What is a DMZ (Demilitarized Zone)?

  1. A backup storage location
  2. A type of firewall rule
  3. A network segment that separates internal networks from untrusted external networks ✓
  4. An encryption protocol

Correct answer: A network segment that separates internal networks from untrusted external networks

Option C is correct because a DMZ (Demilitarized Zone) is a physical or logical network segment positioned between an organization's internal trusted network and an untrusted external network such as the internet, hosting public-facing services like web or mail servers while limiting their direct access to internal systems. Option A is incorrect because a DMZ is not a backup storage location; it is a network architecture concept related to traffic segmentation and security boundaries. Option B is incorrect because a DMZ is a network zone, not a type of firewall rule; firewall rules are the mechanisms used to control traffic flowing into and out of the DMZ. Option D is incorrect because a DMZ is not an encryption protocol; encryption protocols such as TLS operate at a different layer and are unrelated to network segmentation.

Topic: General Security Concepts · network security, dmz, network segmentation, security+

Practice CompTIA Security+ (SY0-701) Questions Free