Q415. A company has a serverless application that is deployed on AWS. The application uses an Amazon API Gateway REST API and AWS Lambda to receive and process requests from other applications within the company's on- premises network. The application uses a preshared API key as the authentication method. A recent security review showed that the application was accessible from anywhere on the internet. The company's security policy states that requests can be accepted only from the company's on- premises network.What should a solutions architect recommend to meet this requirement?
A.Configure a security group with rules to allow traffic only from within the company's public IP address range.Attach the security group to the API Gateway API. and redeploy the API B.Create a Lambda function to inspect the requests and deny the execute- api:Invoke action if the request is not from within the company's public IP address range Configure the Lambda function as a custom authorizer for the API Gateway API Redeploy the API C.Create a resource policy with a statement to deny the execute-api:Invoke action if the aws:Sourcelp attribute is not from within the company's public IP address range Attach that resource policy to the API Gateway API Redeploy the API. D.Configure a request validator for API Gateway to inspect the requests and deny the execute-api Invoke action if the aws:Sourcelp attribute is not from within the company's public IP address range Redeploy the API Gateway API正确答案C
