CompTIA Network+ Practice Test

What describes a Demilitarized Zone (DMZ) in network architecture?

• A. A secure area for data storage
• B. A separate network allowing controlled internet access
• C. A segment exclusively for internal communications
• D. A physical device that filters internet traffic

The correct answer is: A separate network allowing controlled internet access

A Demilitarized Zone (DMZ) in network architecture is accurately described as a separate network allowing controlled internet access. This is a vital part of network security design aimed at adding an additional layer to an organization's internal network. In a typical DMZ configuration, it acts as a buffer zone between the untrusted external network (like the internet) and the trusted internal network. The DMZ hosts resources that need to be accessible from the outside, such as web servers, email servers, or DNS servers, while minimizing the risk to the internal network. By placing these publicly accessible (but potentially vulnerable) systems in a DMZ, it becomes possible to control traffic in a more granular fashion, using firewalls and other security measures. This arrangement helps protect internal systems from direct exposure to the internet and provides a controlled path for incoming and outgoing traffic. Additional options do not accurately represent the function and purpose of a DMZ. For instance, a secure area for data storage is more closely associated with secure server facilities and not the network topology itself. A segment exclusively for internal communications typically refers to internal LAN segments which do not interface directly with the internet. A physical device that filters internet traffic could refer to a firewall or other network security devices but does