- A. You will be creating ACL which allows all traffic from internet on port 80 and 443 and only allow traffic from web-server on port 1521.
- B. Correct Answer sg-1111.
- C. You will be keeping both EC2 instances in same public subnet so that instances can communicate with each other.
- D. You will be keeping both EC2 instances in same private subnet so that instances can communicate with each other.
- E. Correct Answer subnet.
Ans : B, E
Detailed Explanation : Understand what information are provided in question as below.
There are two EC2 instances, as below.
- Web Server
- DB Server
Only web server required to be reached from internet. Internet means from any IP address it should be reachable. And you should protect DB server access, because no external user required access to DB server only web application should be able to reach db server.
Hence, to allow and disallow specific traffic on specific port you can use security group which works on instance level. ACL is also a solution for explicitly controlling inbound and outbound traffic, but point is ACL works on subnet level and not on instance level.
..................Database server needs to be kept in private subnet, so it can be protected.