Comptia Security Plus Mock Test Q71

An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?

A. Routing
B. DMZ
C. VLAN
D. NAT

Correct Answer: C
Section: Network Security

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Incorrect Answers:
A: Routing is the process of selecting best paths in a network.

C: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and
the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

D: NAT converts the IP addresses of internal systems found in the header of network packets into public IP addresses.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 39, 277
http://en.wikipedia.org/wiki/Routing