AWS Certified SysOps Administrator – Associate (legacy) — Question 214

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the web server security group
(WebSecGrp)?

Answer options

• A. Configure Destination as DB Security group ID (DbSecGrp) for port 3306 Outbound
• B. 80 for Destination 0.0.0.0/0 Outbound
• C. Configure port 3306 for source 20.0.0.0/24 InBound
• D. Configure port 80 InBound for source 20.0.0.0/16

Correct answer: A

Explanation

The correct answer is A because the web server in the public subnet needs to allow outbound traffic to the database server in the private subnet on port 3306. Options B, C, and D do not fulfill the requirement of allowing the web server to communicate with the database server; they either misconfigure the direction of traffic or the ports involved.