CompTIA Network+ (N10-006) — Question 33

An organization wants to improve its ability to detect infiltration of servers in a DMZ, IPS/IDS solutions are currently located on the edge between DMZ and
Untrust, and DMZ and Trust.
Which of the following can increase visibility inside the DMZ?

Answer options

• A. Layer 7 firewall
• B. Honeypot
• C. NAC server
• D. Host-based firewalls in the DMZ

Correct answer: A

Explanation

A Layer 7 firewall can inspect traffic at the application layer, providing deeper visibility into the types of traffic that are traversing the DMZ, thus enhancing detection capabilities. While honeypots can attract attackers and provide some insights, they do not increase overall visibility. A NAC server primarily focuses on controlling endpoint access rather than monitoring traffic, and host-based firewalls only inspect traffic to and from the individual hosts, not the entire DMZ.