AWS Certified SysOps Administrator SOA-C01 – Question753

A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security team’s compliance requirements specify that all data must be encrypted and must not traverse the public internet.
How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?

A.
Configure EC2 instances to act as VPN appliances, then configure route tables.
B. Configure inter-region VPC peering between the two VPCs, then configure route tables.
C. Configure NAT gateways in both VPCs, then configure route tables.
D. Configure an internet gateway in each VPC, and use these as the targets for the VPC route tables.