AWS Certified SysOps Administrator Associate SOA-C02 – Question81

A company has an Amazon Route 53 private hosted zone in its AWS account. The private hosted zone is connected to the company's on-premises data center by an AWS Direct Connect connection. Virtual machines (VMs) in the on-premises data center need to resolve DNS queries that exist in the private hosted zone.
What is the MOST operationally efficient solution that meets this requirement?

A.
Create a Route 53 inbound resolver. Configure the on-premises VMs to use the inbound resolver.
B. Create a Route 53 outbound resolver. Configure the on-premises VMs to use the outbound resolver.
C. Configure the security group on the Route 53 private hosted zone by adding an inbound rule for the on- premises CIDR range.
D. Configure a Route 53 public hosted zone. Create an NS record for the private hosted zone. Query the public hosted zone from the on-premises VMs.