A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that
instances of the same subnet communicate with each other. How can the user configure this with the security group?
A.
There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
B.
Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
C.
Configure the security group itself as the source and allow traffic on all the protocols and ports
D.
The user has to use VPC peering to configure this
Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features that
the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance
level. If the user is using the default security group it will have a rule which allows the instances to communicate with
other. For a new security group the user has to specify the rule, add it to define the source as the security group itself,
and select all the protocols and ports for that source.
C
0
0
B, subnet as source to allow inbound access. a new SG only allows outbound by default.
0
0
still B. C allows all instances associated the source security group can communite each other, but we do not know if this is the only security group on this subnet.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#working-with-security-groups
0
0