When does a DMZ make sense?

Elevate your cybersecurity career with the EC-Council Certified Ethical Hacker (CEH) v13 exam. Master essential concepts with multiple choice flashcards and detailed explanations. Achieve success in ethical hacking!

Multiple Choice

When does a DMZ make sense?

Explanation:
A DMZ makes sense as a buffer zone to host Internet-facing services while protecting the internal network. It creates a separate segment so public servers (like a web or mail server) can be accessed from the Internet without granting direct access to internal systems. A stateful firewall is essential for this setup because it enforces rules and tracks connection state across the three zones: Internet, DMZ, and the trusted internal network. With a stateful firewall, you can allow only the necessary traffic to reach DMZ hosts (for example, specific ports) and block direct access from the Internet to the inside. Without any firewall, that boundary isn’t enforced and the DMZ loses its security benefit. The other scenarios—VPN-only access, purely wireless networks, or having no firewall—don’t inherently justify or enable a DMZ.

A DMZ makes sense as a buffer zone to host Internet-facing services while protecting the internal network. It creates a separate segment so public servers (like a web or mail server) can be accessed from the Internet without granting direct access to internal systems. A stateful firewall is essential for this setup because it enforces rules and tracks connection state across the three zones: Internet, DMZ, and the trusted internal network. With a stateful firewall, you can allow only the necessary traffic to reach DMZ hosts (for example, specific ports) and block direct access from the Internet to the inside. Without any firewall, that boundary isn’t enforced and the DMZ loses its security benefit. The other scenarios—VPN-only access, purely wireless networks, or having no firewall—don’t inherently justify or enable a DMZ.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy