nerdexam
ExamsSY0-301Questions#188
CompTIA

SY0-301 · Question #188

SY0-301 Question #188: Real Exam Question with Answer & Explanation

The correct answer is C: DMZ. A DMZ is a network architecture concept that places a security boundary between untrusted external networks and trusted internal networks, isolating exposed services.

Question

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

Options

  • AVLAN
  • BSubnetting
  • CDMZ
  • DNAT

Explanation

A DMZ is a network architecture concept that places a security boundary between untrusted external networks and trusted internal networks, isolating exposed services.

Common mistakes.

  • A. VLANs logically segment traffic within an internal network but are not specifically designed to enforce security isolation at the boundary between trusted and untrusted networks.
  • B. Subnetting divides an IP address space into smaller logical networks for management and routing purposes, not specifically for security boundary isolation.
  • D. NAT translates private IP addresses to public ones, which provides some obscurity, but it is not a network isolation mechanism designed to enforce security boundaries.

Concept tested. DMZ network boundary isolation

Reference. https://www.cisa.gov/sites/default/files/publications/Layering-Network-Security-Through-Segmentation_S508C.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice