Home › AWS Security › cloudcomputing › scsinfraiam › Which AWS networking primitive is STATELESS, att…
Which AWS networking primitive is STATELESS, attached at the subnet level, supports both allow + explicit deny rules, and acts as a defence-in-depth complement to security groups?
ANetwork ACLs
BSecurity Groups
CAmazon Route 53
DAmazon CloudFront
Answer & Solution
Correct answer: A. Network ACLs
NACLs are stateless subnet-level allow+deny (per SCS-C02 §3.2). SGs are stateful + allow-only; the others are unrelated.
Related questions
Which IAM feature lets an architect cap the MAXIMUM permissions an entity (user/role) can Which AWS service is the customer-identity-and-access-management (CIAM) service for consumWhich AWS service federates corporate identities (Active Directory, Okta, Azure AD) into AWhich AWS service is the canonical identity store for managing IAM users, roles, groups, aWhich AWS feature lets a security engineer trace whether traffic from a source ENI to a deWhich AWS service is the managed stateful firewall for VPC traffic — supporting Suricata-cWhich AWS service provides centralised firewall management — deploying WAF rules, Shield AWhich AWS networking primitive is STATEFUL, lives at the ENI level, allows traffic by allo