An administrator is configuring a network for all users in a single building. Which of the following
design elements would be used to segment the network based on organizational groups? (Select
two)
A.
NAC
B.
NAT
C.
Subnetting
D.
VLAN
E.
DMZ
F.
VPN
VLAN,subnetting
3
0
Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
Therefore, A is definitely a wrong answer.
Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated “private” IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a “public” address (10.2.2.1) assigned by an Internet service provider.
Therefore, B is definitely a wrong answer.
A DMZ or demilitarized zone add an additional layer of security to an organization’s local area network (LAN).
Therefore, E is definitely a wrong answer.
VPNs are usually employed to allow remote access users to connect to and access the network, and offer connectivity between two or more private networks or LANs. A VPN gateway (VPN router) is a connection point that connects two LANs via a nonsecure network such as the Internet.
Therefore, F is definitely a wrong answer.
The correct answer is C and D.
2
0
A and D
Your own comments for A “and use identities to perform access control.”
The question states “based on organizational groups”
There’s no way to segment network by subnetting based on organizational group means identity of the user.
RADIUS can do this. Put user in a specific VLAN based on his/her authorisation or group.
0
0
Chose C and D. We are talking about creating a form of segregation based on traffic. To achieve this you can do it through sub-netting, and do it virtually with virtual switches in the VLAN.
0
0