A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is

planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306). The user is configuring a security

group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned entri

es is required in the web server security group (WebSecGrp)?

A. Configure Destination as DB Security group ID (DbSecGrp. for port 3306 Outbound

B. 80 for Destination 0.0.0.0/0 Outbound

C. Configure port 3306 for source 20.0.0.0/24 InBound

D. Configure por

t 80 InBound for source 20.0.0.0/16

Explanation:

A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should con

figure that the instances in the public subnet can receive inbound traffic directly from the internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should configure that the instance in the public subnet can send traff

ic to the private subnet instances on the DB port. Thus, the user should configure the DB security group of the private subnet (DbSecGrp) as the destination for port 3306 in Outbound.