Frequently asked questions and answers of Security Groups vs Network Access Control Lists (NACLs) in Cloud Computing of Computer Science to enhance your skills, knowledge on the selected topic. We have compiled the best Security Groups vs Network Access Control Lists (NACLs) Interview question and answer, trivia quiz, mcq questions, viva question, quizzes to prepare. Download Security Groups vs Network Access Control Lists (NACLs) FAQs in PDF form online for academic course, jobs preparations and for certification exams .
Intervew Quizz is an online portal with frequently asked interview, viva and trivia questions and answers on various subjects, topics of kids, school, engineering students, medical aspirants, business management academics and software professionals.
Question-1. What is a Security Group in cloud networking?
Answer-1: A Security Group acts as a virtual firewall that controls inbound and outbound traffic for cloud resources at the instance level.
Question-2. What is a Network Access Control List (NACL)?
Answer-2: A NACL is a stateless firewall that controls inbound and outbound traffic at the subnet level within a VPC.
Question-3. How do Security Groups differ from NACLs in terms of state?
Answer-3: Security Groups are stateful, meaning return traffic is automatically allowed; NACLs are stateless and require explicit rules for both inbound and outbound traffic.
Question-4. Can Security Groups and NACLs be used together?
Answer-4: Yes, they can be layered where NACLs provide subnet-level security and Security Groups provide instance-level security.
Question-5. Which is applied first: NACL or Security Group?
Answer-5: NACLs are evaluated first at the subnet level, then Security Groups are applied at the instance level.
Question-6. How many Security Groups can be attached to an instance?
Answer-6: Multiple Security Groups (typically up to 5 or more) can be attached to a single instance.
Question-7. How many NACLs can be associated with a subnet?
Answer-7: Only one NACL can be associated with each subnet.
Question-8. Are Security Groups or NACLs easier to manage?
Answer-8: Security Groups are generally easier due to their stateful nature and instance-level focus.
Question-9. Do Security Groups allow rules by default?
Answer-9: By default, Security Groups deny all inbound traffic and allow all outbound traffic.
Question-10. What is the default behavior of NACLs?
Answer-10: Default NACLs allow all inbound and outbound IPv4 traffic.
Question-11. Can you block specific IP addresses using Security Groups?
Answer-11: Yes, Security Groups allow you to specify rules to allow or deny traffic from specific IP addresses or ranges.
Question-12. Can NACLs block traffic from specific IP addresses?
Answer-12: Yes, NACLs can explicitly allow or deny traffic based on IP address and port.
Question-13. Are Security Group rules evaluated in order?
Answer-13: No, all Security Group rules are evaluated collectively, and the most permissive rule applies.
Question-14. Are NACL rules evaluated in order?
Answer-14: Yes, NACLs evaluate rules by rule number in ascending order.
Question-15. What protocol types can be controlled by Security Groups?
Answer-15: Security Groups support TCP, UDP, ICMP, and custom protocols.
Question-16. Can NACLs control traffic by protocol?
Answer-16: Yes, NACLs can control TCP, UDP, ICMP, and other protocols.
Question-17. Which is better for protecting an entire subnet
Answer-17: Security Groups or NACLs?
Question-18. Which provides more granular control
Answer-18: Security Groups or NACLs?
Question-19. Do Security Groups support both allow and deny rules?
Answer-19: No, Security Groups only support allow rules; all else is denied implicitly.
Question-20. Do NACLs support both allow and deny rules?
Answer-20: Yes, NACLs explicitly allow or deny traffic.
Question-21. How are Security Group changes applied?
Answer-21: Changes to Security Groups take effect immediately.
Question-22. How are NACL changes applied?
Answer-22: NACL changes also take effect immediately.
Question-23. What happens if no rule matches in a Security Group?
Answer-23: Traffic is denied by default.
Question-24. What happens if no rule matches in a NACL?
Answer-24: Traffic is denied by default.
Question-25. Can Security Groups reference other Security Groups?
Answer-25: Yes, Security Groups can reference other Security Groups for source or destination.
Question-26. Can NACLs reference other NACLs or Security Groups?
Answer-26: No, NACLs cannot reference other NACLs or Security Groups.
Question-27. Which is stateless: Security Groups or NACLs?
Answer-27: NACLs are stateless.
Question-28. How does stateful nature of Security Groups affect response traffic?
Answer-28: Return traffic is automatically allowed regardless of inbound rules.
Question-29. What is the maximum number of inbound or outbound rules in a Security Group?
Answer-29: Typically up to 60 inbound and 60 outbound rules per Security Group.
Question-30. What is the maximum number of rules in a NACL?
Answer-30: Up to 20 inbound and 20 outbound rules per NACL by default, though limits can vary.
Question-31. Can Security Groups be applied to resources other than instances?
Answer-31: Yes, Security Groups can be applied to load balancers, databases, and more.
Question-32. Can NACLs be applied to individual instances?
Answer-32: No, NACLs apply only at the subnet level.
Question-33. What kind of attacks can Security Groups help prevent?
Answer-33: Security Groups help prevent unauthorized access and limit exposure at the instance level.
Question-34. What kind of attacks can NACLs help prevent?
Answer-34: NACLs help block traffic before it reaches subnets, reducing attack surfaces at network boundaries.
Question-35. Can Security Groups filter traffic based on port ranges?
Answer-35: Yes, Security Groups support port ranges.
Question-36. Can NACLs filter traffic based on port ranges?
Answer-36: Yes, NACLs also support filtering by port ranges.
Question-37. How do Security Groups affect network performance?
Answer-37: Security Groups generally have minimal impact on network performance.
Question-38. Do NACLs introduce latency in packet processing?
Answer-38: NACLs may introduce minimal latency as packets are checked against rules.
Question-39. Which cloud providers use Security Groups and NACLs?
Answer-39: AWS uses Security Groups and NACLs; Azure and GCP have similar concepts with slightly different names.
Question-40. Can you audit Security Group changes?
Answer-40: Yes, changes can be audited via cloud provider logs like AWS CloudTrail.
Question-41. Can you audit NACL changes?
Answer-41: Yes, NACL changes can be logged and audited similarly.
Question-42. How do you troubleshoot connectivity issues caused by Security Groups?
Answer-42: Check if inbound/outbound rules allow required traffic and verify associated groups.
Question-43. How do you troubleshoot connectivity issues caused by NACLs?
Answer-43: Check the ordered list of allow/deny rules for subnet traffic filtering.
Question-44. What is the default Security Group in AWS?
Answer-44: It allows all inbound traffic from within the same Security Group and all outbound traffic.
Question-45. What is the default NACL in AWS?
Answer-45: It allows all inbound and outbound IPv4 and IPv6 traffic.
Question-46. Can Security Groups be used for outbound filtering?
Answer-46: Yes, Security Groups allow outbound traffic rules.
Question-47. Can NACLs be used for outbound filtering?
Answer-47: Yes, NACLs can control outbound traffic as well.
Question-48. How do Security Groups impact cloud cost?
Answer-48: No direct cost, but poorly managed rules can lead to security risks.
Question-49. How do NACLs impact cloud cost?
Answer-49: No direct cost, but effective use can prevent costly breaches.
Question-50. What are best practices for using Security Groups and NACLs together?
Answer-50: Use NACLs for broad subnet-level controls and Security Groups for fine-grained instance-level rules.
Frequently Asked Question and Answer on Security Groups vs Network Access Control Lists (NACLs)
Security Groups vs Network Access Control Lists (NACLs) Interview Questions and Answers in PDF form Online
Security Groups vs Network Access Control Lists (NACLs) Questions with Answers
Security Groups vs Network Access Control Lists (NACLs) Trivia MCQ Quiz
