Web servers deployed in a VPC are accessed by the external vendor for routine maintenance & applying necessary security patches. Recently a new application is deployed on the web servers launched in the new CIDR range. Security Groups & NACL are allowing all required ports in inbound direction as per standard security guidelines. Still, the vendor is not able to access the new service from the external cloud. Post checking the VPC routing table, no routing issues were found to this new subnet from the external network. Which of the following can enable access to this service from the vendor network?

Answer options:

A.Make sure Security Groups have the same inbound & outbound rules. So traffic is allowed in inbound & outbound direction.
B.Modify NACL to move to allow ports list to lower-numbered rule so that these ports will be allowed.
C.Make sure Security Groups are attached to the primary network interface of the server instance.
D.Modify NACL Outbound rules to allow traffic to ephemeral ports (destination ports).