Option B is correct. Security groups are stateful virtual firewalls attached to ENIs/instances. They permit only allow rules; any traffic not explicitly allowed is implicitly denied. You cannot add explicit deny rules. Options A and D are wrong because explicit deny rules are not supported, and security groups are attached to ENIs/instances rather than applied at the subnet level. Option C is wrong because security groups are stateful, so return traffic is automatically allowed without matching outbound rules.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean that security groups are stateful?
Open an interactive chat with Bash
What is the difference between a security group and a network ACL?