What is the difference between a "Network ACL" and a "Security Group" in a VPC?
Correct! Well done.
Incorrect.
The correct answer is B) A Security Group operates at the instance level and is stateful (return traffic is automatically allowed), while a Network ACL operates at the subnet level and is stateless (return traffic must be explicitly allowed by rules)
Correct Answer
A Security Group operates at the instance level and is stateful (return traffic is automatically allowed), while a Network ACL operates at the subnet level and is stateless (return traffic must be explicitly allowed by rules)
Security Groups are stateful and apply to instances/ENIs, automatically allowing response traffic, while Network ACLs are stateless subnet-level firewalls that evaluate rules in numbered order and require explicit rules for both inbound and outbound traffic.