CompTIA Network+ Practice Test

What do network security groups provide in a VPC?

• A. Static IP addresses for all devices
• B. Granular control of data flow without firewalls
• C. VPC rules assigned to specific virtual NICs
• D. Automatic traffic monitoring and reporting

The correct answer is: VPC rules assigned to specific virtual NICs

Network security groups in a Virtual Private Cloud (VPC) are essential for controlling inbound and outbound traffic to and from resources like virtual machines and other network interfaces. The role of these groups is to apply a set of rules that regulate the communication based on IP addresses, ports, and protocols. When considering the options about what network security groups provide, the correct choice pertains to assigning rules to specific virtual Network Interface Cards (NICs) within the VPC. This allows for a more nuanced and customizable approach to security, ensuring that different resources can have tailored access controls defined by the administrator. By linking these rules to individual NICs, network security groups can effectively dictate which traffic is permitted or denied based on the needs of that specific resource, enhancing overall network security. The other options, while they may contain elements related to network functionality and security, do not accurately represent the primary purpose or capability of network security groups within a VPC context. Static IP addresses are allocated more broadly rather than through security groups. The notion of granular control without firewalls misrepresents how security groups operate; they are indeed security constructs, but they're not meant to replace firewalls but to work alongside them. Lastly, automatic traffic monitoring and reporting fall more into the realm of network