SK0-005 Question #41: Real Exam Question with Answer & Explanation

Question

An administrator needs three distinct security zones in a company's network. Which of the following is the administrator MOST likely to implement?

Options

• AHost-based firewalls
• BA Layer 3 firewall
• CA web application firewall
• DA circuit-based firewall

Explanation

To establish three distinct security zones in a company's network, an administrator is most likely to implement a Layer 3 firewall for network segmentation.

Common mistakes.

• A. Host-based firewalls protect individual machines but do not provide network-wide segmentation or enforce policies between distinct network zones at the perimeter or internal segmentation points.
• C. A web application firewall (WAF) is designed to protect web applications from specific web-based attacks (like SQL injection, XSS) and operates at Layer 7 (Application layer), not for general network segmentation into distinct security zones.
• D. A circuit-based firewall (or stateful firewall) monitors TCP connection handshakes and decides whether to permit or deny connections, but it's a type of firewall functionality rather than the primary mechanism for establishing broad network security zones like a Layer 3 network firewall.

Concept tested. Network segmentation with firewalls

Reference. https://learn.microsoft.com/en-us/azure/architecture/guide/security/network-segmentation

No community discussion yet for this question.