SY0-301 · Question #738
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new n
The correct answer is D. DMZ. A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers, such as web servers, from the internal network using a firewall interface.
Question
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
Options
- AVLAN
- BSubnet
- CVPN
- DDMZ
How the community answered
(39 responses)- A5% (2)
- B3% (1)
- C3% (1)
- D90% (35)
Why each option
A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers, such as web servers, from the internal network using a firewall interface.
A VLAN is a logical segmentation of a switched network at Layer 2 but does not inherently describe the architecture of isolating public-facing servers from an internal network via a firewall.
A subnet is an IP address range division and does not by itself imply the security segregation or firewall-controlled isolation described.
A VPN creates an encrypted tunnel for secure remote access or site-to-site connectivity and is unrelated to segregating web-facing servers.
A DMZ is specifically designed to place internet-facing servers on a separate, isolated network segment controlled by a dedicated firewall interface. This architecture restricts direct access between external traffic and the internal network, which exactly matches the described scenario of segregating web-facing traffic to a single firewall interface.
Concept tested: DMZ network architecture for web-facing server isolation
Source: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110897-dmz-config-asa.html
Topics
Community Discussion
No community discussion yet for this question.