Default Network ACL for Default VPC in AWS

Default Network ACL - AWS Certified Advanced Networking - Specialty

Prev Question Next Question

Question

Which of the following statements are true about the default Network ACL assigned to the default VPC.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and C.

The AWS documentation mentions the following.

The default network ACL is configured to allow all traffic to flow in and out of the subnets to which it is associated.

Each network ACL also includes a rule whose rule number is an asterisk.

This rule ensures that if a packet doesn't match any of the other numbered rules, it's denied.

You can't modify or remove this rule.

For more information on the default NACL please see the below link:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html#default-network-acl

The default VPC in AWS is created automatically when an AWS account is created, and it comes with a default Network Access Control List (ACL). Network ACLs are stateless, and they function at the subnet level. They determine what inbound and outbound traffic is allowed or denied to and from subnets in the VPC.

Based on this information, we can determine that option (B) is correct:

B. The Network ACL Inbound Rules deny all traffic

This means that, by default, no inbound traffic is allowed into the subnets of the default VPC unless explicitly allowed by a rule in the Network ACL.

As for the outbound traffic, the correct answer is (C):

C. The Network ACL Outbound Rules allow all traffic

This means that, by default, all outbound traffic from subnets in the default VPC is allowed. However, outbound traffic can still be restricted by Security Groups associated with the instances in the subnets.

It's important to note that these default Network ACL settings are not ideal for most use cases and should be reviewed and modified as per your specific needs.