312-50V11 · Question #146
What is the purpose of a demilitarized zone on a network?
The correct answer is B. To only provide direct access to the nodes within the DMZ and protect the network behind it. A DMZ is a network buffer zone that exposes limited services to the Internet while protecting the internal network from direct external access.
Question
What is the purpose of a demilitarized zone on a network?
Options
- ATo scan all traffic coming through the DMZ to the internal network
- BTo only provide direct access to the nodes within the DMZ and protect the network behind it
- CTo provide a place to put the honeypot
- DTo contain the network devices you wish to protect
How the community answered
(37 responses)- A5% (2)
- B92% (34)
- D3% (1)
Why each option
A DMZ is a network buffer zone that exposes limited services to the Internet while protecting the internal network from direct external access.
Traffic scanning is the responsibility of firewalls and IDS/IPS appliances, not an inherent function of the DMZ network segment itself.
A DMZ is designed to allow external users to reach only the publicly facing services hosted within it (such as web or mail servers) while preventing any direct connection to the internal private network. Firewalls on both sides of the DMZ enforce this boundary, so a compromise of a DMZ host does not automatically grant access to internal resources. This controlled exposure is the core architectural purpose of a DMZ.
Honeypots are deception-based security tools that can be deployed in many locations; hosting them is not the primary or defining purpose of a DMZ.
Devices that need strong protection are placed on the internal network, not in the DMZ - the DMZ is specifically for services that must be reachable from untrusted networks.
Concept tested: DMZ architecture and network segmentation purpose
Source: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-dmz.html
Topics
Community Discussion
No community discussion yet for this question.