Certified Ethical Hacker (CEH v11) — Question 121

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?

Answer options

• A. Place a front-end web server in a demilitarized zone that only handles external web traffic
• B. Require all employees to change their anti-virus program with a new one
• C. Move the financial data to another server on the same IP subnet
• D. Issue new certificates to the web servers from the root certificate authority

Correct answer: A

Explanation

The correct answer is A because placing a front-end web server in a demilitarized zone (DMZ) helps to isolate the internal network from external threats, thereby reducing the risk of data breaches. Options B and C do not address the security posture effectively, and option D, while it enhances security, does not directly mitigate the risk associated with the compromised server.