AWS SysOps Exam Question NO : 21 - Amazondumps.us

You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.Which two options meet this security requirement? Choose 2 answers

A. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header
B. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic
C. Configure a VPC NACL to allow web traffic from your customers' IPs and deny all outbound traffic
D. Configure web server VPC security groups to allow traffic from your customers' IPs

Answer: D,A