What are the respective ports that need to be opened for this?

Your manager has asked you to set up a public subnet with instances that can send and receive internet traffic, and a private subnet that can’t receive traffic directly from the internet, but can initiate traffic to the internet (and receive responses) through a NAT instance in the public subnet. Hence, the following 3 rules need to be allowed:

Inbound SSH traffic.

Web servers in the public subnet to read and write to MS SQL servers in the private subnet

Inbound RDP traffic from the Microsoft Terminal Services gateway in the public private subnet

What are the respective ports that need to be opened for this?
A .  Ports 22, 1433, 3389
B .  Ports 21, 1433, 3389
C .  Ports 25, 1433, 3389
D .  Ports 22, 1343, 3999

View Answer

Answer: A

Explanation:

A network access control list (ACL) is an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

The following ports are recommended by AWS for a single subnet with instances that can receive and send Internet traffic and a private subnet that can’t receive traffic directly from the Internet.

However, it can initiate traffic to the Internet (and receive responses) through a NAT instance in the public subnet.

Inbound SSH traffic. Port 22

Web servers in the public subnet to read and write to MS SQL servers in the private subnet. Port 1433

Inbound RDP traffic from the Microsoft Terminal Services gateway in the public private subnet. Port 3389

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_NACLs.html#VPC_Appendix_NACLs_Scenario_2