A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode
with AH enabled and ESP disabled throughout the internal network. The company has hired a security
consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the
following recommendations should the consultant provide to the security administrator?

A.
Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

B.
Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

C.
Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

D.
Enable ESP on the internal network, and place NIPS on both networks.