AWS Technical Essentials Practice

The correct answer highlights that security groups provide instance-level security, which is a fundamental aspect of AWS's security architecture. Security groups act as virtual firewalls for your EC2 instances, controlling incoming and outgoing traffic at the instance level. This means that each instance can have unique security rules, allowing for granular control over which IP addresses and protocols can communicate with it. This is essential for protecting the individual applications running on different instances while enabling flexibility in a multi-tenant cloud environment.

In contrast, the other options do not accurately reflect the primary purpose of security groups. While security groups operate at the network and security level, they do not function at the region level as indicated in the first choice; instead, they are specific to individual resources like EC2 instances. The mention of database encryption pertains to different services within AWS, such as AWS Key Management Service (KMS), which does not directly relate to security groups. Lastly, monitoring API requests involves services like AWS CloudTrail, not security groups, which are focused on network traffic control rather than auditing or logging of API actions.