Which of the following is an optional Security layer attached to a subnet within a VPC for controlling traffic in & out of the VPC?

Answer options:

A.VPC Flow Logs
B.Web Application Firewall
C.Security Group
D.Network ACL

Correct Answer – D
Network ACL can be additionally configured on subnet level to control traffic in & out of the VPC.Option A is incorrect. VPC Flow Logs will capture information about IP traffic in & out of VPC. This will not be used for controlling purposes.
Option B is incorrect. Web Application Firewall (WAF) can be configured to protect web applications from common security threats. It can be deployed on devices such as Amazon CloudFront, Application Load Balancer and Amazon API Gateway.
Option C is incorrect. Security Groups are attached at instance level & not at the subnet level.
For more information on security within VPC, refer to the following URL:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html#VPC_Security_Comparison