New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon CLF-C02 Exam - Topic 6 Question 17 Discussion

Actual exam question for Amazon's CLF-C02 exam
Question #: 17
Topic #: 6
[All CLF-C02 Questions]

Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?

Show Suggested Answer Hide Answer
Suggested Answer: D

A network ACL (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You can create a network ACL and associate it with a subnet to apply rules that allow or deny traffic to or from the subnet. Network ACLs are stateless, meaning that they evaluate the source and destination IP addresses for both inbound and outbound traffic.You can also use network ACLs to block IP address ranges that are known to be malicious12.

The other options are not AWS services or tools that can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet. Security groups are another layer of security for your VPC that act as a firewall for your EC2 instances. Security groups are stateful, meaning that they automatically allow return traffic for allowed inbound traffic.Security groups can only filter traffic based on protocols, ports, and source or destination IP addresses, not on IP ranges3. AWS WAF is a web application firewall that helps protect your web applications from common web exploits. AWS WAF can filter web requests based on rules that you define, such as IP addresses, HTTP headers, HTTP body, or URI strings.AWS WAF does not apply to non-web traffic or to traffic within a VPC4. AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources in AWS Organizations. You can use Firewall Manager to apply AWS WAF rules, AWS Network Firewall policies, and Amazon VPC security groups across your AWS accounts. AWS Firewall Manager does not provide a firewall service itself, but rather helps you manage other firewall services


by Magdalene at May 02, 2024, 06:52 AM

Limited Time Offer

25%

Off

Get Premium CLF-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Aleta
3 months ago
Really? I didn't know Security groups were that flexible!
upvoted 0 times
...
King
3 months ago
I always use Firewall Manager for centralized control.
upvoted 0 times
...
Keshia
3 months ago
Wait, isn't AWS WAF for web applications?
upvoted 0 times
...
Titus
4 months ago
I thought it was Network ACL, but Security groups make sense too.
upvoted 0 times
...
Valentin
4 months ago
Definitely Security group for VPC subnets!
upvoted 0 times
...
Hyman
4 months ago
I’m leaning towards Network ACLs because they operate at the subnet level, but I could be mixing it up with Security Groups.
upvoted 0 times
...
Ahmad
4 months ago
AWS WAF sounds familiar, but I believe that’s more for web applications, not specifically for VPC subnets.
upvoted 0 times
...
Tora
4 months ago
I remember practicing a question about VPCs, and I think Network ACLs were mentioned as well. Could it be both?
upvoted 0 times
...
Tanja
5 months ago
I think it might be the Security Group, but I’m not entirely sure if it’s the only option for controlling traffic.
upvoted 0 times
...
Clarence
5 months ago
I'm a little confused on the difference between security groups and network ACLs for this use case. I'll need to review the documentation to make sure I understand which one is the right choice for controlling traffic in and out of a VPC subnet.
upvoted 0 times
...
Keshia
5 months ago
Okay, let me think this through step-by-step. A VPC subnet needs a way to control traffic, and the options given are security groups, AWS WAF, AWS Firewall Manager, and network ACLs. Security groups seem like the most direct and common way to handle this, so I'll go with that.
upvoted 0 times
...
Margarita
5 months ago
This one seems pretty straightforward. I'm pretty sure the answer is security groups, since they're used to control traffic in and out of VPC subnets.
upvoted 0 times
...
Caprice
5 months ago
Hmm, I'm a bit unsure on this one. I know security groups are used for firewall-like functionality, but I'm not sure if that's the only option. I'll have to think this through carefully.
upvoted 0 times
...
Avery
5 months ago
Hmm, I'm a little unsure about this one. I know we need to enable a remote access service, but I can't remember if SSH is the specific one required for the Symantec Management Agent installation. I'll have to think this through carefully.
upvoted 0 times
...
Willetta
5 months ago
Hmm, I'm a bit unsure about some of these factors. I'll need to review my notes on Blue Prism architecture to make sure I don't miss anything important.
upvoted 0 times
...
Catrice
5 months ago
I remember doing a practice question on IS-IS protocol configurations, and it seems that adjusting the metrics could be involved.
upvoted 0 times
...
Pamella
2 years ago
Yeah, Network ACLs seem to fit well. They're designed for subnet control.
upvoted 0 times
...
Dorinda
2 years ago
I agree with user2. Network ACLs specifically mention VPC subnets.
upvoted 0 times
...
Jacquline
2 years ago
AWS WAF is more for web application protection, right? So not applicable here.
upvoted 0 times
...
Virgina
2 years ago
But don't Security Groups also control traffic? They are stateful though.
upvoted 0 times
...
Daniela
2 years ago
Same here. I think it might be a Network ACL because they control traffic at the subnet level.
upvoted 0 times
...
Celestine
2 years ago
This question is tricky. I'm unsure about the right tool to control VPC traffic.
upvoted 0 times
...

Save Cancel