Exam AWS Certified Cloud Practitioner topic 1 question 388 discussion

D. Security groups "A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don't specify a security group, Amazon EC2 uses the default security group for the VPC. You can add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance." https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html

Hence "D" is a Right Answer

The answer is D. While security groups are a part of Amazon VPC, it is the security group itself that filters traffic. You need to always choose the most specific, correct key.

The AWS service or feature that provides functionality to apply security rules to specific Amazon EC2 instances is Security groups (D). Security groups are a fundamental feature of Amazon VPC that acts as a virtual firewall for EC2 instances. They enable you to control inbound and outbound traffic to your EC2 instances by defining rules that specify the allowed traffic's source and destination. Security groups can be applied at the instance level to specific instances or to an entire group of instances that share a common set of security requirements.

The correct answer is D. Security groups provide the functionality to apply security rules to specific Amazon EC2 instances. Security groups act as virtual firewalls for your instances to control inbound and outbound traffic. You can add rules to a security group that allow traffic to or from its associated instances according to protocols, ports, and source or destination IP addresses.

D is the answer.

D. Security groups AWS Security Groups are a feature of Amazon EC2 that allows you to apply security rules to specific instances. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. You can use security groups to control access to your instances based on IP address, protocol, and port number. A. AWS WAF: AWS WAF is a service that allows you to create web access control lists (ACLs) to control access to your web applications. It is not used to apply security rules to specific EC2 instances. B. Network ACLs: Network ACLs are used to control inbound and outbound traffic to and from a subnet in a VPC. They are not used to apply security rules to specific EC2 instances. C. Amazon VPC: Amazon VPC allows you to create a virtual network in the AWS cloud. You can use it to launch Amazon EC2 instances, RDS DB instances and other resources in a virtual network that you've defined. It does not provide the functionality of applying security rules to specific instances.

D? My rationale is that you create the security rule in the security group 1st and then apply it to the EC2 instance. If the question is applying a security group to a specific instance then the answer would be AWS VPC. Thoughts?

security groups

D, not C, c is traffic

Its D, you can create security groups and assign to EC2 instances without creating VPCs. The document you're linking is describing VPCs come with a default security group and additonal SGs can be created within that VPC.

D was right!

updated response, should be C. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

Answer: D

D, best option

Should be D.. SGs are stateful virtual FWs for assigned EC2 Instances

why is not D?