One of the most effective ways to protect an application server is to use a screened subnet. A screened subnet is a network segment that is isolated from both the internet and the internal network by two firewalls. The application server is placed in the screened subnet, also known as the demilitarized zone (DMZ), and only the necessary ports are opened for communication. This way, the application server is shielded from external attacks and internal breaches, and the impact of a compromise is minimized.
An air gap involves completely isolating the server from any network. While this provides strong security, it's not practical for an application server that needs to interact with other systems or users.
The most effective way to protect an application server with unsupported software is to use an air gap. An air gap physically isolates the server from all network connections, eliminating the possibility of network-based attacks. This level of isolation is crucial for unsupported software, which is particularly vulnerable to exploits due to the lack of security updates.
In contrast, a screened subnet would still expose the server to some degree of risk because it allows controlled external access. While it mitigates some threats by isolating the server from the internal network, it does not provide the complete isolation that an air gap does .
Its Air Gapping. They use this same technique on factory robotics, that way they cannot be overran and malfunction due to a malicious attacker BECAUSE they are literally cut off from the rest of the network AND the internet. They have no outward facing components.
A - Air Gapping is isolating a system physically by disconnecting it from all networks. Physical separation is one of the most secure methods of security, but still vulnerable from sophisticated attack.
I like answer choice D here -- screened subnet. An air gap would remove the server from the network completely, and would certainly be employed in an incident response where isolation-based containment is needed. If they are still needing to use the application server, however, and simply employ compensating controls, a screened subnet is better.
CompTIA Section 9A: "A screened subnet uses two firewalls placed on either side of the DMZ. The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the DMZ. The edge firewall can be referred to as the screening firewall or router. The internal firewall filters communications between hosts in the DMZ and hosts on the LAN. This firewall is often described as the choke firewall. A choke point is a purposefully narrow gateway that facilitates better access control and easier monitoring."
One of the most effective ways to protect an application server is to use a screened subnet. A screened subnet is a network segment that is isolated from both the internet and the internal network by two firewalls. The application server is placed in the screened subnet, also known as the demilitarized zone (DMZ), and only the necessary ports are opened for communication. This way, the application server is shielded from external attacks and internal breaches, and the impact of a compromise is minimized.
A. Air gap
Explanation:
Air gap (Option A): An air gap involves physically isolating a system or network from external networks, ensuring that there is no direct connection. This isolation significantly reduces the risk of network threats, as there are no pathways for malicious actors to exploit vulnerabilities remotely. It is particularly effective for systems running unsupported software because it provides a strong barrier against external attacks.
Airgap is an extreme form of isolation, where a network has no physical or wireless connection to any other network.
Notice the question mentioned "an application server running aoftware" based on this you want to balance your option with security and functionality and this what makes Screened Subnet suffice.
A. Air gap
The most effective way to protect an application server running software that is no longer supported from network threats is to use an air gap.
Airgap is an extreme form of isolation, where a network has no physical or wireless connection to any other network.
Notice the question mentioned "an application server running aoftware" based on this you want to balance your option with security and functionality and this what makes Screened Subnet suffice.
The most effective way to protect an application server running unsupported software from network threats is A. Air gap.
An air gap is a security measure that physically isolates a computer or network from other systems and networks, including the internet. This means that there is no direct connection between the air-gapped system and any other system, making it impossible for network-based threats to reach the isolated system.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
johnabayot
Highly Voted 1 year, 3 months ago1403ad2
Highly Voted 1 year, 2 months agoHoneybadge
Most Recent 5 months, 1 week agospencer0328
10 months, 1 week agoLayinCable
11 months, 1 week agoAspiringNerd
11 months, 4 weeks ago_deleteme_
1 year agoImjusthere00
1 year, 1 month agoslapster
1 year, 2 months agoTM78
1 year, 2 months agokewokil120
1 year, 2 months agoPayu1994
1 year, 2 months agojohnabayot
1 year, 2 months agocaseymd85
1 year, 2 months agodfc6822
1 year, 3 months agojohnabayot
1 year, 2 months agoganymede
1 year, 3 months agoJay987654
1 year, 3 months agoHs1208
1 year, 3 months ago