First of all the question asks to choose two. Second of all, as the name indicates the Source Guard feature determines if the source of a traffic is coming from a prefix or address in the binding table. Binding table entries are populated using mechanisms like ND. So saying "It works independent from IPv6 neighbor discovery." is WRONG. So "one" of the two correct answers can not be A.

Ref: IPv6 Source Guard and Prefix Guard – Cisco “… Information About IPv6 Source Guard and Prefix Guard IPv6 Source Guard Overview IPv6 source guard is an interface feature between the populated binding table and data traffic filtering. This feature enables the device to deny traffic when it is originated from an address that is not stored in the binding table. … IPv6 source guard can deny traffic from unknown sources or unallocated addresses, such as traffic from sources not assigned by a DHCP server. …” A. It works independent from IPv6 neighbor discovery. Wrong answer. B. It denies traffic from unknown sources or unallocated addresses. Correct answer. C. It uses the populated binding table to allow legitimate traffic. Correct answer. D. It denies traffic by inspecting neighbor discovery packets for specific patterns. Wrong answer. E. It blocks certain traffic by inspecting DHCP packets for specific sources. Wrong answer.

The given answer is correct IPv6 Source Guard blocks any data traffic from an unknown source. For example, one that is not already populated in the binding table or previously learned through Neighbor Discovery (ND) or Dynamic Host Configuration Protocol (DHCP) gleaning.

B. It denies traffic from unknown sources or unallocated addresses. C. It uses the populated binding table to allow legitimate traffic.

BC are correct

B & C are correct

the given answer is correct.