nerdexam
Exams300-320Questions#35
Cisco

300-320 · Question #35

300-320 Question #35: Real Exam Question with Answer & Explanation

The correct answer is B: routed mode with three security zones. The scenario describes a three-tier application: users communicate with the web server, the web server communicates with the application server, and the application server communicates with the database server. Each tier must be isolated with controlled communication paths-this m

Question

Refer to the exhibit. A customer requires a web application implementation, but the web server has communication only to the application server and users, and the database server has communication only to the application server. What firewall design is the best fit for this scenario?

Exhibit

300-320 question #35 exhibit

Options

  • Atransparent mode with the servers on the same subnet
  • Brouted mode with three security zones
  • Ctransparent mode with three security zones
  • Drouted mode with two security zones

Explanation

The scenario describes a three-tier application: users communicate with the web server, the web server communicates with the application server, and the application server communicates with the database server. Each tier must be isolated with controlled communication paths-this maps directly to three security zones (e.g., outside/user zone, DMZ/web zone, and inside/app-DB zone). Routed mode is required because the firewall must act as a Layer 3 gateway between zones, enforcing security policies and routing traffic between different subnets. Transparent mode (A, C) operates at Layer 2 and is unsuitable when distinct subnets are required per zone. Two security zones (D) would not provide sufficient segmentation for three tiers.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-320 Practice