You are designing a VPC with different subnets and instances in them. You want the instances in the subnets to communicate with each other and also ensure that traffic flows between different subnets seamlessly. How can you accomplish these requirements?

Answer options:

A.Configure a security group for every zone. Configure a default allow all rule. Configure explicit deny rules for the zones that shouldn’t be able to communicate with one another.
B.Use NACLs to explicitly allow communication between subnets and Security Groups to allow communication between different instances.
C.Configure multiple subnets in your VPC, one for each zone. Configure routing within your VPC in such a way that each subnet only has routes to other subnets with which it needs to communicate, and doesn’t have routes to subnets with which it shouldn’t be able to communicate.
D.Configure a security group for every availability zone. Configure allow rules only between the availability zones that need to be able to communicate with one another. Use the implicit deny all rule to block any other traffic.

Correct Answer: B
Option A is INCORRECT because the Security Group should be applied on an instance instead of an availability zone, and also "Configure explicit deny rules" is incorrect. It is implicit deny and not explicit deny.
Option B is CORRECT because NACLs should be configured as explicit allow at the subnet level. Security Groups should also be configured to allow the communication at the instance level.
Option C is INCORRECT because for all Route tables, either main or custom: the default route is at target local, and this cannot be either deleted or modified.
Option D is INCORRECT because Security Group can be applied on an instance and not on the Zone level. The Source in a security group rule can be either a range of IP, any security group within a given VPC or single IP.