0 votes
in AWS by

Which of the below can be configured to enhance the security at the subnet level?

1 Answer

0 votes
by

Answer: C.

Option A is INCORRECT.

Virtual Private Cloud (VPC) is a virtual network that lets us launch AWS resources in the defined virtual network.

Option B is INCORRECT.

Configure transitive VPC peering is invalid as this is not supported in AWS.

Option C is CORRECT.

NACLs can be configured to enhance the security at the subnet level.

Option D is INCORRECT.

Security Group acts as a virtual firewall by controlling the traffic both inbound and outbound.

Security group acts at the instance level.

Reference:

https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

The correct answer is C. NACL (Network Access Control List).

Explanation: In Amazon Web Services (AWS), a Virtual Private Cloud (VPC) allows customers to create their own virtual network within AWS. A VPC is a logically isolated section of the AWS cloud where customers can launch AWS resources like Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Relational Database Service (Amazon RDS) instances, and others.

A subnet is a range of IP addresses in the VPC. Each subnet must be associated with a route table, which controls the traffic between the subnets and the internet. When you create a VPC, AWS automatically creates a default subnet for you.

To enhance security at the subnet level, you can use a Network Access Control List (NACL). A NACL is an optional layer of security for your VPC that acts as a firewall for controlling inbound and outbound traffic at the subnet level.

A NACL consists of a set of rules that allow or deny traffic to and from the subnet. Each rule is evaluated in order, starting with the lowest rule number. The rules can be configured to allow or deny traffic based on the source and destination IP addresses, the protocol used, and the port number.

You can configure a NACL to allow or deny traffic based on the IP address of the source or destination, the protocol used, and the port number. NACLs are stateless, which means that you must create a rule to allow inbound traffic and a separate rule to allow outbound traffic.

Security Groups, on the other hand, are another important layer of security for your AWS resources. Security Groups act as a virtual firewall to control inbound and outbound traffic for your Amazon EC2 instances. Security Groups are stateful, which means that any traffic that is allowed to enter an instance is automatically allowed to leave that instance. Security Groups are associated with network interfaces, which means that you can apply different Security Groups to different instances.

Therefore, Security Groups are not used to enhance the security at the subnet level, but to control the traffic for specific instances. Hence, the correct answer to the question is C. NACL.

...