The security team at Certkiller Inc is working on alternative designs aspects for the network.
Which design alternative in the SAFE SMR midsize network design campus module?

A.
An alternative design is a separate router and Layer 2 switch can be used for the core and distribution rather than the higher-performing Layer 3 switch.

B.
An alternative design is a NIDS appliance can be placed in front of the firewall.

C.
An alternative design is a URL filtering server can be placed on the public services segment to filter the types of Web pages employees can access.

D.
An alternative design is a router between the firewall and the campus module can be eliminated.

Explanation:

Alternatives
If the medium network is small enough, the functionality of the building switches can be rolled into the core switch, and the building switches can be eliminated. In this case, the end-user workstations would be connected directly to the core switch. Private VLAN functionality would be implemented on the core switch in order to mitigate against trust-exploitation attacks. If the performance requirements of the internal network are not high, a separate router and Layer 2 switch could be used for the core and distribution instead of the higher-performing Layer 3 switch. If desired, the separate NIDS appliance can be replaced with an integrated IDS module that fits into the core switch. This setup provides higher traffic throughput into the IDS module because it sits on the backplane of the switch, rather than being connected via a single 10/100-Mbps Ethernet port. ACLs on the switch can be used to control what traffic is sent to the IDS module.
Reference: Safe white papers;page 23
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks