Which statement best describes the main difference between AWS Security Groups and Network ACLs (NACLs)?

easy📝 Conceptual Q11 of 15

AWS - Security Groups and Network ACLs

ASecurity Groups control subnet-level traffic; NACLs control instance-level traffic.

BSecurity Groups are stateful and control instance-level traffic; NACLs are stateless and control subnet-level traffic.

CBoth Security Groups and NACLs are stateful and control instance-level traffic.

DNACLs are stateful and control instance-level traffic; Security Groups are stateless and control subnet-level traffic.

Step-by-Step Solution

Solution:

Step 1: Understand Security Groups behavior
Security Groups are stateful, meaning they remember allowed connections and automatically allow return traffic. They work at the instance level.
Step 2: Understand NACLs behavior
NACLs are stateless, so they do not remember previous traffic and require explicit rules for both inbound and outbound traffic. They apply at the subnet level.
Final Answer:
Security Groups are stateful and control instance-level traffic; NACLs are stateless and control subnet-level traffic. -> Option B
Quick Check:
Stateful = Security Groups, Stateless = NACLs [OK]

Quick Trick: Security Groups = instance + stateful; NACLs = subnet + stateless [OK]

Common Mistakes:

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes