Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)