nerdexam
CompTIA

SY0-301 · Question #738

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new n

The correct answer is D. DMZ. A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers, such as web servers, from the internal network using a firewall interface.

Security architecture

Question

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

Options

  • AVLAN
  • BSubnet
  • CVPN
  • DDMZ

How the community answered

(39 responses)
  • A
    5% (2)
  • B
    3% (1)
  • C
    3% (1)
  • D
    90% (35)

Why each option

A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers, such as web servers, from the internal network using a firewall interface.

AVLAN

A VLAN is a logical segmentation of a switched network at Layer 2 but does not inherently describe the architecture of isolating public-facing servers from an internal network via a firewall.

BSubnet

A subnet is an IP address range division and does not by itself imply the security segregation or firewall-controlled isolation described.

CVPN

A VPN creates an encrypted tunnel for secure remote access or site-to-site connectivity and is unrelated to segregating web-facing servers.

DDMZCorrect

A DMZ is specifically designed to place internet-facing servers on a separate, isolated network segment controlled by a dedicated firewall interface. This architecture restricts direct access between external traffic and the internal network, which exactly matches the described scenario of segregating web-facing traffic to a single firewall interface.

Concept tested: DMZ network architecture for web-facing server isolation

Source: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110897-dmz-config-asa.html

Topics

#DMZ#network segmentation#firewall#web server isolation

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice