You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB),
web servers, application servers and a database. Your web application should only accept traffic from predefined customer IP addresses.
Which two options meet this security requirement? Choose 2 answers
A.
Configure web server VPC security groups to allow traffic from your customers’ IPs
B.
Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
C.
Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
D.
Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic