Certified Network Defender (CND) — Question 25

A network designer needs to submit a proposal for a company, which has just published a web portal for its clients on the internet. Such a server needs to be isolated from the internal network, placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with three interfaces, one for the internet network, another for the DMZ server farm and another for the internal network. What kind of topology will the designer propose?

Answer options

• A. Screened subnet
• B. Multi-homed firewall
• C. Bastion host
• D. DMZ, External-Internal firewall

Correct answer: B

Explanation

The correct answer is B, as a multi-homed firewall has multiple interfaces that allow it to connect to different networks, such as the internet, DMZ, and internal network. Option A, screened subnet, refers to a topology involving two firewalls, which is not mentioned in this scenario. Option C, a bastion host, is a single system that is directly exposed to the internet, but it does not provide the multi-interface capability required here. Option D, DMZ, External-Internal firewall, is not a standard term for a topology and does not fit the description provided.