Certified Ethical Hacker (CEH v11) — Question 171

What is the purpose of a demilitarized zone on a network?

Answer options

• A. To scan all traffic coming through the DMZ to the internal network
• B. To only provide direct access to the nodes within the DMZ and protect the network behind it
• C. To provide a place to put the honeypot
• D. To contain the network devices you wish to protect

Correct answer: B

Explanation

The correct answer is B, as the primary purpose of a DMZ is to provide a buffer zone that allows access to specific external services while protecting the internal network. Option A is incorrect because scanning traffic is not the main function of a DMZ. Option C is not accurate since a honeypot can be deployed in various areas of the network, not just the DMZ. Option D is misleading because while the DMZ may contain certain devices, its main role is to protect the internal network rather than just containing devices.