A company is building an AWS Cloud Environment for a financial regulatory firm. Part of the requirements are being able to monitor all changes in an environment and all traffic sent to and from the environment. What suggestions would you make to ensure all the requirements for monitoring the financial architecture are satisfied? Choose the 2 correct answers from the options below

Answer options:

A.Configure an IPS/IDS in promiscuous mode, which will listen to all packet traffic and API changes.
B.Configure an IPS/IDS system, such as Palo Alto Networks, using promiscous mode that monitors, filters, and alerts of all potential hazard traffic leaving the VPC.C.Configure an IPS/IDS to listen and block all suspected bad traffic coming into and out of the VPC. Configure CloudTrail with CloudWatch Logs to monitor all changes within an environment.
D.Configure an IPS/IDS system, such as Palo Alto Networks, that monitors, filters, and alerts of all potential hazard traffic leaving the VPC.

Answer – C and D
Promiscuous mode Is not supported in AWS hence the options of A and B are automatically out.
Please find the below developer forums thread on the same.
https://forums.aws.amazon.com/thread.jspa?threadID=35683
Please find the below URL: to a good slide deck from AWS for getting IDS in place.
https://awsmedia.s3.amazonaws.com/SEC402.pdf