A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD
users and 2 web servers without wireless access. Which of the following should the company configure to
protect the servers from the user devices? (Choose two.)
Deny incoming connections to the outside router interface.
Change the default HTTP port
Implement EAP-TLS to establish mutual authentication
Disable the physical switch ports
Create a server VLAN
Create an ACL to access the server
We can protect the servers from the user devices by separating them into separate VLANs (virtual local area
The network device in the question is a router/switch. We can use the router to allow access from devices in
one VLAN to the servers in the other VLAN. We can configure an ACL (Access Control List) on the router to
determine who is able to access the server.
In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast
domains, which are mutually isolated so that packets can only pass between them via one or more routers;
such a domain is referred to as a virtual local area network, virtual LAN or VLAN.
This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if
at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated
devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data
for multiple VLANs.
Grouping hosts with a common set of requirements regardless of their physical location by VLAN can greatly
simplify network design. A VLAN has the same attributes as a physical local area network (LAN), but it allows
for end stations to be grouped together more easily even if they are not on the same network switch. The
network described in this question is a DMZ, not a VLAN.