What term refers to stateless filtering rules applied at the subnet level and apply to every resource deployed to the subnet within the VPC or VNE?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the CompTIA SecurityX Test. Equip yourself with comprehensive flashcards and multiple choice questions that include hints and explanations. Gear up for your certification exam!

Multiple Choice

What term refers to stateless filtering rules applied at the subnet level and apply to every resource deployed to the subnet within the VPC or VNE?

Explanation:
Network Access Control Lists are the subnet-level, stateless filters that apply to every resource launched in that subnet. They sit at the boundary of the subnet, so all traffic entering or leaving the subnet is checked against these rules for all resources inside it. Because they are stateless, they do not remember connections; return traffic is not automatically allowed and must be explicitly permitted by rules for the opposite direction. Rules are evaluated in order, and the first match decides the outcome, with any traffic that doesn’t match a rule being denied by default. This distinguishes them from security groups, which are stateful and attach to individual resources, automatically permitting related return traffic when a connection is allowed. Availability Zone is a regional fault-tolerance construct, not a filtering mechanism, and Data Zone isn’t the standard term for this concept.

Network Access Control Lists are the subnet-level, stateless filters that apply to every resource launched in that subnet. They sit at the boundary of the subnet, so all traffic entering or leaving the subnet is checked against these rules for all resources inside it. Because they are stateless, they do not remember connections; return traffic is not automatically allowed and must be explicitly permitted by rules for the opposite direction. Rules are evaluated in order, and the first match decides the outcome, with any traffic that doesn’t match a rule being denied by default.

This distinguishes them from security groups, which are stateful and attach to individual resources, automatically permitting related return traffic when a connection is allowed. Availability Zone is a regional fault-tolerance construct, not a filtering mechanism, and Data Zone isn’t the standard term for this concept.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy