Exam CS0-001 topic 1 question 60 discussion

This question was in the exam :)

Due to the requirements provided, you should install a NIPS on the internal interface of the gateway router and a firewall on the external interface of the gateway router. The firewall on the external interface will allow the bulk of the malicious inbound traffic to be filtered prior to reaching the network. Then, the NIPS can be used to conduct an inspection of the traffic entering the network and provide protection for the network using signature-based or behavior-based analysis. A NIPS is less powerful than a firewall and could easily "fail open" if it is overcome with traffic by being placed on the external interface.

From Jason Dion: “In order to meet the requirement to monitor all traffic to and from the network’s gateway, it is best to utilize a network intrusion detection system (NIDS) that monitors the external interface of the gateway router. In order to be able to block certain types of content, it is best to install a firewall on the internal interface, where ACLs can be established for those traffic types”

The right one is B. IDS monitor the internal network and firewall monitor the traffic in and out the gateway and possibly filter traffic.

I am going D on this one, IPS blocks where IDS only monitors

I would suggest B. Firewall blocks most unwanted traffic from getting in. IDS would pickup any stragglers. Similar Q in 002

The answer should be D. The keyword being "content" from the sentence "... as well as the capability to block certain CONTENT". Firewalls do not have the capbility to block specific content. "An IPS will inspect content of the request and be able to drop, alert, or potentially clean a malicious network request based on that content" "A firewall will block traffic based on network information such as IP address, network port and network protocol." Source: https://its.umich.edu/enterprise/wifi-networks/network-security/ips-vs-firewalls

It should be B. You can put sensors of both NIPS or NIDS on the external interface of the router because that would cause latency in traffic and could get both NIPS and NIDS down due to high traffic. see the link for the proper architecture : https://www.researchgate.net/figure/Generic-architecture-of-a-network-based-IDS-NIDS-The-operational-structure-of-a-NIDS_fig3_329394492

"The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content." The key part of the question is stated above. A solution that can monitor and block both internally and externally in which only option D satisfies.

B should be a better answer. CTO wants monitoring for traffic to and from local gateway and block certain external traffic

D. Recommend installation of an IPS on both the internal and external interfaces of the gateway router.

definitely C, as to see ALL traffic coming in from the outside, the IDS would have to be placed before the firewall (otherwise some traffic would be blocked)

Is this really C? or B? Can anyone explain? Thanks