Which task can a company perform by using security groups in the AWS Cloud?
Allow access to an Amazon EC2 instance through only a specific port.
Deny access to malicious IP addresses at a subnet level.
Protect data that is cached by Amazon Cloud Front.
Apply a stateless firewall to an Amazon EC2 instance.
Explanations:
Security groups in AWS are virtual firewalls for EC2 instances that control inbound and outbound traffic. They allow or deny access based on specified ports and protocols. Therefore, a security group can be configured to allow access to an EC2 instance only through a specific port.
Security groups operate at the instance level, not at the subnet level. While they can control access to instances based on IP addresses, they do not have the capability to deny access at the subnet level. NACLs (Network Access Control Lists) are used for that purpose.
Security groups do not protect data cached by Amazon CloudFront. CloudFront uses its own security mechanisms, such as signed URLs and access controls, to manage access to cached content. Security groups are specifically designed for EC2 instances.
Security groups are stateful firewalls, meaning that if you allow a request from an instance, the response is automatically allowed, regardless of inbound rules. A stateless firewall would require rules for both incoming and outgoing traffic separately, which is not the functionality of security groups.