Private key and public key are an inextricable pair, they are generated by the first command. The privkey.pem file will contain both private and public keys.
About the options - read openssl --help or just remove "privkey.pem" from the line, it seems like only -key and -out are enough to start, and then you will enter the data for the request to the CA manually.

All wrong. :) Throw out these century-old manuals and read man req
I understand that you need an SSL certificate. Are you generating a self-signed or create request to an external CA?
If you are generating a self-signed one, then the command:
will create a certificate for you with an RSA key of 2048 bits, which is enough for now :) and serial number 0 (if you want a random number, remove the set_serial parameter) located in the test.crt and test.key files. The first is the actual certificate (public key), the second is the key. They are always generated in pairs - using a certificate with someone else's key will not work. During the generation process, openssl will request the data entered into the certificate, if it doesn’t matter, you can stupidly press Enter
If you are generating a request to an external CA, then the command:
will generate a certificate request in the test.pem file and a key to this request in the test.key file. openssl will again ask questions, answer them - in the event that the request goes to generally recognized CAs like Thawte, you need to be careful , if to a corporate one - in accordance with the CP of this CA, they may not require filling at all.