Which of the following is false with regards to Security Groups which can be defined for EC2 Instances

Answer options:

A.In Security Groups you can define both allow and deny rules
B.You can specify separate rules for inbound and outbound traffic.
C.When you create a security group, it has no inbound rules
D.Security groups are stateful in nature

Answer - A
The AWS documentation mentions the following on Security groups
1. You can specify allow rules, but not deny rules.
2. You can specify separate rules for inbound and outbound traffic.
3. When you create a security group, it has no inbound rules. Therefore, no inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group.
4. Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules
For more information on Security Groups, please refer to below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html