ACL = subnet, Security Groups = instances

The Question states "AWS service or tool can be 'used' to set up a firewall" So option is C. And Network ACL is not a AWS service or tool. Correct me if i am wrong.

The correct answer is D. Network ACL (Access Control List). Network ACLs act as a firewall for controlling traffic in and out of a subnet in Amazon Virtual Private Cloud (VPC). They operate at the subnet level and evaluate traffic based on rules defined for inbound and outbound traffic.

A. Security group: Acts as a virtual firewall for an Amazon EC2 instance. It controls inbound and outbound traffic at the instance level. While it's an essential component for controlling traffic to and from EC2 instances, it operates at the instance level, not at the subnet level. B. AWS WAF (Web Application Firewall): Focused on protecting web applications from common web exploits. It is used for filtering HTTP traffic and is not designed to control traffic at the VPC subnet level. C. AWS Firewall Manager: A service that helps manage AWS WAF rules across multiple accounts and resources. It is more about central configuration and management of WAF rules, rather than directly controlling traffic at the VPC subnet level. D. Network ACL (Access Control List): A set of rules that control inbound and outbound traffic at the subnet level. It operates at the network layer (Layer 3) and allows or denies traffic based on defined rules for a specific subnet. Network ACLs provide control over traffic entering and leaving a subnet within an Amazon VPC.

Correct answer is NACL Security Group is used for setup inbound and outbound rules in instance levels not in subnet levels. The question ask for a service or tool which serves at subnet levels. So, this answer is not correct. NACL: Allows to setup rules at subnet levels. So this is the correct answer. Firewall Manager: This is used for a broader perspective. It simplifies administration and maintenance tasks across multiple AWS accounts for variety of protections like WAF, Shield, Security Groups and Network Firewall etc.

C is the correct answer. The AWS Firewall Manager helps to configure a firewall and that’s what this question is asking. ”AWS Firewall Manager simplifies your AWS WAF administration and maintenance tasks across multiple accounts and resources. With AWS Firewall Manager, you set up your firewall rules just once.” A – Security groups are essential to efficiently managing access to resources, but they are not classified as a service. B – Web application firewall is essential to controlling traffic into and out of a network, by setting access rules and monitoring network request, but this is not the best answer. D – Access Control Lists are used to grant or limit access to network and system resources, but they are not classified as a service. Reference: https://AWS Firewall Manager Documentation (amazon.com)

A. Security group To control traffic going into and coming out of an Amazon VPC subnet, you can use security groups. Security groups act as virtual firewalls at the instance level, allowing you to specify rules that control inbound and outbound traffic. They operate at the instance level, controlling traffic at the network level. The other options are also related to security, but they serve different purposes: B. AWS WAF (Web Application Firewall): Focuses on protecting web applications from common web exploits. C. AWS Firewall Manager: Manages the AWS WAF settings across your accounts and applications. D. Network ACL (Access Control List): An optional layer of security for your VPC that acts as a firewall for controlling traffic at the subnet level. While it’s a viable option, security groups are often more straightforward for basic traffic control.

Answer D : Network Access Control Lists (NACLs) Act as a firewall to control traffic at the subnet level, allowing or denying specific inbound or outbound traffic.

Like Pietro167 stated Network ACL = Subnet | Security Groups = Instances

ACL = sub-rede, grupos de segurança = instâncias (by pietro167) Perfect

D. Network ACL (Access Control List) Network ACLs act as a firewall for controlling traffic at the subnet level. They are stateless and operate at the subnet level, allowing or denying traffic based on rules defined for inbound and outbound traffic. Network ACLs provide an added layer of security by allowing you to specify rules that govern traffic at the network level, complementing the security groups that operate at the instance level.

Network ACL

They phrase is "...to control traffic going into and coming out of an Amazon VPC subnet?". It is NACL. D

A. Security Group is the primary method.

To set up a firewall to control traffic going into and coming out of an Amazon VPC (Virtual Private Cloud) subnet, you can use AWS Network Firewall. AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for your VPCs. It allows you to create firewall rules and enforce them at the perimeter of your VPC. With AWS Network Firewall, you can define rules based on IP addresses, ports, protocols, and other criteria to allow or deny traffic. It integrates with AWS Firewall Manager for centralized management across multiple accounts and VPCs. C - correct By using AWS Network Firewall, you can effectively control inbound and outbound traffic to and from your VPC subnets, enhancing the security posture of your AWS infrastructure.

D = CORRECT

D. Network ACL (Access Control List): An optional layer of security for your VPC that acts as a firewall for controlling traffic at the subnet level. While it’s a viable option, security groups are often more straightforward for basic traffic control.