Home › AWS SysOps Associate › cloudcomputing › sysopssecuritynetwork › Which networking object inside a VPC is STATELES…
Which networking object inside a VPC is STATELESS (return traffic doesn't auto-allow) and applies at the subnet level?
ANetwork ACL (NACL)
BRoute 53 alias record
CIAM policy
DSecurity group
Answer & Solution
Correct answer: A. Network ACL (NACL)
NACLs are stateless, subnet-level, allow + deny rules. Security groups are stateful, instance/ENI-level, allow-only. IAM and Route 53 aren't network ACLs.
Related questions
Which managed AWS service centralises and accelerates cross-Region private traffic betweenWhich Route 53 feature distributes requests to multiple endpoints proportionally based on An application backed by an ALB receives an unusually high number of 4xx errors from a fewWhich AWS service allows centrally rotating keys, audit-logging key usage, and enforcing kAn EC2 instance in a private subnet needs outbound HTTPS to api.example.com but no inboundWhich AWS service tests an IAM policy against a hypothetical request and explains which stWhich managed service lets you privately connect a VPC to an AWS service (e.g. S3, DynamoDWhich AWS feature provides DDoS protection at L3/L4 for all AWS customers by default, with