A network administrator needs to deploy a new public-facing web server. To minimize the risk of a server compromise affecting the internal corporate network, the administrator wants to isolate the web server in its own network segment. This segment must be accessible from the internet but have restricted access to the internal network. Which of the following should the administrator configure?
The correct choice is a screened subnet, which is also commonly known as a demilitarized zone (DMZ). A screened subnet is a perimeter network that is isolated from the secure internal network by a firewall, providing a buffer zone between the internal network and the untrusted internet. It is the standard architecture for hosting public-facing services, like web servers, because it contains potential security breaches within the DMZ, preventing them from spreading to the critical internal network. An air-gapped network is completely physically isolated and not connected to the internet, so it is unsuitable for a public web server. A honeynet is a decoy network used to attract and study attackers, not for hosting production services. A virtual private network (VPN) is used to create a secure, encrypted connection over an untrusted network and is not the primary tool for segmenting a public server.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a screened subnet (DMZ)?
Open an interactive chat with Bash
Why is an air-gapped network not suitable for a public-facing web server?
Open an interactive chat with Bash
How does a honeynet differ from a screened subnet?