AWS Certified SysOps Administrator – Associate (legacy) — Question 10

A Systems Administrator is planning to deploy multiple EC2 instances within two separate Availability Zones in the same AwS Region. The instances cannot be exposed to the Internet, but must be able to exchange traffic between one another. The data does not need to be encrypted.
What solution meets these requirements while maintaining the lowest cost?

Answer options

• A. Create two private subnets within the same VPC. Communicate between instances using their private IP addresses
• B. Create 2 public subnets within the same VPC. Communicate between instances using their public IP addresses
• C. Create 2 separate VPCs, one for each Availability Zone. Create a private subnet within each VPC. Create a static route table pointing the destination CIDR to the other VPC
• D. Create 2 separate VPCs, one for each Availability Zone and create a public subnet in each. Deploy a VPN appliance within each VPC and establish a VPN tunnel between them. Communicate between instances by routing traffic through the VPN appliances

Correct answer: D

Explanation

The correct answer is D because it allows for secure communication between instances in separate VPCs using a VPN tunnel. The other options either suggest using public IP addresses, which contradicts the requirement of not being exposed to the Internet, or they complicate the setup with static routes that are unnecessary for this scenario.