CompTIA Security+ (SY0-501) — Question 14

A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server.
Which of the following represents the MOST secure way to configure the new network segment?

Answer options

• A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.
• B. The segment should be placed in the existing internal VLAN to allow internal traffic only.
• C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic.
• D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

Correct answer: D

Explanation

The correct answer is D because placing the segment on an extranet allows for secure access from both internal and external users while maintaining proper firewall rules. Option A, while secure, does not allow for internal traffic. Option B limits the segment to internal access, which is not suitable for external users. Option C does not provide a secure method for external access since an intranet typically restricts outside access.