A company is setting up a shared services VPC. They want to allow other VPCs in their AWS Organization to resolve internal DNS names hosted in Amazon Route 53 Private Hosted Zones within the shared services VPC. Which TWO steps are required? (Select TWO)

Answer options:

Create a Route 53 Public Hosted Zone and restrict access via IAM.

Associate the Private Hosted Zone with the spoke VPCs using the Route 53 API/CLI.

Deploy an AWS Directory Service for Microsoft Active Directory.

Ensure VPC Peering or Transit Gateway connectivity exists between the spoke VPCs and the shared services VPC.

Configure Route 53 Resolver Outbound Endpoints in the spoke VPCs.

Use AWS RAM to share the Route 53 Private Hosted Zone.

How to approach this question

Identify how Private Hosted Zones are shared across VPCs.

Full Answer

To share a Private Hosted Zone across accounts, you must programmatically associate the PHZ with the spoke VPCs. You also need network connectivity (TGW/Peering) to actually route traffic to the resolved IPs.

Common mistakes

Assuming AWS RAM can share PHZs natively.

Question 14 All questions Question 16

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →