AWS Network Access Control Lists (NACLs)

Questions and Answers

Which AWS service can be used to capture the IP traffic of network interfaces in a VPC?

• CloudTrail
• NACLs (correct)
• Security groups
• Route 53

What is the difference between NACLs and security groups in terms of rule application?

• NACLs apply rules automatically to instances in a subnet, while security groups have to be manually applied to instances. (correct)
• NACLs have separate incoming and outgoing rules, while security groups have combined rules.
• NACLs support allow and deny rules, while security groups only support allow rules.
• NACLs are stateful, while security groups are stateless.

What is the purpose of CloudTrail in AWS?

• Monitor account activity in AWS. (correct)
• Capture DNS queries.
• Monitor security operations in the cloud.
• Capture IP traffic of network interfaces in a VPC.

What type of rules do NACLs support?

Allow and deny rules (A)

What is the order in which NACL rules are applied?

Based on their priority number (B)

What is the purpose of VPC flow logs in AWS?

Capture IP traffic of network interfaces in a VPC. (D)

Are NACLs stateful or stateless?

Stateless (B)

Can NACL rules be automatically applied to outgoing traffic when an incoming rule is changed?

No, NACL rules are only applied to incoming traffic. (D)

What is the purpose of Route 53 in AWS?

Capture DNS queries. (D)

Is security operations shifting to the cloud?

Yes, security operations have already shifted their attention to the cloud. (B)

Flashcards are hidden until you start studying