New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon CLF-C02 Exam - Topic 1 Question 2 Discussion

Actual exam question for Amazon's CLF-C02 exam
Question #: 2
Topic #: 1
[All CLF-C02 Questions]

Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instances?

Show Suggested Answer Hide Answer
Suggested Answer: B

Security groups are the AWS service or feature that can be used to apply security rules to specific Amazon EC2 instances. Security groups are virtual firewalls that control the inbound and outbound traffic for one or more instances. Customers can create security groups and add rules that reflect the role of the instance that is associated with the security group.For example, a web server instance needs security group rules that allow inbound HTTP and HTTPS access, while a database instance needs rules that allow access for the type of database12.Security groups are stateful, meaning that the responses to allowed inbound traffic are also allowed, regardless of the outbound rules1.Customers can assign multiple security groups to an instance, and the rules from each security group are effectively aggregated to create one set of rules1.

Network ACLs are another AWS service or feature that can be used to control the traffic for a subnet. Network ACLs are stateless, meaning that they do not track the traffic that they allow.Therefore, customers must add rules for both inbound and outbound traffic3. Network ACLs are applied at the subnet level, not at the instance level.

AWS Trusted Advisor is an AWS service that provides best practice recommendations for security, performance, cost optimization, and fault tolerance.AWS Trusted Advisor does not apply security rules to specific Amazon EC2 instances, but it can help customers identify security gaps and improve their security posture4.

AWS WAF is an AWS service that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. AWS WAF does not apply security rules to specific Amazon EC2 instances, but it can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer.


by Dalene at Oct 05, 2023, 04:10 AM

Limited Time Offer

25%

Off

Get Premium CLF-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sheridan
3 months ago
Pretty sure it's security groups, no doubt about it.
upvoted 0 times
...
Kiley
3 months ago
Wait, can you really use AWS WAF for EC2 security?
upvoted 0 times
...
Cordell
4 months ago
Security groups are the way to go!
upvoted 0 times
...
Carylon
4 months ago
I thought it was Network ACLs?
upvoted 0 times
...
Lemuel
4 months ago
Definitely security groups!
upvoted 0 times
...
Gwen
4 months ago
I feel like AWS Trusted Advisor doesn’t apply here at all, but I’m not confident about the details of security groups versus network ACLs.
upvoted 0 times
...
Rodrigo
4 months ago
I’m leaning towards security groups too, but I keep mixing them up with AWS WAF sometimes.
upvoted 0 times
...
Alfreda
5 months ago
I remember practicing a similar question, and I think network ACLs are more about subnets, not individual instances.
upvoted 0 times
...
Bev
5 months ago
I think security groups are the right choice here since they apply to specific EC2 instances, but I'm not completely sure.
upvoted 0 times
...
Carmen
5 months ago
Security groups are the way to go for this. They're the primary mechanism for controlling traffic to and from EC2 instances.
upvoted 0 times
...
Antonio
5 months ago
I'm a bit confused on the difference between Network ACLs and Security groups. I'll need to double-check the details on each of those AWS services.
upvoted 0 times
...
Angelyn
5 months ago
Security groups seem like the obvious choice here. They provide a firewall-like functionality to control access to EC2 instances.
upvoted 0 times
...
Buddy
5 months ago
Hmm, I'm not sure about this one. I'll need to think it through a bit more. Maybe I should review the security features of EC2 instances again.
upvoted 0 times
...
Gilma
5 months ago
I think the answer is Security groups, since they allow you to control inbound and outbound traffic to specific EC2 instances.
upvoted 0 times
...
Annamaria
5 months ago
I'm pretty sure this is about policing, which allows the network admin to control the maximum rate of traffic on an interface.
upvoted 0 times
...
Vincenza
5 months ago
Wait, I'm a bit confused. What's the difference between the database role and the service role attribute? I'll need to make sure I understand that part.
upvoted 0 times
...
Latanya
5 months ago
Hmm, this one seems straightforward. I think the answer is Profiling, since that's the service used to dynamically identify network endpoints.
upvoted 0 times
...

Save Cancel