ACloud Guru Certified Cloud Practitioner Practice Exam

Network ACLs (Access Control Lists) are an additional security measure that can be implemented at the subnet level in a Virtual Private Cloud (VPC). They serve as a firewall for controlling traffic in and out of one or more subnets, providing an extra layer of security by allowing or denying requests based on predefined rules.

Network ACLs operate at the network layer, meaning they evaluate packets passing through the subnet. They can be set up with rules that specify allowed or denied IP addresses, protocols, and ports. This capability enables you to create a more granular level of control over traffic entering or exiting the subnet, complementing other security measures such as Security Groups, which operate at the instance level and are stateful.

The other options serve different purposes. A private IP address is simply an address assigned to a resource within the VPC and does not constitute a security measure. IAM (Identity and Access Management) manages user permissions and access to resources but does not work at the subnet level. Security Groups are also filters for traffic but are associated with individual instances rather than subnets, making them stateful and designed to allow or deny traffic based on inbound and outbound rules.