0
0
AWScloud~5 mins

Network ACLs overview in AWS - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is a Network ACL in AWS?
A Network ACL (Access Control List) is a security layer for your VPC that controls inbound and outbound traffic at the subnet level. It acts like a firewall to allow or deny traffic based on rules.
Click to reveal answer
intermediate
How does a Network ACL differ from a Security Group?
Network ACLs control traffic at the subnet level and are stateless, meaning return traffic must be explicitly allowed. Security Groups control traffic at the instance level and are stateful, automatically allowing return traffic.
Click to reveal answer
beginner
What does it mean that Network ACLs are stateless?
Stateless means that Network ACLs do not remember previous traffic. If you allow inbound traffic, you must also allow outbound traffic explicitly for the response to pass.
Click to reveal answer
intermediate
What is the default rule behavior in a Network ACL?
By default, Network ACLs allow all inbound and outbound IPv4 traffic and deny all inbound and outbound IPv6 traffic. They have numbered rules evaluated in order from lowest to highest.
Click to reveal answer
beginner
How are Network ACL rules evaluated?
Rules are evaluated in order, starting with the lowest number. The first rule that matches the traffic is applied. If no rules match, the default rule denies the traffic.
Click to reveal answer
What level does a Network ACL control traffic in AWS?
ASubnet level
BInstance level
CRegion level
DAvailability zone level
Which statement about Network ACLs is true?
AThey are stateless and require explicit rules for return traffic.
BThey are stateful and automatically allow return traffic.
CThey only control outbound traffic.
DThey replace Security Groups.
If no Network ACL rule matches the traffic, what happens?
ATraffic is allowed by default.
BTraffic is denied by default.
CTraffic is logged but allowed.
DTraffic is redirected to a Security Group.
How are Network ACL rules processed?
AAll rules are processed simultaneously.
BRules are processed randomly.
CRules are processed in order from lowest to highest number.
DOnly the highest numbered rule is processed.
What is the default Network ACL behavior for IPv4 traffic?
AAllow outbound only.
BDeny all inbound and outbound traffic.
CAllow inbound only.
DAllow all inbound and outbound traffic.
Explain how Network ACLs control traffic in an AWS VPC and how they differ from Security Groups.
Think about where the rules apply and how traffic return is handled.
You got /4 concepts.
    Describe the rule evaluation process in Network ACLs and what happens if no rule matches the traffic.
    Consider the order and default behavior.
    You got /3 concepts.