A developer is deploying a web application on Amazon EC2 instances with an internet-facing Application Load Balancer (ALB). To add Amazon CloudFront in front of the ALB and ensure data encryption in transit from outside the VPC, which CloudFront settings should be configured? (Select two.)