Which task can a company perform by using security groups in the AWS Cloud?
Allow access to an Amazon EC2 instance through only a specific port.
Deny access to malicious IP addresses at a subnet level.
Protect data that is cached by Amazon CloudFront.
Apply a stateless firewall to an Amazon EC2 instance.
Explanations:
Security groups act as virtual firewalls for Amazon EC2 instances, allowing you to specify which traffic is allowed to reach the instance based on port, protocol, and source IP address. This enables fine-grained control over access to the instance through specific ports.
Security groups operate at the instance level and do not allow for denying access at the subnet level. Instead, network access control lists (NACLs) are used for subnet-level security.
Security groups are not involved in protecting data cached by Amazon CloudFront. CloudFront uses its own security mechanisms, such as signed URLs and HTTPS, to secure data in transit and at rest.
Security groups provide stateful filtering, meaning that if you allow incoming traffic on a specific port, the response traffic is automatically allowed. A stateless firewall would require explicit rules for both incoming and outgoing traffic, which security groups do not provide.