AWS Certified SysOps Administrator SOA-C01 – Question523

A Systems Administrator is planning to deploy multiple EC2 instances within two separate Availability Zones in the same AwS Region. The instances cannot be exposed to the Internet, but must be able to exchange traffic between one another. The data does not need to be encrypted.
What solution meets these requirements while maintaining the lowest cost?

A.
Create two private subnets within the same VPC. Communicate between instances using their private IP addresses
B. Create 2 public subnets within the same VPC. Communicate between instances using their public IP addresses
C. Create 2 separate VPCs, one for each Availability Zone. Create a private subnet within each VPC. Create a static route table pointing the destination CIDR to the other VPC
D. Create 2 separate VPCs, one for each Availability Zone and create a public subnet in each. Deploy a VPN appliance within each VPC and establish a VPN tunnel between them. Communicate between instances by routing traffic through the VPN appliances

Correct Answer: D