You are managing a VPC with 4 AZs. There is a load balancer managing the public accessibility to your servers. You have a secondary ENI with a private IPv4 address on an instance that is serving public web traffic. Your server communicates over private addresses to a database in another subnet. Security is a major concern for your company and whitelisting is in effect.
You have to bring the web server down for maintenance, what two things should you do? (Choose two.)

A. Reboot the instance.
B. Move the ENI from one server to the other.
C. Associate the new ENI with the database security group.
D. Configure a secondary ENI on the standby instance.