AWS Certified SysOps Administrator – Associate — Question 353

A company wants to apply an existing Amazon Route 53 private hosted zone to a new VPC to allow for customized resource name resolution within the VPC. The SysOps administrator created the VPC and added the appropriate resource record sets to the private hosted zone.

Which step should the SysOps administrator take to complete the setup?

Answer options

• A. Associate the Route 53 private hosted zone with the VPC.
• B. Create a rule in the default security group for the VPC that allows traffic to the Route 53 Resolver.
• C. Ensure the VPC network ACLs allow traffic to the Route 53 Resolver.
• D. Ensure there is a route to the Route 53 Resolver in each of the VPC route tables.

Correct answer: A

Explanation

To allow resources within a VPC to resolve domain names defined in a Route 53 private hosted zone, the private hosted zone must be explicitly associated with that VPC. Once this association is created, the Route 53 Resolver can answer DNS queries for the private domain within the VPC. Modifying security groups, network ACLs, or route tables is not required because DNS queries to the Route 53 Resolver are handled natively by AWS infrastructure.