Questions 64 and 65
Explanations for questions 64 and 65
We'll cover the following
Question 64
You are planning to deploy a number of EC2 instances in your VPC. The EC2 instances will be deployed across several subnets and multiple AZs. Which AWS feature can act as an instance-level firewall to control traffic between your EC2 instances?
- AWS WAF
- Security group
- Route table
- Network ACL
Correct Answer: 2
Explanation: A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.
INCORRECT: “AWS WAF” is incorrect. AWS WAF is a web application firewall and does not work at the instance level.
CORRECT: “Security group” is the correct answer.
INCORRECT: “Route table” is incorrect. Route tables are not firewalls.
INCORRECT: “Network ACL” is incorrect. Network ACLs function at the subnet level.
References:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
Level up your interview prep. Join Educative to access 70+ hands-on prep courses.