nerdexam
EC-Council

312-50V13 · Question #77

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access,

The correct answer is C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and. Bob's understanding is incorrect because a DMZ provides an essential layer of network segmentation for internet-facing servers, creating a buffer zone regardless of the firewall's statefulness.

Submitted by carter_n· Mar 6, 2026Introduction to Ethical Hacking

Question

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say?

Options

  • ABob can be right since DMZ does not make sense when combined with stateless firewalls
  • BBob is partially right. He does not need to separate networks if he can create rules by destination
  • CBob is totally wrong. DMZ is always relevant when the company has internet servers and
  • DBob is partially right. DMZ does not make sense when a stateless firewall is available

How the community answered

(19 responses)
  • A
    5% (1)
  • B
    5% (1)
  • C
    79% (15)
  • D
    11% (2)

Why each option

Bob's understanding is incorrect because a DMZ provides an essential layer of network segmentation for internet-facing servers, creating a buffer zone regardless of the firewall's statefulness.

ABob can be right since DMZ does not make sense when combined with stateless firewalls

A DMZ provides valuable network segmentation benefits that are applicable and enhance security even when combined with stateless firewalls.

BBob is partially right. He does not need to separate networks if he can create rules by destination

Relying solely on firewall rules without a DMZ eliminates a critical architectural layer of defense, making the internal network more vulnerable if a directly connected public server is compromised.

CBob is totally wrong. DMZ is always relevant when the company has internet servers andCorrect

A DMZ is always relevant when a company has internet-facing servers because it provides a critical layer of isolation between public services and the internal trusted network, limiting lateral movement even if a public server is compromised. This fundamental security benefit applies regardless of whether a firewall is stateful or stateless.

DBob is partially right. DMZ does not make sense when a stateless firewall is available

The value of a DMZ in isolating public-facing services is independent of the firewall's statefulness; it provides a logical separation for enhanced security.

Concept tested: DMZ (Demilitarized Zone) purpose and necessity

Source: https://learn.microsoft.com/en-us/azure/architecture/guide/security/dmz-network-architecture

Topics

#DMZ#firewall#network segmentation#stateful firewall

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice