Which of the following can be used to limit the ability of devices to perform only HTTPS connections to an internet update server without exposing the devices to the public internet?
A.
Allow connections only to an internal proxy server.
B.
Deploy an IDS system and place it in line with the traffic.
C.
Create a screened network and move the devices to it.
D.
Use a host-based network firewall on each device.
According to ChatGPT v4
A. Allow connections only to an internal proxy server.
By allowing connections only to an internal proxy server, you can limit the devices to perform only HTTPS connections to the internet update server without exposing them to the public internet. The proxy server can be configured to allow only HTTPS connections to the specific update server while blocking all other traffic, providing a secure and controlled connection.
The correct answer is C. Create a screened network and move the devices to it.
Here's why:
A screened network, also known as a demilitarized zone (DMZ), is a separate network segment that isolates devices from the public internet while still allowing them to access specific resources. By moving the devices to a screened network, you can limit their ability to perform only HTTPS connections to the internet update server without exposing them to the public internet.
Creating a screened network (also known as a DMZ) can add a layer of security, but it does not specifically limit connections to HTTPS or prevent exposure to the public internet.
An internal proxy server can be configured to allow only HTTPS connections to specific internet update servers, effectively limiting the devices’ exposure to the public internet.
I don't think C is correct. The question isn't asking you to secure the network and it's devices, rather it asks that you secure the devices that need to reach the update server. Putting that device into a DMZ / screened subnet won't stop that device from being exposed to the public internet.
However with A, you can only allow connections from a specific HTTPS update server, then you have successfully blocked all other parts of the public internet.
A screened subnet is designed to allow public access to the resources located inside the screened subnet. The question is asking for a solution that prevents exposure to the public Internet.
The option that can be used to limit the ability of devices to perform only HTTPS connections to an internet update server without exposing the devices to the public internet is A. Allow connections only to an internal proxy server.
C. Create a screened network and move the devices to it.
The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network
C. Create a screened network and move the devices to it.
The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network
A screened network (more correctly subnet) does the very opposite to what the question asks - it contains servers that ARE accessible to public internet.
The answer is A - allow connections only through a proxy server.
This section is not available anymore. Please use the main Exam Page.N10-008 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
testgok
Highly Voted 2 years, 1 month agoSmashingdounuts
Most Recent 9 months, 2 weeks agoHeyling
9 months, 4 weeks agoJasonMunoz
8 months, 3 weeks ago3f2045e
12 months agoBiancoega10
1 year agoPaula77
1 year, 4 months agoMolongo
2 years agolukeowen93
2 years ago[Removed]
2 years agofola_pc
1 year, 10 months agoDoaa81
2 years agoCannnon
2 years agoCannnon
2 years agoCannnon
2 years agoI_Know_Everything_KY
1 year, 6 months agoCohort07
2 years, 1 month ago