Your client has a cloud-based application that must be securely accessible by both internal staff and external clients. Internal staff should only access the application via the company's network, while external clients should be granted direct access through the public internet. Which service or feature should the architect leverage to enforce this selective access policy for the application?
Activate a premium security service typically used for safeguarding against distributed denial-of-service attacks.
Deploy a web application firewall to define access rules contingent on the source IP addresses.
Set up a dedicated networking linkage for exclusive database connectivity, restricting all other forms of access.
Implement a global DNS service to discriminate traffic and control application access.