AWS Certified SysOps Administrator SOA-C01 – Question236

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the web server security group (WebSecGrp)?

A.
Configure Destination as DB Security group ID (DbSecGrp) for port 3306 Outbound
B. 80 for Destination 0.0.0.0/0 Outbound
C. Configure port 3306 for source 20.0.0.0/24 InBound
D. Configure port 80 InBound for source 20.0.0.0/16

Correct Answer: A

Explanation:

Explanation: A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the public subnet can receive inbound traffic directly from the internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should configure that the instance in the public subnet can send traffic to the private subnet instances on the DB port. Thus, the user should configure the DB security group of the private subnet (DbSecGrp) as the destination for port 3306 in Outbound.