In the question:
You have configured a VPC with a CIDR range of 10.0.0.0/16. You created a public subnet with a CIDR range of 10.0.1.0/24 and a private subnet of 10.0.2.0/24. You launch two application servers in the public subnet and an RDS PostgreSQL database in the private subnet. You have configured two security groups named MyWebSG and MyDbSG. You have assigned the web servers to MyWebSG and associated the RDS instance to MyDbSG. Which of the following rules will you need to add to enable the web servers to communicate with the database on port 5432?
A [Exam marked as correct] In MyDbSG, allow inbound traffic with a source of MyWebSG on port 5432
B [What I believe to be correct] In MyDbSG, allow inbound traffic with a source of MyWebSG on port 5432. In MyWebSG, allow outbound traffic with a destination of MyDbSG on port 5432
Allow inbound access to the database from the web servers associated with the MyWebSG security group. Security groups are stateful, if you have allowed the inbound traffic you do not need to create a rule to allow the outbound reply.
Despite the explanation is correct, the answer B is describing 2 different Rules which you have to apply to 2 different SGs. Therefore, IMHO the option A is the one correct.
Can someone double check it?
Taking a look at the Security Group default rules. In general you only need to specify Inbound traffic the outbound allows all posts to all destinations. Read the doco slowly to see if it proves you right or wrong.
google: AWS security group outbound default
I will copy the details to the list of questions needed in updating. I can check it in detail and make use it is up to date at the same time.
Moderator & Coach