AWS Certified Security - Specialty (#26)

A Systems Engineer is troubleshooting the connectivity of a test environment that includes a virtual security appliance deployed inline. In addition to using the virtual security appliance, the Development team wants to use security groups and network ACLs to accomplish various security requirements in the environment. What configuration is necessary to allow the virtual security appliance to route the traffic?

Disable network ACLs.
Configure the security appliance's elastic network interface for promiscuous mode.
Disable the Network Source/Destination check on the security appliance's elastic network interface
Place the security appliance in the public subnet with the internet gateway