Network Acls MCQ Questions and Answers

Mastering Network Acls is crucial for cloud certification success. This dedicated practice set features 134 Network Acls MCQ questions and answers designed to mirror real exam scenarios across various AWS certifications.

📝 134 Questions⏱️ 90 min🎯 Pass: 70%

About Network Acls Practice Questions

This detailed quiz focuses on Network Acls, covering key concepts and scenarios often found in AWS exams.

  • Comprehensive coverage of Network Acls features.
  • Scenario-based questions testing design and troubleshooting skills.
  • Detailed explanations to reinforce learning.

All 134 Network Acls Questions

Browse through the complete list of questions and answers below. Use this resource to review specific concepts or check your understanding of Network Acls.

1

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
2

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
AWS WAF
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
3

What is a Network Access Control List (Network ACL)?

An optional layer of security for your VPC subnets that acts as a firewall
A list of users who can access the VPC
A type of load balancer
A tool for encrypting network traffic
View Explanation
✓ Correct Answer: An optional layer of security for your VPC subnets that acts as a firewallExplanation:NACLs operate at the subnet level, providing a second layer of defense after security groups.
4

Are Network ACLs 'Stateful' or 'Stateless'?

Stateless (you must explicitly allow both inbound and outbound traffic)
Stateful (it remembers the state of connections)
Stateful for UDP only
Neither
View Explanation
✓ Correct Answer: Stateless (you must explicitly allow both inbound and outbound traffic)Explanation:Unlike security groups, NACLs do not remember connection states, so you must define rules for both directions.
5

What is the primary difference between a Security Group and a Network ACL?

Security Groups are applied to instances, whereas NACLs are applied to subnets
Security Groups are only for public subnets
NACLs are stateful, but security groups are not
There is no difference in functionality
View Explanation
✓ Correct Answer: Security Groups are applied to instances, whereas NACLs are applied to subnetsExplanation:This is the most fundamental distinction between the two firewall layers in a VPC.
6

What is the 'Rule Number' used for in a Network ACL?

To determine the order in which rules are evaluated (lowest to highest)
To identify the user who created the rule
To specify the port number
It is just a unique ID with no functional purpose
View Explanation
✓ Correct Answer: To determine the order in which rules are evaluated (lowest to highest)Explanation:NACL rules are processed in order, and the first matching rule is applied.
7

By default, what are the rules for the 'Default Network ACL' that comes with your VPC?

All inbound and outbound traffic is allowed
All inbound and outbound traffic is denied
Only HTTP and HTTPS are allowed
Only traffic within the VPC is allowed
View Explanation
✓ Correct Answer: All inbound and outbound traffic is allowedExplanation:The default NACL is open to all traffic, whereas custom NACLs start with all traffic denied.
8

Which feature of Network ACLs allows you to explicitly block a specific IP address (e.g., from a known malicious bot)?

Deny Rules
Security Group exclusions
VPC Flow Logs
IAM Policies
View Explanation
✓ Correct Answer: Deny RulesExplanation:NACLs support both 'Allow' and 'Deny' rules, while security groups only support 'Allow' rules.
9

How many subnets can be associated with a single Network ACL?

Multiple subnets within the same VPC
Only one subnet
Exactly two (one public, one private)
As many subnets as there are in the entire AWS region
View Explanation
✓ Correct Answer: Multiple subnets within the same VPCExplanation:A NACL can be shared across multiple subnets, but a subnet can only have one NACL at a time.
10

What happens if a subnet is not explicitly associated with a custom Network ACL?

It is automatically associated with the VPC's Default Network ACL
It has no network protection at all
All traffic to the subnet is blocked until a NACL is created
The VPC creation will fail
View Explanation
✓ Correct Answer: It is automatically associated with the VPC's Default Network ACLExplanation:AWS ensures that every subnet has a NACL by defaulting to the standard VPC NACL.
11

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
12

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
13

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
14

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
15

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
16

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
17

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
18

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
AWS WAF
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
19

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
20

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
21

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
22

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Route Tables
AWS WAF
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
23

What is the 'Default' behavior of a Network ACL created by a user (not the VPC default NACL)?

It denies all inbound and outbound traffic until rules are added
It allows all traffic by default
It copies from the default NACL
It allows only port 80 and 443
View Explanation
✓ Correct Answer: It denies all inbound and outbound traffic until rules are addedExplanation:User-defined NACLs start as 'Deny All', whereas the default VPC NACL starts as 'Allow All'.
24

When configuring a Network ACL to allow web traffic (port 80) to a subnet, what else must be configured for the connection to work correctly?

An outbound rule for ephemeral ports (e.g., 1024-65535) back to the client
A Route 53 record
A corresponding rule in the Security Group
The instance must have a public IP
View Explanation
✓ Correct Answer: An outbound rule for ephemeral ports (e.g., 1024-65535) back to the clientExplanation:NACLs are stateless. You must explicitly allow the 'returning' traffic from the server to the client's temporary (ephemeral) port range.
25

Can a Network ACL be associated with multiple subnets in the same VPC?

Yes, but a subnet can only be associated with one NACL at a time
No, it is a 1-to-1 relationship
Only if they are in different regions
Only for public subnets
View Explanation
✓ Correct Answer: Yes, but a subnet can only be associated with one NACL at a timeExplanation:NACLs provide subnet-level security and can be reused, but each subnet has a single controlling NACL.
26

Which security layer acts as a 'second line of defense' at the subnet level in an AWS VPC?

Network ACL
Security Group
AWS WAF
IAM Role
View Explanation
✓ Correct Answer: Network ACLExplanation:NACLs provide an additional layer of security across the entire subnet, while security groups protect individual instances.
27

When a network packet enters a subnet, which security layer is evaluated first?

Network ACL (NACL)
Security Group
Route Table
IAM Policy
View Explanation
✓ Correct Answer: Network ACL (NACL)Explanation:NACLs are the first line of defense at the subnet boundary. If a packet is allowed by the NACL, it then reaches the security group for the individual instance.
28

A network security team wants to prevent all traffic from a specific malicious subnet (192.168.1.0/24) from reaching the entire web subnet. How should this be implemented?

Add an inbound Deny rule for 192.168.1.0/24 with a low rule number in the Network ACL
Modify the Security Group to Deny that range
Remove the route 192.168.1.0/24 from the Route Table
Use AWS Shield Standard
View Explanation
✓ Correct Answer: Add an inbound Deny rule for 192.168.1.0/24 with a low rule number in the Network ACLExplanation:Only Network ACLs support explicit 'Deny' rules for specific IP ranges at the network layer.
29

A developer reports that their EC2 instance can receive web traffic but cannot download updates from the internet. The security group allows all outbound traffic. What could be the issue in the Network ACL?

The NACL is missing an outbound rule to allow traffic to the internet (0.0.0.0/0)
The NACL is stateful and should handle it automatically
The Route Table is missing the Internet Gateway
The instance needs a private IP
View Explanation
✓ Correct Answer: The NACL is missing an outbound rule to allow traffic to the internet (0.0.0.0/0)Explanation:Because NACLs are stateless, you must define both inbound and outbound rules for communication to succeed.
30

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Network ACLs
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
31

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
32

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Network ACLs
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
33

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
34

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
35

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
36

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Route Tables
Network ACLs
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
37

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
38

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Network ACLs
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
39

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
40

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
41

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
42

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Route Tables
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
43

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
44

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
AWS WAF
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
45

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
46

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Network ACLs
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
47

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
48

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Route Tables
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
49

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
50

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
AWS WAF
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
51

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
52

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
53

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
54

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Route Tables
Network ACLs
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
55

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
56

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Network ACLs
Security Groups
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
57

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
58

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
59

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
60

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Security Groups
Network ACLs
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
61

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
62

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
63

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
64

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
65

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
66

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
67

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Yes, add a deny rule to Security Groups
Use AWS WAF
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
68

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
AWS WAF
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
69

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
70

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
71

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
72

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Network ACLs
Route Tables
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
73

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
74

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Network ACLs
Route Tables
Security Groups
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
75

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
76

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
77

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Yes, add a deny rule to Security Groups
Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
78

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Route Tables
Network ACLs
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
79

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
80

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
81

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
82

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
83

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
84

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Network ACLs
Route Tables
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
85

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
86

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
87

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
88

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
89

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
90

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Network ACLs
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
91

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
92

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
93

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
94

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Route Tables
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
95

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
96

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
97

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
98

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
99

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
100

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Route Tables
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
101

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
102

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Route Tables
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
103

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
104

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
AWS WAF
Security Groups
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
105

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
106

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
AWS WAF
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
107

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
108

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
109

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
110

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Security Groups
Network ACLs
Route Tables
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
111

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
112

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Network ACLs
AWS WAF
Security Groups
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
113

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
114

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
115

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
116

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
117

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
118

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
119

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Use AWS WAF
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
120

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Network ACLs
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
121

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
Use AWS WAF
Configure AWS IAM policies
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
122

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
AWS WAF
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
123

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
124

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
125

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

No, use Network ACLs or equivalent for explicit deny rules
Configure AWS IAM policies
Yes, add a deny rule to Security Groups
Use AWS WAF
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
126

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
127

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
No, use Network ACLs or equivalent for explicit deny rules
Yes, add a deny rule to Security Groups
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
128

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Network ACLs
Security Groups
AWS WAF
Route Tables
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
129

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
130

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Security Groups
Route Tables
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
131

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Configure AWS IAM policies
Use AWS WAF
Yes, add a deny rule to Security Groups
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
132

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

Route Tables
Network ACLs
Security Groups
AWS WAF
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.
133

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?

Yes, add a deny rule to Security Groups
Configure AWS IAM policies
Use AWS WAF
No, use Network ACLs or equivalent for explicit deny rules
View Explanation
✓ Correct Answer: No, use Network ACLs or equivalent for explicit deny rulesExplanation:Security Groups typically support allow rules only. Network ACLs support both allow and deny rules, making them suitable for blocking unwanted IP addresses.
134

You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?

AWS WAF
Route Tables
Security Groups
Network ACLs
View Explanation
✓ Correct Answer: Network ACLsExplanation:Network ACLs operate at the subnet level and are stateless, requiring you to define both inbound and outbound rules explicitly.