Exam CLF-C02 Topic 3 Question 588 Discussion

Actual exam question for Amazon's CLF-C02 exam
Question #: 588
Topic #: 3
A company wants to establish a security layer in its VPC that will act as a firewall to control subnet traffic.
Which AWS service or feature will meet this requirement?

Suggested Answer: C Vote an answer

Security groups are the service or feature that meets the requirement of establishing a security layer in a VPC that will act as a firewall to control subnet traffic. Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Security groups are associated with network interfaces, and therefore apply to all the instances in the subnets that use those network interfaces. Routing tables are used to direct traffic between subnets and gateways, not to filter traffic. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level, but they are less granular and more cumbersome to manage than security groups.
Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity, not a firewall service.

by rodolforaf at Nov 22, 2025, 11:37 AM

Limited Time Offer

15%

Off

Get Premium CLF-C02 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
rodolforaf
2025-11-22 11:37:22
a resposta correta é B
upvoted 1 times
...
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10