A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The
private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is
planning to host a web server in the public subnet (port 80. and a DB server in the private subnet
(port 3306.. The user is configuring a security group of the NAT instance. Which of the below
mentioned entries is not required for the NAT security group?
A.
For Inbound allow Source: 20.0.1.0/24 on port 80
B.
For Outbound allow Destination: 0.0.0.0/0 on port 80
C.
For Inbound allow Source: 20.0.0.0/24 on port 80
D.
For Outbound allow Destination: 0.0.0.0/0 on port 443
Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has
created a public private subnet to host the web server and DB server respectively, the user should
configure that the instances in the private subnet can connect to the internet using the NAT
instances. The user should first configure that NAT can receive traffic on ports 80 and 443 from
the private subnet. Thus, allow ports 80 and 443 in Inbound for the private subnet 20.0.1.0/24.
Now to route this traffic to the internet configure ports 80 and 443 in Outbound with destination
0.0.0.0/0. The NAT should not have an entry for the public subnet CIDR.
I believe its D
C
a. allows the private subnet to reach the NAT instance on 80
b. allows the NAT instance to reach any other IP on the internet on 80
d. same on 443
hence c. (which actually allows the public subnet to reach the NAT instance, which is a non-sense. public subnets don’t need a NAT instance/gateway)