A solutions architect is designing the network security for a three-tier web application in a VPC. The architect needs to implement security controls at the subnet level and the instance level.<br/><br/>Which TWO statements about VPC security are correct? (Select TWO.)

Answer options:

Security groups are stateful, meaning return traffic is automatically allowed.

Network ACLs are stateful, meaning return traffic is automatically allowed.

Security groups operate at the subnet level.

Network ACLs are stateless, meaning return traffic must be explicitly allowed.

Security groups evaluate all rules before deciding to allow traffic.

How to approach this question

Recall the differences between Security Groups and NACLs regarding statefulness.

Full Answer

Security groups are stateful (return traffic is allowed automatically) and operate at the instance level. Network ACLs are stateless (return traffic must be explicitly allowed via outbound rules) and operate at the subnet level.

Common mistakes

Mixing up the stateful/stateless nature of SGs and NACLs.

Question 08 All questions Question 10

Practice the full AWS SAA-C03 Practice Exam 6

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02A company has two AWS accounts: Account A for development and Account B for production. Developer...Medium Q03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...Easy Q04A company is running an application on Amazon EC2 instances. The application needs to connect to ...Medium Q05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy

View all 65 questions →