Which of the following can be used to limit the ability of devices to perform only HTTPS connections to an internet update server without exposing the devices to the public internet?
Which of the following can be used to limit the ability of devices to perform only HTTPS connections to an internet update server without exposing the devices to the public internet?
Allowing connections only to an internal proxy server limits devices to performing only HTTPS connections to an internet update server while preventing exposure to the public internet. The internal proxy server can be set up to filter and only permit the designated HTTPS traffic to the update server, ensuring other public internet traffic is blocked.
According to ChatGPT v4 A. Allow connections only to an internal proxy server. By allowing connections only to an internal proxy server, you can limit the devices to perform only HTTPS connections to the internet update server without exposing them to the public internet. The proxy server can be configured to allow only HTTPS connections to the specific update server while blocking all other traffic, providing a secure and controlled connection.
I don't think C is correct. The question isn't asking you to secure the network and it's devices, rather it asks that you secure the devices that need to reach the update server. Putting that device into a DMZ / screened subnet won't stop that device from being exposed to the public internet. However with A, you can only allow connections from a specific HTTPS update server, then you have successfully blocked all other parts of the public internet.
got confused
how is this not screened subnet?
A screened subnet is designed to allow public access to the resources located inside the screened subnet. The question is asking for a solution that prevents exposure to the public Internet.
correct
C. Create a screened network and move the devices to it. The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network
Correct answer is a
The correct answer is C. Create a screened network and move the devices to it. Here's why: A screened network, also known as a demilitarized zone (DMZ), is a separate network segment that isolates devices from the public internet while still allowing them to access specific resources. By moving the devices to a screened network, you can limit their ability to perform only HTTPS connections to the internet update server without exposing them to the public internet.
It's A
An internal proxy server can be configured to allow only HTTPS connections to specific internet update servers, effectively limiting the devices’ exposure to the public internet.
The option that can be used to limit the ability of devices to perform only HTTPS connections to an internet update server without exposing the devices to the public internet is A. Allow connections only to an internal proxy server.
Correct answer is a
C. Create a screened network and move the devices to it. The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network
A screened network (more correctly subnet) does the very opposite to what the question asks - it contains servers that ARE accessible to public internet. The answer is A - allow connections only through a proxy server.