"Which of these CIDR blocks and/or IP addresses are invalid for a private VPC or subnet on AWS? (Choose 2)
3. 192.168.1.2 with subnet mask 255.255.255.0
Not only is the question confused, but the explanation for the answers is confused.
All of the addresses are "valid" IP addresses or CIDR blocks
 is a valid IP address, and provided it is ANY prefix shorter than /24 it is usable in a private subnet (You can pick any prefix length between 16 and 29 for subnets–you aren’t limited to using /16 or /24)
 is a valid IP address but can only be used as an external target (such as in a "nameserver" entry it a resolv.conf file)– it can’t be used to number a host in a VPC or subnet
 is a perfectly VALID IP address and subnet mask and it is in fact used by resources in the VPC to refer to the internal DNS server; but you can’t number a host in the VPC with that address
 is a perfectly VALID CIDR block but can’t be USED in VPCs because the prefix (/15) is shorter than AWS allows.
It may be that these questions come from AWS material or actual tests, but people who have a networking background that predates AWS’s misnomers may well get tripped up on this sort of confused terminology.
Another bit of trivia: all the private network blocks are described in RFC1918, and are often referred to as "RFC 1918 addresses:" 10/8, 172.16/12, and 192.168/16.
Again, I’ll reiterate the same answer as before. This is an exam prep course so we must use similar terms as the AWS exam. From a VPC standpoint, those addresses can’t be used…call them invalid (in the context of a VPC) or unusable. Doesn’t matter. They aren’t available to assign out.