operate at the instance level.

Network ACL

Correct answer is NACL Security Group is used for setup inbound and outbound rules in instance levels not in subnet levels. The question ask for a service or tool which serves at subnet levels. So, this answer is not correct. NACL: Allows to setup rules at subnet levels. So this is the correct answer. Firewall Manager: This is used for a broader perspective. It simplifies administration and maintenance tasks across multiple AWS accounts for variety of protections like WAF, Shield, Security Groups and Network Firewall etc.

They phrase is "...to control traffic going into and coming out of an Amazon VPC subnet?". It is NACL. D

C is the correct answer. The AWS Firewall Manager helps to configure a firewall and that’s what this question is asking. ”AWS Firewall Manager simplifies your AWS WAF administration and maintenance tasks across multiple accounts and resources. With AWS Firewall Manager, you set up your firewall rules just once.” A – Security groups are essential to efficiently managing access to resources, but they are not classified as a service. B – Web application firewall is essential to controlling traffic into and out of a network, by setting access rules and monitoring network request, but this is not the best answer. D – Access Control Lists are used to grant or limit access to network and system resources, but they are not classified as a service. Reference: https://AWS Firewall Manager Documentation (amazon.com)

A. Security Group is the primary method.