What is an advantage of placing an IPS on the inside of a network?
A.
It can provide higher throughput.
B.
It receives traffic that has already been filtered.
C.
It receives every inbound packet.
D.
It can provide greater security.
Explanation:
BD
Firewalls are generally designed to be on the network perimeter and can handle dropping a lot of the nonlegitimate traffic (attacks, scans etc.) very quickly at the ingress interface, often in hardware.
An IDS/IPS is, generally speaking, doing more deep packet inspections and that is a much more
computationally expensive undertaking. For that reason, we prefer to filter what gets to it with the firewall line of
defense before engaging the IDS/IPS to analyze the traffic flow.
In an even more protected environment, we would also put a first line of defense in ACLs on an edge router
between the firewall and the public network(s).
Source: https://supportforums.cisco.com/discussion/12428821/correct-placement-idsips-network-architecture