AWS Certified Solutions Architect - Professional (#149)

An organization is planning to setup a management network on the AWS VPC. The organization is trying to secure the webserver on a single VPC instance such that it allows the internet traffic as well as the back-end management traffic. The organization wants to make so that the back end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing webserver will have an IP address which can receive traffic from all the internet IPs. How can the organization achieve this by running web server on a single instance?

It is not possible to have two IP addresses for a single instance.
The organization should create two network interfaces with the same subnet and security group to assign separate IPs to each network interface.
The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access.
The organization should launch an instance with two separate subnets using the same network interface which allows to have a separate CIDR as well as security groups.