CAS-001 · Question #326
CAS-001 Question #326: Real Exam Question with Answer & Explanation
The correct answer is C: Each data center should contain one virtual environment for the web servers and another virtual. Security best practice requires network segmentation between internet-facing systems (DMZ) and internal systems (trusted zone). Each data center should have a separate virtual environment for the front-facing web servers (exposed to the internet) and a separate virtual environmen
Question
Options
- AOne data center should host virtualized web servers and the second data center should host the
- BOne virtual environment should be present at each data center, each housing a combination of the
- CEach data center should contain one virtual environment for the web servers and another virtual
- DEach data center should contain one virtual environment housing converted Windows 2000 virtual
Explanation
Security best practice requires network segmentation between internet-facing systems (DMZ) and internal systems (trusted zone). Each data center should have a separate virtual environment for the front-facing web servers (exposed to the internet) and a separate virtual environment for domain controllers and internal servers. This containment means that if a web server is compromised, the attacker cannot directly pivot to domain controllers in the same virtual environment. Option A puts all web servers in one DC, creating a single point of failure and poor geographic redundancy. Option B mixes web servers and domain controllers in the same virtual environment at each site, violating the principle of separation between trusted and untrusted zones. Option D fails to properly segregate web-facing from internal infrastructure.
Community Discussion
No community discussion yet for this question.