220-1002 · Question #94
220-1002 Question #94: Real Exam Question with Answer & Explanation
The correct answer is C: Put the terminal server into the router's DMZ. The stated answers are C and E. Blocking all unused ports on the LAN smart switch (E) reduces the network attack surface by limiting the paths an attacker can use to reach the server - a sound security hardening step. Placing the terminal server in the router's DMZ (C) isolates i
Question
Options
- AChange the default access port
- BEnforce password complexity
- CPut the terminal server into the router's DMZ
- DDisable logon time restrictions
- EBlock all unused ports on the LAN smart switch
- FUse the local client certificate for server authentication
Explanation
The stated answers are C and E. Blocking all unused ports on the LAN smart switch (E) reduces the network attack surface by limiting the paths an attacker can use to reach the server - a sound security hardening step. Placing the terminal server in the router's DMZ (C) isolates it from the internal LAN, which limits lateral movement if the server is compromised; however, this also exposes it directly to the internet, which many practitioners consider a risk rather than a benefit - most security guidance prefers keeping terminal servers internal behind a VPN. Conventionally stronger hardening choices would be changing the default RDP port (A) and enforcing password complexity (B), so note that this question's stated answers are contested in real-world practice.
Community Discussion
No community discussion yet for this question.