Answer: Create an Amazon Route 53 private hosted zone for aws.example.com in each Region that has resources. Associate the private hosted zone with that Region's VPC. In the appropriate private hosted zone, create DNS records for the resources in each Region.

To meet the requirement of applying the aws.example.com DNS suffix to all resources across VPCs in multiple AWS Regions, the network engineer must ensure that DNS queries for aws.example.com are resolved correctly within each VPC. Option A is the correct approach because it involves creating an Amazon Route 53 private hosted zone for aws.example.com in each Region that has resources and associating the private hosted zone with that Region's VPC. This ensures that DNS queries for aws.example.com are resolved within the context of each VPC, allowing resources to be accessed using their internal domain names. Option B is incorrect because configuring a private hosted zone to allow zone transfers with every VPC is not a standard or secure practice for DNS resolution within AWS. Option C is incorrect because creating a single resource record for aws.example.com in a private hosted zone for example.com and applying a multivalue answer routing policy does not ensure that DNS queries are resolved correctly within each VPC. Option D is incorrect because associating a single private hosted zone with every VPC that has resources does not account for the regional nature of VPCs and could lead to DNS resolution issues.

Author: LeetQuiz Editorial Team