CompTIA Security Plus Mock Test Q844

Which of the following are examples of network segmentation? (Select TWO).

A. IDS
B. IaaS
C. DMZ
D. Subnet
E. IPS


Correct Answer: C,D
Section: Application, Data and Host Security

Explanation:
C: A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted
public Internet and the trusted local area network (LAN).
D. IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers.

Incorrect Answers:
A: An intrusion detection system (IDS) is an automated system that detects intrusions or security policy violations on networks or host systems. It does not feature or offer network
segmentation.
B: The Infrastructure as a Service (IaaS) model is a cloud computing business model uses virtualization, with the clients paying for resources used.
E: An intrusion prevention system (IPS) is an automated system that attempts to prevent intrusions or security policy violations on networks or host systems. It does not feature or offer
network segmentation.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 21, 26, 27-28
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 65, 110-111