CompTIA Security+ (SY0-501) — Question 545

A network technician is designing a network for a small company. The network technician needs to implement an email server and web server that will be accessed by both internal employees and external customers. Which of the following would BEST secure the internal network and allow access to the needed servers?

Answer options

• A. Implementing a site-to-site VPN for server access.
• B. Implementing a DMZ segment for the server.
• C. Implementing NAT addressing for the servers.
• D. Implementing a sandbox to contain the servers.

Correct answer: B

Explanation

The best option for securing the internal network while allowing access to the email and web servers is to implement a DMZ segment. A DMZ (Demilitarized Zone) provides a buffer zone between the internal network and external access, allowing controlled access to the servers without exposing the internal network directly. The other options, while they provide certain levels of security, do not effectively separate and protect the internal network in the same way as a DMZ does.