You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer
(ELB), web servers, application servers and a database. Your web application should only accept traffic from
pre-defined customer IP addresses.
Which two options meet this security requirement? (Choose two.)
Configure web server VPC security groups to allow traffic from your customers’ IPs
Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic