You have a set of EC2 Instances in a custom VPC. You have installed a web application and need to ensure that only HTTP and HTTPS traffic is allowed into the instance. Which of the following would you consider for this requirement?

Answer options:

A.Add a security group rule to allow HTTP and HTTPS Traffic.
B.Add a security group rule to an explicit DENY all traffic and a default allow on HTTP and HTTPS Traffic.
C.Add a security group rule to deny explicit traffic on HTTP and HTTPS Traffic.
D.Add a security group rule to allow all traffic.

Answer – A 
Option A is correct because we need to specify the allowed traffic in the security group, i.e., HTTP and HTTPS Traffic must be allowed from all sources.No inbound traffic is allowed by default. By adding security group rules, you can specify which traffic you want to allow. This is essentially a whitelist.
Options B is incorrect since, by default, nothing is allowed, and in the Security group, we can’t specify what is denied. We don’t have any deny option in Security Groups.
Option C is incorrect because we can specify what is allowed in the security group but not what is denied. If you want to deny explicitly, you should use the Network Access control list.
Option D is incorrect since this would be a security issue.
For more information on VPC Security groups, please refer to the below URL- 
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html