Pete, a security administrator, is informed that people from the HR department should not have access to
the accounting department’s server, and the accounting department should not have access to the HR
department’s server. The network is separated by switches. Which of the following is designed to keep
the HR department users from accessing the accounting department’s server and vice-versa?

A.
ACLs

B.
VLANs

C.
DMZs

D.
NATS

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
VLANs are used for traffic management. Communications between ports within the same VLAN occur
without hindrance, but communications between VLANs require a routing function.
Incorrect Answers:
A: Access control lists (ACLs) are used to define who is allowed to or denied permission to perform a
specified activity or action.
C: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to
access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN.
Often a DMZ is deployed through the use of a multihomed firewall.
D: NAT converts the IP addresses of internal systems found in the header of network packets into public
IP addresses.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 39, 277