Ends in

$2 OFF ALL AWS, Azure, Google Cloud & Kubernetes Practice Exams!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified SysOps Administrator Associate Question about NACL versus Security Group

  • Question about NACL versus Security Group

  • reigota

    May 9, 2021 at 8:27 pm

    There is a question that says a company is using ECS + DynamoDB.
    However, this company is suffering malicious attacks from a specific set o IP Addresses.

    My answer was: Block the incoming traffic using the Security Group of the ECS instance

    but the correct answer is: Block the incoming traffic using NACL.

    From my understanding, NACL is a layer of protection at the VPC Level…

    So why is incorrect to say that the protection via the security group of the ECS instance will not work in this scenario???

    Thank you in advance!

  • Tutorials-Dojo

    May 15, 2021 at 7:40 am

    Hi Reigota,

    Thank you for posting your question. Both Network ACLs and Security Groups protect your computing resources from unwanted network attacks. The primary difference between them is that a security group can only whitelist the valid network sources. It cannot explicitly block traffic, unlike Network ACL.

    You can actually try it on your EC2 console. If you open your default security group, you will see that it doesn’t have the ALLOW/DENY toggle that you usually see in your Network ACL.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated in helping you pass your AWS exam on your first try!


    Jon Bonso @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018