nerdexam
ExamsSY0-301Questions#738
CompTIA

SY0-301 · Question #738

SY0-301 Question #738: Real Exam Question with Answer & Explanation

The correct answer is D: DMZ. A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers, such as web servers, from the internal network using a firewall interface.

Question

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

Options

  • AVLAN
  • BSubnet
  • CVPN
  • DDMZ

Explanation

A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers, such as web servers, from the internal network using a firewall interface.

Common mistakes.

  • A. A VLAN is a logical segmentation of a switched network at Layer 2 but does not inherently describe the architecture of isolating public-facing servers from an internal network via a firewall.
  • B. A subnet is an IP address range division and does not by itself imply the security segregation or firewall-controlled isolation described.
  • C. A VPN creates an encrypted tunnel for secure remote access or site-to-site connectivity and is unrelated to segregating web-facing servers.

Concept tested. DMZ network architecture for web-facing server isolation

Reference. https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110897-dmz-config-asa.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice