nerdexam
CompTIA

SY0-301 · Question #784

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company

The correct answer is E. Create a server VLAN F. Create an ACL to access the server. The goal is to isolate the two web servers from the three BYOD wireless users on the same all-in-one device. Creating a server VLAN (E) logically segments the servers into their own network, separating them from the BYOD user network at Layer 2. Creating an ACL (F) adds Layer 3 a

Security architecture

Question

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).

Options

  • ADeny incoming connections to the outside router interface.
  • BChange the default HTTP port
  • CImplement EAP-TLS to establish mutual authentication
  • DDisable the physical switch ports
  • ECreate a server VLAN
  • FCreate an ACL to access the server

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    3% (1)
  • D
    9% (3)
  • E
    84% (27)

Explanation

The goal is to isolate the two web servers from the three BYOD wireless users on the same all-in-one device. Creating a server VLAN (E) logically segments the servers into their own network, separating them from the BYOD user network at Layer 2. Creating an ACL (F) adds Layer 3 access control rules that define exactly which traffic is permitted to reach the servers, providing granular control over inter-VLAN communication. Together, VLANs provide segmentation and ACLs enforce access policies - this is the standard defense-in-depth approach for internal network isolation. Denying incoming external connections (A) only affects traffic from outside the network. Changing the HTTP port (B) is security through obscurity. EAP-TLS (C) handles wireless authentication, not server protection. Disabling switch ports (D) would take the servers offline.

Topics

#VLAN segmentation#ACL#network segmentation#BYOD

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice