Gary is designing his cloud infrastructure and needs to provide a firewall-like capability for the virtual systems he is running. Which of the following cloud capabilities acts like a virtual firewall?

Security groups are a virtual firewall for instances, allowing rules to be applied to traffic between instances. Dynamic resource allocation is a concept that allows resources to be applied as they are needed, including scaling up and down infrastructure and systems on the fly. Virtual private cloud (VPC) endpoints are a way to connect to services inside of a cloud provider without an Internet gateway. Finally, instance awareness is a concept that means that tools know about the differences between instances, rather than treating each instance in a scaling group as the same. This can be important during incident response processes and security monitoring for scaled groups, where resources may all appear identical without in- stance awareness.