AWS Certified SysOps Administrator SOA-C01 – Question474

You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: Security groups and network access control lists (ACLs). You start to look into security groups first. Which statement below is incorrect in relation to security groups?

A.
Are stateful: Return traffic is automatically allowed, regardless of any rules.
B. Support addition of individual allow and deny rules in both inbound and outbound.
C. Security Groups can be added or removed from EC2 instances in a VPC at any time.
D. Evaluate all rules before deciding whether to allow traffic.

Correct Answer: B

Explanation:

Explanation: Amazon VPC provides two features that you can use to increase security for your VPC: Security groups–Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level and supports allow rules only. Network access control lists (ACLs)–Act as a firewall for associated subnets, controlling both in-bound and outbound traffic at the subnet level and supports allow rules and deny rules. Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security….