0
0
AWScloud~5 mins

Security groups vs NACLs decision in AWS - Quick Revision & Key Differences

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is a Security Group in AWS?
A Security Group acts like a virtual firewall for your EC2 instances. It controls inbound and outbound traffic at the instance level and allows only the traffic you specify.
Click to reveal answer
beginner
What is a Network ACL (NACL) in AWS?
A Network ACL is a firewall that controls traffic at the subnet level. It filters inbound and outbound traffic for all instances in the subnet and works with allow and deny rules.
Click to reveal answer
intermediate
How do Security Groups differ from NACLs in terms of statefulness?
Security Groups are stateful, meaning if you allow inbound traffic, the response is automatically allowed outbound. NACLs are stateless, so you must explicitly allow both inbound and outbound traffic.
Click to reveal answer
intermediate
When should you use a Security Group instead of a NACL?
Use Security Groups to control traffic directly to instances because they are easier to manage and stateful. They are best for instance-level security.
Click to reveal answer
intermediate
Why might you use a NACL in addition to Security Groups?
Use NACLs to add an extra layer of security at the subnet level, especially to block specific IP addresses or ranges before traffic reaches instances.
Click to reveal answer
Which AWS security feature is stateful?
ABoth Security Group and Network ACL
BNetwork ACL
CNeither Security Group nor Network ACL
DSecurity Group
At what level does a Network ACL operate?
AInstance level
BVPC level
CSubnet level
DRegion level
Which of the following can have deny rules in AWS?
ASecurity Groups only
BNetwork ACLs only
CBoth Security Groups and Network ACLs
DNeither Security Groups nor Network ACLs
If you want to block a specific IP address from accessing your subnet, which should you use?
ANetwork ACL
BNeither
CBoth Security Group and Network ACL
DSecurity Group
Which AWS security feature automatically allows response traffic for allowed inbound connections?
ASecurity Group
BNetwork ACL
CBoth
DNone
Explain the main differences between Security Groups and Network ACLs in AWS.
Think about where they apply and how they handle traffic.
You got /6 concepts.
    Describe a scenario where using both Security Groups and Network ACLs together improves security.
    Consider layering security controls.
    You got /4 concepts.