Certified Ethical Hacker (CEH v11) — Question 181

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

Answer options

• A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
• B. Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one
• C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations
• D. Bob is partially right. DMZ does not make sense when a stateless firewall is available

Correct answer: C

Explanation

The correct answer is C because a DMZ provides an additional layer of security by separating internet-facing servers from internal networks, which is crucial even without a stateful firewall. Options A and D incorrectly imply that a DMZ is irrelevant with stateless firewalls, while B suggests that network segregation isn't necessary, which undermines security best practices.