Security Groups vs NACLs
WHAT IT TESTS: layered network access controls. OUTLINE: a security group is stateful and attached to instances or NICs; a NACL is stateless and applied at the subnet. RED FLAG: thinking NACLs are stateful or that security groups support explicit deny rules.
WHAT IT TESTS: knowing where each filter sits and whether it tracks connection state. ANSWER OUTLINE: a security group or NSG is a stateful filter attached to an instance or network interface; return traffic for an allowed connection is automatically permitted, and it supports allow rules (NSGs add deny). A NACL is a stateless filter at the subnet boundary, evaluating each packet independently with ordered allow and deny rules, so you must permit both directions. Use them together as defense in depth.
Read the original → interview
- #security
- #networking
- #firewall
- #nacl
- #cloud
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.