Your entire AWS infrastructure lives inside of one Amazon VPC You have an Infrastructure monitoring application running on

an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.

Can you conf

igure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else If so how?

A. No Two instances in two different AZs cant talk directly to each other via ICMP p

ing as that protocol is not allowed across subnet (iebroadcast) boundaries

B. Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP

C. Yes, the securi

ty group for the monitoring instance needs to allow outbound ICMP and the application instances security group needs to allow Inbound ICMP

D. Yes, both the monitoring instances security group and the application instances security group need to allow bo

th inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol