CompTIA Network+ (N10-007) — Question 411
A network administrator is installing a new IDS device that will collect logs and alert the administrator of breaches.
* The network infrastructure includes a modern, a firewall, and core and access switches.
* The modem is ISP provided and only forwards packets from the data circuit.
* The firewall handles stateful packet inspection, the ACL, and application layer filtering.
Which of the following describes where the administrator should install the IDS device on the network to collect the MOST relevant information?
Answer options
- A. In front of the modem and firewall
- B. Between the modem and firewall
- C. Behind the firewall on the core switch
- D. After the access switch
Correct answer: A
Explanation
Installing the IDS in front of the modem and firewall ensures that it can monitor all incoming and outgoing traffic, capturing potential threats before they are filtered. Options B, C, and D would limit the visibility of the IDS, as they would only detect traffic that has already passed through the firewall's filtering mechanisms.