A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has
CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server
in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is
configuring a security group for the public subnet (WebSecGrp. and the private subnet
(DBSecGrp.. Which of the below mentioned entries is required in the web server security group
(WebSecGrp.?
A.
Configure Destination as DB Security group ID (DbSecGrp. for port 3306 Outbound
B.
80 for Destination 0.0.0.0/0 Outbound
C.
Configure port 3306 for source 20.0.0.0/24 InBound
D.
Configure port 80 InBound for source 20.0.0.0/16
Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has
created a public private subnet to host the web server and DB server respectively, the user should
configure that the instances in the public subnet can receive inbound traffic directly from the
internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should
configure that the instance in the public subnet can send traffic to the private subnet instances on
the DB port. Thus, the user should configure the DB security group of the private subnet
(DbSecGrp. as the destination for port 3306 in Outbound.
B
A
A