Question

You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: security groups and network access control lists (ACLs). You have already looked into security groups and you are now trying to understand ACLs. Which statement below is incorrect in relation to ACLs?

Options

  1. ACL supports allow rules and deny rules.
  2. ACL are statefull that means the return traffic is automatically allowed, regardless of any rules.
  3. ACL processes rules in number order when deciding whether to allow traffic.
  4. ACL operates at the subnet level (second layer of defense).

Correct Answer

2

Explanation

Amazon VPC provides two features that you can use to increase security for your VPC: Security groups—Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network access control lists (ACLs)—Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Security groups are statefull: (Return traffic is automatically allowed, regardless of any rules) Network ACLs are stateless: (Return traffic must be explicitly allowed by rules)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.