You have a business-to-business web application running in a VPC consisting of an Elastic Load Balance
r (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.
Which two options meet this security requirement? (Choose two.)
A. Configure web server VPC security groups t
o allow traffic from your customers IPs
B. Configure your web servers to filter traffic based on the ELBs -X-forwarded-for- header
C. Configure ELB security groups to allow traffic from your customers IPs and deny all outbound traffic
D. Configure a VPC
NACL to allow web traffic from your customers IPs and deny all outbound traffic