Exam AWS Certified Cloud Practitioner topic 1 question 50 discussion

stateless-Netwrok ACL stateful ; security group

AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types: Amazon CloudFront distribution Amazon API Gateway REST API Application Load Balancer AWS AppSync GraphQL API Amazon Cognito user pool

Option B - Security groups . security groups are statefull firewall

security groups are statefull firewall NACL are stateless

Security groups

Amazon RDS security groups enable you to manage network access to your Amazon RDS instances. With security groups, you specify sets of IP addresses using CIDR notation, and only network traffic originating from these addresses is recognized by your Amazon RDS instance. Although they function in a similar way, Amazon RDS security groups are different from Amazon EC2 security groups. It is possible to add an EC2 security group to your RDS security group. Any EC2 instances that are members of the EC2 security group are then able to access the RDS instances that are members of the RDS security group.

It is SECURITY GROUPS.. it could have been WAF but WAF is staeless

B. Security groups

NACL that is working on the subnet level

WAF is stateless. The question asks for a statefull service, hence Security Groups.

According to this article: https://aws.amazon.com/blogs/database/applying-best-practices-for-securing-sensitive-data-in-amazon-rds/ Both WAS and SG are recommended but since the word "stateful" was used.... I'm gonna go with Security Groups

Stateful firewall mentioned means Security group

wy is the admin gicign wrong answer ?

B is correct

stateful firewall--security group

B is correct

Security groups are a fundamental feature of AWS that act as stateful firewalls for controlling inbound and outbound traffic at the instance level. They provide granular control over traffic by allowing or denying specific protocols, ports, and IP ranges. To limit network traffic to the Amazon RDS instance, the company can configure the associated security group to only allow inbound connections from the private corporate network. By specifying the appropriate rules, the company can restrict access to the RDS instance to only the necessary IP addresses or IP ranges.