You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a
single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the
Internet.
Which of the following options would you consider? (Choose two.)
A.
Implement IDS/IPS agents on each Instance running In VPC
B.
Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze
network traffic.
C.
Implement Elastic Load Balancing with SSL listeners In front of the web applications
D.
Implement a reverse proxy layer in front of web servers and configure IDS/IPS agents on each reverse
proxy server.
ad
Correct answers – A,D
See discussions:
http://www.aiotestking.com/amazon/which-of-the-following-options-would-you-consider-2/
https://acloud.guru/forums/aws-certified-solutions-architect-professional/discussion/-K9w2aAi48d3nQKqEI0S/valid_ids~2Fips_to_protect_inter
http://jayendrapatil.com/aws-intrusion-detection-prevention-idsips/
Correct answers are A & D.
A D
Yeah AD, B cannot be right because ‘promiscuous mode’ is not allowed in AWS VPC
A&D