312-50V10 · Question #146
What is the purpose of a demilitarized zone on a network?
The correct answer is B. To only provide direct access to the nodes within the DMZ and protect the network behind it. A DMZ (demilitarized zone) is a network segment that exposes public-facing services while shielding the internal network from direct external access.
Question
What is the purpose of a demilitarized zone on a network?
Options
- ATo scan all traffic coming through the DMZ to the internal network
- BTo only provide direct access to the nodes within the DMZ and protect the network behind it
- CTo provide a place to put the honeypot
- DTo contain the network devices you wish to protect
How the community answered
(36 responses)- A6% (2)
- B92% (33)
- D3% (1)
Why each option
A DMZ (demilitarized zone) is a network segment that exposes public-facing services while shielding the internal network from direct external access.
Traffic scanning is the function of a firewall, IDS, or IPS - not the DMZ itself; the DMZ is a network zone, not an inspection mechanism.
A DMZ is architecturally positioned between an external firewall (facing the internet) and an internal firewall (facing the private network). External users can reach only the hosts placed inside the DMZ such as web servers and mail servers, while the internal corporate network behind it remains inaccessible directly, containing lateral movement and reducing attack surface.
Honeypots may sometimes be deployed in a DMZ, but deception is not the architectural purpose of the DMZ as a network design pattern.
The DMZ contains publicly accessible servers that are intentionally exposed, not devices you wish to protect; devices requiring strong protection belong on the internal network behind the inner firewall.
Concept tested: DMZ network architecture and segmentation purpose
Source: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-dmz-network.html
Topics
Community Discussion
No community discussion yet for this question.