A web company is looking to implement an intrusion detection and prevention system into their
deployed VPC. This platform should have the ability to scale to thousands of instances running
inside of the VPC.
How should they architect their solution to achieve these goals?
A.
Configure each host with an agent that collects all network traffic and sends that traffic to the
IDS/IPS platform for inspection.
B.
Configure an instance with monitoring software and the elastic network interface (ENI) set to
promiscuous mode packet sniffing to see all traffic across the VPC.
C.
Create a second VPC and route all traffic from the primary application VPC through the second
VPC where the scalable virtualized IDS/IPS platform resides.
D.
Configure servers running in the VPC using the host-based “route” commands to send all traffic
through the platform to a scalable virtualized IDS/IPS.
A
yes A
A.