AWS Certified SysOps Administrator SOA-C01 – Question783

A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment.
VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?

A.
Modify the EC2 security group rules to allow inbound traffic from the on-premises computer
B. Modify the EC2 security group rules to allow outbound traffic to the on-premises computer
C. Modify the VPC network ACL rules to allow inbound traffic from the on-premises computer
D. Modify the VPC network ACL rules to allow outbound traffic to the on-premises computer

Correct Answer: B