A network administrator needs to deploy a new public-facing web server. To minimize the risk of a server compromise affecting the internal corporate network, the administrator wants to isolate the web server in its own network segment. This segment must be accessible from the internet but have restricted access to the internal network. Which of the following should the administrator configure?
The correct choice is a screened subnet, which is also commonly known as a demilitarized zone (DMZ). A screened subnet is a perimeter network that is isolated from the secure internal network by a firewall, providing a buffer zone between the internal network and the untrusted internet. It is the standard architecture for hosting public-facing services, like web servers, because it contains potential security breaches within the DMZ, preventing them from spreading to the critical internal network. An air-gapped network is completely physically isolated and not connected to the internet, so it is unsuitable for a public web server. A honeynet is a decoy network used to attract and study attackers, not for hosting production services. A virtual private network (VPN) is used to create a secure, encrypted connection over an untrusted network and is not the primary tool for segmenting a public server.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a screened subnet and how does it function in network security?
Open an interactive chat with Bash
What role do firewalls play in a screened subnet?
Open an interactive chat with Bash
Why is isolating a network segment important for security?