Correct answer - "Restrict CORS" : When your API's resources receive requests from a domain other
than the API's own domain and you want to restrict servicing these requests, you must disable
cross-origin resource sharing (CORS) for selected methods on the resource.
"Use Mapping Templates" - A way to define a model and make data human readable
"Assign a Security Groups to your API Gateway" - Instead of a security group you can use Resource
policies since you can restrict the calling IP address. The downside is that the IP address may
change once they know they are being blocked
"Enable Caching" - Caching is to improve performance which does not deal with the real issue