What is the key difference between host-based and network-based intrusion prevention?

A.
Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.

B.
Network-based IPS provides better protection against OS kernel-level attacks against hosts
and servers.

C.
Network-based IPS can provide protection to desktops and servers without the need of
installing specialized software on the end hosts and servers.

D.
Host-based IPS can work in promiscuous mode or inline mode.

E.
Host-based IPS is more scalable then network-based IPS.

F.
Host-based IPS deployment requires less planning than network-based IPS.

Explanation:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2.1/8_NIDS.
html
Cisco Network-Based Intrusion Detection—Functionalities and Configuration
This chapter highlights the need for and the benefits of deploying network-based intrusion
detection in the data center. It addresses mitigation techniques, deployment models, and the
management of the infrastructure.

Intrusion detection systems help data centers and other computer installations prepare for and
deal with electronic attacks. Usually deployed as a component of a security infrastructure with a
set of security policies for a larger, comprehensive information system, the detection systems
themselves are of two main types.
Network-based systems inspect traffic “on the wire” and host-based systems monitor only
individual computer server traffic.
Network intrusion detection systems deployed at several points within a single network topology,
together with host-based intrusion detection systems and firewalls, can provide a solid, multipronged defense against both outside, Internet-based attacks, and internal threats, including
network misconfiguration, misuse, or negligent practices. The Cisco Intrusion Detection System
(IDS) product line provides flexible solutions for data center security.