Legacy Connectivity -- Can anybody pls. comment with reason?

Your standalone supply chain software currently communicates to backend servicves using IIOP. The new requirements for the software are

1> The client software must run as an applet
2> The user's firewall will only allow port 80 and 443 traffic through its firewall
3> All the backend services will be CORBA based
4> A web server sits in front of the CORBA services
5> The backend web server runs on port 8- and 443

Which two solutions support the new requirements?

A. You convert the application to an applet and use IIOP to communicate with the backend services
B. You convert the application to an applet running outside the browser and send XMI through port 443
C. You convert the application to an applet and use IIOP tunneled through HTTP to communicate with the backend services
D. You convert the application to an applet and use HTTPS to communicate with a servlet which communicate with the backend services using IIOP.

The answer says CD. Any comments to explain the answer.

IIOP is a protocol runs along with HTTP/HTTPS. According to the requirements, the only ports available are 80 and 443, for HTTP and HTTPS. You cannot use IIOP directly to the backend servers, XMI is not mentioned in the original question.

Because of firewall, you have to use HTTP tunneling. You can also use HTTPS with IIOP, so both C and D are correct.

Thank You.