Question 17
Content Domain 4: Machine Learning Implementation and OperationsAn AWS machine learning team wants to control network traffic to an Amazon EC2 instance used for model training. Which AWS feature should they use to define instance-level inbound and outbound traffic rules?
Correct answer: B
Explanation
Security groups are used to control inbound and outbound traffic at the instance level in AWS. They are the standard mechanism for applying basic network access rules to resources such as Amazon EC2 instances. — Security groups
Why each option is right or wrong
A. IAM roles
IAM roles provide permissions for AWS API actions, not instance-level network traffic filtering.
B. Security groups
Security groups are the AWS feature used to define inbound and outbound traffic rules for an EC2 instance. In this scenario, the team needs instance-level network access control for the training server, which matches the purpose of security groups.
C. Amazon CloudWatch alarms
CloudWatch alarms monitor metrics and trigger actions; they do not define network access rules.
D. AWS KMS keys
KMS keys manage encryption operations, not inbound and outbound network traffic settings.