A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group?

Answer options:

A.For Inbound allow Source: 20.0.1.0/24 on port 80
B.For Outbound allow Destination: 0.0.0.0/0 on port 80
C.For Inbound allow Source: 20.0.0.0/24 on port 80
D.For Outbound allow Destination: 0.0.0.0/0 on port 443

Answer – C
As per aws below are the recommended rules for a NAT instance.
For information on NAT security , please visit the link:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html