AWS Certified Solutions Architect - Professional (#52)

You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the Internet. Which of the following options would you consider? (Choose 2 answers)

Implement IDS/IPS agents on each Instance running in VPC
Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.
Implement Elastic Load Balancing with SSL listeners in front of the web applications
Implement a reverse proxy layer in front of web servers and configure IDS/IPS agents on each reverse proxy server.