312-50V13 · Question #57
312-50V13 Question #57: Real Exam Question with Answer & Explanation
The correct answer is B: To only provide direct access to the nodes within the DMZ and protect the network behind it. A Demilitarized Zone (DMZ) is a perimeter network designed to expose externally facing services to untrusted networks while isolating them from the internal private network, thereby protecting the sensitive internal resources.
Question
What is the purpose of a demilitarized zone on a network?
Options
- ATo scan all traffic coming through the DMZ to the internal network
- BTo only provide direct access to the nodes within the DMZ and protect the network behind it
- CTo provide a place to put the honeypot
- DTo contain the network devices you wish to protect
Explanation
A Demilitarized Zone (DMZ) is a perimeter network designed to expose externally facing services to untrusted networks while isolating them from the internal private network, thereby protecting the sensitive internal resources.
Common mistakes.
- A. While firewalls and intrusion detection/prevention systems often monitor traffic entering and exiting the DMZ, the DMZ itself is not solely for scanning; it's a network segment for hosting public services.
- C. While a honeypot can be placed in a DMZ, that is not the primary purpose of a DMZ; a DMZ is for legitimate public-facing services.
- D. A DMZ contains devices that need to be externally accessible, effectively exposing them in a controlled manner, rather than 'protecting' them by containment within the most secure part of the network; the DMZ itself is less protected than the internal network.
Concept tested. DMZ purpose and function
Reference. https://learn.microsoft.com/en-us/azure/architecture/guide/network/dmz-architectures
Topics
Community Discussion
No community discussion yet for this question.