A solutions architect is designing a web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The company strictly requires that the application be resilient against malicious internet activity and attacks, and protect against new common vulnerabilities and exposures.
What should the solutions architect recommend?

A. Leverage Amazon CloudFront with the ALB endpoint as the origin. B. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB. C. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked. D. Configure network ACLs and security groups to allow only ports 80 and 443 to access the EC2 instances.