PrepAway - Latest Free Exam Questions & Answers

Which of the following BEST describes this new network?

A security administrator is segregating all web-facing server traffic from the internal network and
restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

PrepAway - Latest Free Exam Questions & Answers

A.
VLAN

B.
Subnet

C.
VPN

D.
DMZ

Explanation:
A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical
subnetwork that contains and exposes an organization’s external-facing services to a larger and untrusted
network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an
organization’s local area network (LAN); an external network node only has direct access to equipment in
the DMZ, rather than any other part of the network. The name is derived from the term “demilitarized
zone”, an area between nation states in which military operation is not permitted.
Incorrect Answers:
A: In computer networking, a single layer-2 network may be partitioned to create multiple distinct
broadcast domains, which are mutually isolated so that packets can only pass between them via one or
more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN.
This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port
level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More
sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used
to transport data for multiple VLANs.Grouping hosts with a common set of requirements regardless of their physical location by VLAN can
greatly simplify network design. A VLAN has the same attributes as a physical local area network (LAN),
but it allows for end stations to be grouped together more easily even if they are not on the same
network switch. The network described in this question is a DMZ, not a VLAN.
B: A subnet is a logical IP network. A DMZ will contain a subnet but it could also contain multiple subnets.
Computers on a subnet can communicate with computers on a different subnet through a router.
C: A VPN (Virtual Private Network) is a secure network connection over an insecure network such as the
Internet. For example, two geographically separate sites could be connected by a VPN using the Internet
for the physical network connection. The network described in this question is a DMZ, not a VPN.

http://en.wikipedia.org/wiki/DMZ_%28computing%29
http://en.wikipedia.org/wiki/Virtual_LAN


Leave a Reply