Western Governors University (WGU) ITEC2119 D282 Cloud Foundations Practice Exam

In a Virtual Private Cloud (VPC), Network Access Control Lists (ACLs) serve as an optional security control that can be applied at the subnet layer. Network ACLs act as a set of rules that control inbound and outbound traffic to subnets in a VPC. They provide a layer of security by allowing you to permit or deny traffic based on specific criteria such as IP addresses and protocols. This enables fine-tuning of the traffic flow for the subnet, helping to enhance the overall security posture of the environment.

Network ACLs operate at the subnet level and are stateless, meaning that rules for both inbound and outbound traffic must be defined separately. This characteristic allows for greater flexibility and control over which traffic is allowed in and out of the subnet.

While security groups, firewalls, and web application firewalls can also provide security measures, they do not function at the same layer or in the same capacity as Network ACLs within the VPC architecture. Security groups apply at the instance level and are stateful; they automatically allow return traffic from initiated connections. Traditional firewalls typically function outside the cloud provider's infrastructure, and web application firewalls specialize in filtering and monitoring HTTP traffic, targeting web applications specifically. Thus, Network ACLs uniquely fulfill