CompTIA Network+ (N10-007) — Question 428

A consultant is designing a new network for a company that will be hosting its own email and web servers. The company wants to ensure there are separate devices to protect the internal network from the DMZ and the DMZ from the Internet. Which of the following would provide this protection?

Answer options

• A. The installation of a firewall with multiple interfaces for the Internet to the DMZ and the LAN.
• B. The in-line installation of two firewalls to divide the Internet to the DMZ and the DMZ to the LAN.
• C. The installation of two switches to divide the Internet from the LAN and the LAN to the DMZ.
• D. The installation of a switch from the Internet to the DMZ and a firewall between the DMZ and the LAN.

Correct answer: B

Explanation

The correct answer is B, as using two firewalls creates separate security zones, effectively isolating the Internet from the DMZ and the DMZ from the internal LAN. Option A suggests a single firewall with multiple interfaces, which does not provide the same level of isolation. Option C uses switches, which do not provide adequate security features for protecting the network, and option D combines a switch with a firewall, which does not fully secure the Internet to DMZ transition.