An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Choose two.)

A. Add the EC2 instances to the ALB target group, configure the health check, and ensure that the instances report healthy.
B. Add the EC2 instances to an Auto Scaling group, configure the health check to ensure that the instances report healthy, and remove the public IPs from the instances.
C. Create a new subnet in which EC2 instances and ALB will reside to ensure that they can communicate, and remove the public IPs from the instances.
D. Change the security group for the EC2 instances to allow access from only the ALB security group, and remove the public IPs from the instances.
E. Change the security group to allow access from 0.0.0.0/0, which permits access from the ALB.