CompTIA Network+ (N10-008) — Question 450

An engineer is designing a network topology for a company that maintains a large on-premises private cloud. A design requirement mandates internet-facing hosts to be partitioned off from the internal LAN and internal server IP ranges. Which of the following defense strategies helps meet this requirement?

Answer options

• A. Implementing a screened subnet
• B. Deploying a honeypot
• C. Utilizing network access control
• D. Enforcing a Zero Trust model

Correct answer: A

Explanation

The correct answer is A, as a screened subnet, also known as a demilitarized zone (DMZ), allows internet-facing hosts to be isolated from the internal network, enhancing security. Options B and C do not specifically address the requirement of separation between internet-facing hosts and the internal LAN. Option D, while a strong security posture, does not inherently create the necessary network segmentation required by the design requirement.