Comptia Security Plus Mock Test Q72

Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa?

A. ACLs
B. VLANs
C. DMZs
D. NATS

Correct Answer: B
Section: Network Security

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Incorrect Answers:
A: Access control lists (ACLs) are used to define who is allowed to or denied permission to perform a specified activity or action.

C: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and
the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

D: NAT converts the IP addresses of internal systems found in the header of network packets into public IP addresses.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 39, 277