CompTIA CASP+ Practice Test

What is an effective way to configure a network with a new secure web application and SQL server for optimal security?

• A. Place both servers in the Internet zone
• B. Create a DMZ for the web server and internal zone for SQL server
• C. Integrate all servers into a single network zone
• D. Utilize only software firewalls for security

The correct answer is: Create a DMZ for the web server and internal zone for SQL server

Creating a DMZ (Demilitarized Zone) for the web server while keeping the SQL server in an internal zone is an effective security measure for managing a secure web application. This configuration enhances security by isolating the web server from the internal network. The DMZ acts as a buffer zone that allows external users to access the web application without exposing the SQL server directly to the Internet. This means that even if an attacker compromises the web server, they have an additional layer of security to overcome before accessing the internal SQL server, which contains sensitive data. This separation helps to mitigate the risk of unauthorized access to critical data and provides more robust security by allowing specific security controls to be implemented on both the DMZ and the internal network independently. Additionally, such a setup allows for better monitoring and control. Security policies, intrusion detection systems, and specific traffic rules can be applied to the DMZ that might not be suitable or necessary for the internal network, thereby improving overall security posture. In contrast, placing both servers in the Internet zone would expose them to direct threats from the Internet, whereas integrating all servers into a single network zone would reduce the ability to control and monitor access, making it difficult to protect sensitive data. Relying only on software