Which step should the SysOps administrator take to complete the setup?
Associate the Route 53 private hosted zone with the VPC.
Create a rule in the default security group for the VPC that allows traffic to the Route 53 Resolver.
Ensure the VPC network ACLs allow traffic to the Route 53 Resolver.
Ensure there is a route to the Route 53 Resolver in each of the VPC route tables.
Explanations:
To allow the VPC to resolve DNS names using the Route 53 private hosted zone, the administrator must associate the hosted zone with the VPC. This is the step that links the private hosted zone to the VPC for name resolution.
Security group rules are not needed for Route 53 Resolver traffic. Route 53 Resolver operates independently of security groups, which control inbound and outbound traffic for EC2 instances and other resources within a VPC.
VPC network ACLs generally manage traffic flow at the subnet level, but they do not need to be modified to allow Route 53 Resolver to work. The Route 53 Resolver will function without specific ACL modifications as long as the VPC is associated with the private hosted zone.
VPC route tables control network traffic routing but do not directly affect Route 53 Resolver. There is no need for a route to the Route 53 Resolver in the route table because DNS resolution is handled by the VPC’s DNS configuration and the private hosted zone association.