AWS Certified Advanced Networking Specialty Practice Exam

What is the core purpose of using security groups within a VPC?

• A. To allow unrestricted access to EC2 instances
• B. To monitor network traffic for security threats
• C. To filter inbound and outbound traffic to resources
• D. To create backups of data

The correct answer is: To filter inbound and outbound traffic to resources

The core purpose of using security groups within a Virtual Private Cloud (VPC) is to filter inbound and outbound traffic to resources such as EC2 instances. Security groups act as virtual firewalls that control the flow of traffic based on defined rules. Each security group consists of rules which specify the allowed protocols, ports, and source/destination IP addresses for both incoming and outgoing traffic. This mechanism is crucial for maintaining a secure environment. By configuring security groups appropriately, administrators can ensure that only legitimate traffic is allowed to reach their instances and that sensitive data remains protected from unauthorized access. Security groups are stateful, meaning that if an incoming request is allowed, the response traffic is also allowed regardless of outbound rules, simplifying management and enhancing security. The other choices represent functionalities that are not the primary role of security groups within VPC architecture. For instance, security groups do not allow unrestricted access to EC2 instances; rather, they enforce restrictions. Monitoring network traffic for security threats involves other tools and services, such as AWS CloudTrail or AWS GuardDuty. Finally, creating backups of data is unrelated to security group functions and is typically managed by services like Amazon S3 or AWS Backup.