Which two actions protect a resource file from direct HTTP access within a web application? (Choose two)
A.
placing it in the /secure directory
B.
placing it in the /WEB-INF directory
C.
placing it in the /META-INF/secure directory
D.
creating a <web-resource> element within the deployment descriptor
E.
creating a <secure-resource> element within the deployment descriptor
B,C