Which security feature allows for stateful control of traffic to and from Amazon EC2 instances?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

Stateful control of traffic to and from Amazon EC2 instances is achieved through security groups. Security groups act as virtual firewalls for your EC2 instances, controlling both inbound and outbound traffic. They enable you to define specific rules that allow or deny traffic based on IP addresses, protocols, and port numbers.

The key characteristic of security groups is their stateful nature; if an inbound request is allowed, the response to that request is automatically permitted, regardless of the outbound rules. This means that once a connection is established, the subsequent traffic from the response is allowed through without needing separate rules.

In contrast, features like NAT gateways, route tables, and network ACLs do not offer the same level of stateful management for traffic. NAT gateways primarily enable instances in a private subnet to connect to the internet, while route tables determine the traffic routing within VPC. Network ACLs, on the other hand, provide stateless filtering and impose rules for inbound and outbound traffic, requiring separate rules for each direction, which can be less intuitive than security groups' stateful approach.

More Multiple Choice Questions