Why is it recommended to use both Security Groups and Network ACLs together in AWS VPC security design?

hard📝 Conceptual Q10 of 15

AWS - Security Groups and Network ACLs

ABecause Security Groups provide instance-level stateful filtering and Network ACLs provide subnet-level stateless filtering for layered security

BBecause both are stateful firewalls that duplicate filtering for redundancy

CBecause Network ACLs override Security Groups and simplify management

DBecause Security Groups only filter outbound traffic and Network ACLs only filter inbound traffic

Step-by-Step Solution

Solution:

Step 1: Understand Security Groups role
Security Groups provide stateful filtering at the instance level, automatically allowing return traffic.
Step 2: Understand Network ACLs role
Network ACLs provide stateless filtering at the subnet level, requiring explicit rules for inbound and outbound traffic.
Step 3: Recognize layered security benefit
Using both together creates defense in depth, protecting at multiple network layers.
Final Answer:
Because Security Groups provide instance-level stateful filtering and Network ACLs provide subnet-level stateless filtering for layered security -> Option A
Quick Check:
Layered security = SG stateful + NACL stateless [OK]

Quick Trick: Use SG + NACL for layered, stateful + stateless security [OK]

Common Mistakes:

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes