Which statement is true about the use of security-related annotations in an enterprise bean?

Which statement is true about the use of security-related annotations in an enterprise bean?

A.
They can be used to specify permissions only on business methods.

B.
They can be used to specify permissions on a class or its business methods.

C.
They can be used to change an authentication mechanism.

D.
They can be used to acquire a secure connection using SSL.

E.
They can be inherited from a parent abstract class.