You are designing an intrusion detection/prevention (IDS/IPS) solution for a customer web
application in a single VPC.
You are considering the options for Implementing IDS/IPS protection for traffic coming from the
Internet.
Which of the following options would you consider? Choose 2 answers
A.
Implement IDS/IPS agents on each instance running in VPC.
B.
Implement Elastic Load Balancing with SSL listeners in front of the web applications.
C.
Implement a reverse proxy layer in front of web servers, and configure IDS/IPS agents on each
reverse proxy server.
D.
Configure an instance in each subnet to switch its network interface card to promiscuous mode
and analyze network traffic.
Explanation:
EC2 does not allow promiscuous mode, and you cannot put something in between the ELB and
the web server (like a listener or IDP)