Which AWS services or features can control VPC traffic?
(Choose two.)
Security groups
AWS Direct Connect
Amazon GuardDuty
Network ACLs
Amazon Connect
Explanations:
Security groups act as virtual firewalls for your EC2 instances to control inbound and outbound traffic. They provide a way to specify rules that allow or deny traffic based on protocol, port number, and source/destination IP address. Each instance can be associated with multiple security groups, enabling fine-grained control over the traffic that is allowed to and from instances in a VPC.
AWS Direct Connect is a network service that provides a dedicated connection from your on-premises data center to AWS. It does not control VPC traffic directly; rather, it facilitates network connectivity and bandwidth management between your local infrastructure and your VPC. While it can improve the performance of traffic to and from AWS, it does not have any mechanism to filter or control that traffic within the VPC itself.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior within AWS accounts and workloads. While it provides alerts and findings based on unusual or suspicious activities, it does not directly control or filter VPC traffic. GuardDuty helps identify potential security issues but does not implement traffic control measures.
Network ACLs (Access Control Lists) are a layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Unlike security groups, which are stateful, network ACLs are stateless and can have both allow and deny rules. They can filter traffic based on protocol, port, and source/destination IP addresses, providing an additional mechanism for controlling access to resources in the VPC.
Amazon Connect is a cloud-based contact center service that enables businesses to provide customer service through various communication channels. It does not control VPC traffic. Instead, it is a service used for managing customer interactions and does not involve the mechanisms required to filter or direct network traffic within a VPC environment.