CAS-001 · Question #437
CAS-001 Question #437: Real Exam Question with Answer & Explanation
The correct answer is B: Dedicated DMZ network segments. Dedicated DMZ network segments (B) provide the optimal security posture for both servers. Placing each server in its own dedicated DMZ segment isolates them from each other and from the internal network, enforcing strict traffic controls through firewall rules. The customer-facin
Question
Options
- AThe existing internal network segment
- BDedicated DMZ network segments
- CThe existing extranet network segment
- DA third-party web hosting company
Explanation
Dedicated DMZ network segments (B) provide the optimal security posture for both servers. Placing each server in its own dedicated DMZ segment isolates them from each other and from the internal network, enforcing strict traffic controls through firewall rules. The customer-facing site needs internet exposure but must also access corporate resources - a DMZ with controlled inbound/outbound rules achieves this safely. The existing internal network (A) is too permissive (no traffic restrictions between hosts), exposing corporate systems to compromise. The existing extranet segment (C) is already shared with suppliers, mixing trust boundaries. Third-party hosting (D) introduces third-party risk and reduces control. Dedicated segments give each server isolation appropriate to its trust level.
Community Discussion
No community discussion yet for this question.