CompTIA
CAS-003 · Question #895
CAS-003 Question #895: Real Exam Question with Answer & Explanation
The correct answer is A: Separation of environments policy. When development, test, and production environments share the same DMZ, a formal separation of environments policy defines the administrative boundaries and procedures that prevent unintended cross-environment interaction.
Question
While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments. Which of the following is using used to secure the three environments from overlap if all of them reside on separate serves in the same DM2?
Options
- ASeparation of environments policy
- BLogical access controls
- CSegmentation of VlLNs
- DSubnetting of cloud environments
Explanation
When development, test, and production environments share the same DMZ, a formal separation of environments policy defines the administrative boundaries and procedures that prevent unintended cross-environment interaction.
Common mistakes.
- B. Logical access controls restrict which users can authenticate to each environment but do not prevent the environments themselves from overlapping at the data, configuration, or service level.
- C. VLAN segmentation divides network broadcast domains and is a useful network control, but when all servers are already co-located in the same DMZ segment, VLANs do not address the higher-level concern of environment boundary enforcement.
- D. Subnetting of cloud environments is a cloud-specific network partitioning technique and is not applicable to on-premises servers residing within a shared DMZ.
Concept tested. Environment separation policy in shared network zones
Reference. https://csrc.nist.gov/publications/detail/sp/800-125b/final
Community Discussion
No community discussion yet for this question.