A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but
protect all access to internal resources. Which of the following network design elements would MOST
likely be recommended?

A.
DMZ

B.
Cloud computing

C.
VLAN

D.
Virtualization

Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access.
The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a
DMZ is deployed through the use of a multihomed firewall.
Incorrect Answers:
B: Cloud computing is a popular term that refers to performing processing and storage elsewhere, over a
network connection, rather than locally.C: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.
D: Virtualization offers several benefits, such as being able to launch individual instances of servers or
services as needed, real-time scalability, and the ability to run the exact OS version required for a certain
application.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 23, 37, 39