SY0-501 · Question #321
SY0-501 Question #321: Real Exam Question with Answer & Explanation
The correct answer is C: DMZ. A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers from both the internet and the internal network, providing a security buffer zone. This question tests knowledge of network segmentation strategies used to protect internal resources while a
Question
Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?
Options
- ANAC
- BVLAN
- CDMZ
- DSubnet
Explanation
A DMZ (Demilitarized Zone) is a network segment that isolates publicly accessible servers from both the internet and the internal network, providing a security buffer zone. This question tests knowledge of network segmentation strategies used to protect internal resources while allowing controlled external access.
Common mistakes.
- A. NAC (Network Access Control) is an access policy enforcement mechanism that controls which devices can connect to a network based on compliance or identity, not a network structure designed to segment public-facing servers from internal resources.
- B. VLANs are a Layer 2 segmentation technology used to logically separate network traffic, but they are not specifically designed as a security architecture to isolate publicly accessible servers from both external and internal threats in the way a DMZ is.
- D. A subnet is a logical IP addressing division of a network used for routing and organization purposes, and while subnets can be part of a DMZ implementation, a subnet alone does not provide the firewall-enforced security boundary that defines a DMZ.
Concept tested. DMZ network architecture for perimeter security
Reference. https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz
Community Discussion
No community discussion yet for this question.