Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam CLF-C02 Topic 6 Question 17 Discussion

Actual exam question for Amazon's CLF-C02 exam
Question #: 17
Topic #: 6
[All CLF-C02 Questions]

Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?

Show Suggested Answer Hide Answer
Suggested Answer: D

A network ACL (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You can create a network ACL and associate it with a subnet to apply rules that allow or deny traffic to or from the subnet. Network ACLs are stateless, meaning that they evaluate the source and destination IP addresses for both inbound and outbound traffic.You can also use network ACLs to block IP address ranges that are known to be malicious12.

The other options are not AWS services or tools that can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet. Security groups are another layer of security for your VPC that act as a firewall for your EC2 instances. Security groups are stateful, meaning that they automatically allow return traffic for allowed inbound traffic.Security groups can only filter traffic based on protocols, ports, and source or destination IP addresses, not on IP ranges3. AWS WAF is a web application firewall that helps protect your web applications from common web exploits. AWS WAF can filter web requests based on rules that you define, such as IP addresses, HTTP headers, HTTP body, or URI strings.AWS WAF does not apply to non-web traffic or to traffic within a VPC4. AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources in AWS Organizations. You can use Firewall Manager to apply AWS WAF rules, AWS Network Firewall policies, and Amazon VPC security groups across your AWS accounts. AWS Firewall Manager does not provide a firewall service itself, but rather helps you manage other firewall services


Contribute your Thoughts:

Pamella
5 months ago
Yeah, Network ACLs seem to fit well. They're designed for subnet control.
upvoted 0 times
...
Dorinda
6 months ago
I agree with user2. Network ACLs specifically mention VPC subnets.
upvoted 0 times
...
Jacquline
6 months ago
AWS WAF is more for web application protection, right? So not applicable here.
upvoted 0 times
...
Virgina
6 months ago
But don't Security Groups also control traffic? They are stateful though.
upvoted 0 times
...
Daniela
7 months ago
Same here. I think it might be a Network ACL because they control traffic at the subnet level.
upvoted 0 times
...
Celestine
7 months ago
This question is tricky. I'm unsure about the right tool to control VPC traffic.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77