An intrusion detection system should be placed:
A.
outside the firewall.
B.
on the firewall server.
C.
on a screened subnet.
D.
on the external router.
Explanation:
An intrusion detection system (IDS) should be placed on a screened subnet, which is a
demilitarized zone (DMZ). Placing it on the Internet side of the firewall would leave it defenseless.
The same would be tmc of placing it on the external router, if such a thing were feasible. Since
firewalls should be installed on hardened servers with minimal services enabled, it would be
inappropriate to store the IDS on the same physical dcvice.