You have created REST API using API Gateway. Which of the following mechanism can be used to deny specific IP Addresses from accessing API Gateway? Select 2 correct options.

Answer options:

A.AWS KMS
B.AWS Security Center
C.Resource Policies
D.AWS WAF

Correct Answer - C and D
Option A is incorrect as AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. 
Option B is incorrect as AWS Security Center is a central location from which you can receive security updates and where you can report any security concerns.
Option C is correct as Resource Policies for API Gateway allows you to deny or permit a specific IP address from where API Gateway can be accessed.
Option D is correct because you can use AWS WAF for your Amazon API Gateway APIs to protect from attacks such as SQL injection and Cross-Site Scripting (XSS). Additionally, you can filter web requests based on IP address, geographic area, request size, and/or string or regular expression patterns using the rules.
Please refer the below link
https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-api-gateway-adds-support-for-aws-waf/