Which statement below is incorrect in relation to security groups?

You need to set up security for your VPC and you know that Amazon VPC provides two features that you

can use to increase security for your VPC: Security groups and network access control lists (ACLs). You start to look into security groups first.

Which statement below is incorrect in relation to security groups?
A .  Are stateful: Return traffic is automatically allowed, regardless of any rules.
B .  Evaluate all rules before deciding whether to allow traffic.
C .  Support allow rules and deny rules.
D .  Operate at the instance level (first layer of defense).

Answer: C

Explanation:

Amazon VPC provides two features that you can use to increase security for your VPC:

Security groups―Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level and supports allow rules only.

Network access control lists (ACLs)―Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level and supports allow rules and deny rules.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>