(ISC)2 Certified in Cybersecurity Practice Exam

Network Border Firewalls typically consist of which security zones?

• A. Private, Internal, Virtual
• B. Internet, DMZ, Internal
• C. Internet, VLAN, Local
• D. Internet, DMZ, Private

The correct answer is: Internet, DMZ, Internal

Network Border Firewalls commonly incorporate distinct security zones that facilitate efficient management of incoming and outgoing traffic while maintaining secure boundaries between different segments of a network. The correct response highlights the three primary zones involved in this configuration: the Internet, DMZ (Demilitarized Zone), and Internal networks. The Internet zone serves as the outermost boundary, representing the untrusted source from which external traffic originates. Any inbound traffic from the Internet poses potential threats; hence, stringent controls are needed to monitor and manage this traffic. The DMZ zone acts as a buffer between the Internet and the Internal network. It is designed to host public-facing services like web servers or email servers, allowing external access while providing a layer of protection between these services and the more secure Internal network. This separation is crucial because, even though servers in the DMZ may be exposed to external threats, the Internal network should remain shielded from direct access. The Internal zone encompasses the organization's trusted resources and systems, which require higher protection levels. Firewalls facilitate traffic between this zone and the other two zones, ensuring that only authorized and sanitized data is allowed to pass through. In summary, this configuration of zones is fundamental to establishing a robust security posture, preventing unauthorized access, and efficiently managing network