Exam N10-008 topic 1 question 82 discussion

Use a screened subnet - previously known as a demilitarized zone (DMZ) - for all publicly viewable servers, including web servers, FTP servers, and email relay servers. A screened subnet is a version of the DMZ that is created with two firewalls (each of the routers are operating as a firewall) and the DMZ (also called the perimeter between them)

B. Anyone who keeps saying another answer other than FTP. Go back to question#43. The PBQ for screened subnets...

RADIUS is important to protect. You don't want outside access to that.

Most likely because there is a web server within the DMZ offering services requiring FTP

A screened subnet, also known as a DMZ (Demilitarized Zone), is a network segment that sits between an organization's internal network and an external network, such as the internet. The purpose of a screened subnet is to host services that need to be accessible from both the internal network and the external network while providing an additional layer of security. Among the options provided, the system that would MOST likely be found in a screened subnet is: B. FTP (File Transfer Protocol) FTP servers are often placed in a DMZ to allow external users to access files while segregating them from the internal network. This arrangement helps mitigate security risks associated with exposing file-sharing services to external users. Therefore, FTP is the most likely system to be found in a screened subnet.

I see where the confusion might be. While B. FTP (File Transfer Protocol) could be found in a DMZ or screened subnet, it's not the most likely service to be found there. FTP is often used for transferring files between systems, and it's sometimes placed in a DMZ to allow external users to upload or download files without directly accessing the internal network. However, due to its security vulnerabilities (FTP sends credentials in plain text), it's not the preferred choice for secure file transfer over the internet. In a typical secure setup, FTP would be replaced with a more secure protocol like SFTP (SSH File Transfer Protocol) or FTPS (FTP over SSL/TLS). In the context of a screened subnet, services like RADIUS (A) are more likely to be found because they're used for authentication, which is often needed to control access to resources inside the internal network from external users.

Yes question 43 give you the answer.

The answer is B - FTP! A screened subnet is a network architecture that provides an additional layer of security by placing a firewall between the internal network and the external network. FTP (File Transfer Protocol) is a service that is commonly used for transferring files between computers on a network, but it is considered a less secure protocol because it transmits data in clear text and can be vulnerable to attacks. Therefore, it is often placed in a screened subnet to provide additional security and protect the internal network from potential attacks. A - RADIUS (Remote Authentication Dial-In User Service) is a centralized authentication protocol used for authenticating users who connect to a network remotely.

FTP is an user-oriented protocol, meaning that it requires authentication and authorization. This makes it a potential target for attackers. In the context of a screened subnet, placing an FTP server in the DMZ (demilitarized zone) would expose it to the public internet. This could allow attackers to gain unauthorized access to the FTP server. Why would you want to do that?

Screened Subnet will often have your port 80 (HTTP) & port 443 (HTTPS) utilized for public web server access as well as port 20 & 21 for the FTP server utilizing TCP data transfer.

A screened subnet, also known as a DMZ (Demilitarized Zone), is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted network, usually the Internet. The following systems are most likely to be found in a screened subnet: FTP servers: If an organization needs to share files with external entities, they might place their FTP server in the DMZ.

Going with B for this one DMZ - a permiter network that protects an organisations internal local area network from untrusted traffic. Typically this is a subnet where you will place all your public facing servers eg: email server, web server and file server.

The other systems (RADIUS, SQL, LDAP) typically contain more sensitive data and are usually kept on the internal network, behind the firewall.

A screened subnet is a network architecture that uses one or more logical screening routers as a firewall to define three separate subnets: an external router, a perimeter network, and an internal router ¹. The perimeter network, also known as a demilitarized zone (DMZ), is intended for hosting servers that are accessible from or have access to both the internal and external networks ¹. In this context, the system that is most likely to be found in a screened subnet is **FTP** (File Transfer Protocol) ². FTP is used for transferring files between computers on a network and is often used to transfer files between the Internet and a DMZ server ². The other systems listed in the question, RADIUS (Remote Authentication Dial-In User Service), SQL (Structured Query Language), and LDAP (Lightweight Directory Access Protocol), are not typically found in a DMZ ³ .

why would u have ftp in a dmz you want outside people to access it. The answer is A radius

It is B. FTP server. It is not RADIUS. AAA server—the authentication server, positioned within the local network. There are two main types of AAA server: RADIUS and TACACS+.

The answer is B