Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?
Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?
To protect an application server running software that is no longer supported from network threats, the most effective approach is to use a screened subnet. A screened subnet, also known as a demilitarized zone (DMZ), involves placing the server in a network segment that is isolated from both the internet and the internal network by using two firewalls. This configuration allows for controlled access to the server while minimizing the risk of network-based attacks. Unlike an air gapped system, which would completely isolate the server and render it non-functional for network communication, a screened subnet provides a balance of security and operational functionality.
One of the most effective ways to protect an application server is to use a screened subnet. A screened subnet is a network segment that is isolated from both the internet and the internal network by two firewalls. The application server is placed in the screened subnet, also known as the demilitarized zone (DMZ), and only the necessary ports are opened for communication. This way, the application server is shielded from external attacks and internal breaches, and the impact of a compromise is minimized.
choose D 2024-20-2 On Test and passed with 802
D. Screened subnet ~ It’s an application server. Why would anyone air gap an application server? That would make it useless.
The most effective way to protect an application server with unsupported software is to use an air gap. An air gap physically isolates the server from all network connections, eliminating the possibility of network-based attacks. This level of isolation is crucial for unsupported software, which is particularly vulnerable to exploits due to the lack of security updates. In contrast, a screened subnet would still expose the server to some degree of risk because it allows controlled external access. While it mitigates some threats by isolating the server from the internal network, it does not provide the complete isolation that an air gap does .
Its Air Gapping. They use this same technique on factory robotics, that way they cannot be overran and malfunction due to a malicious attacker BECAUSE they are literally cut off from the rest of the network AND the internet. They have no outward facing components.
I believe it’s Air Gap
Screened subnet..AKA demilitarized zone (DMZ).
A - Air Gapping is isolating a system physically by disconnecting it from all networks. Physical separation is one of the most secure methods of security, but still vulnerable from sophisticated attack.
I like answer choice D here -- screened subnet. An air gap would remove the server from the network completely, and would certainly be employed in an incident response where isolation-based containment is needed. If they are still needing to use the application server, however, and simply employ compensating controls, a screened subnet is better. CompTIA Section 9A: "A screened subnet uses two firewalls placed on either side of the DMZ. The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the DMZ. The edge firewall can be referred to as the screening firewall or router. The internal firewall filters communications between hosts in the DMZ and hosts on the LAN. This firewall is often described as the choke firewall. A choke point is a purposefully narrow gateway that facilitates better access control and easier monitoring."
One of the most effective ways to protect an application server is to use a screened subnet. A screened subnet is a network segment that is isolated from both the internet and the internal network by two firewalls. The application server is placed in the screened subnet, also known as the demilitarized zone (DMZ), and only the necessary ports are opened for communication. This way, the application server is shielded from external attacks and internal breaches, and the impact of a compromise is minimized.
A. Air gap Explanation: Air gap (Option A): An air gap involves physically isolating a system or network from external networks, ensuring that there is no direct connection. This isolation significantly reduces the risk of network threats, as there are no pathways for malicious actors to exploit vulnerabilities remotely. It is particularly effective for systems running unsupported software because it provides a strong barrier against external attacks.
Airgap is an extreme form of isolation, where a network has no physical or wireless connection to any other network. Notice the question mentioned "an application server running aoftware" based on this you want to balance your option with security and functionality and this what makes Screened Subnet suffice.
The most effective way to protect an application server running unsupported software from network threats is A. Air gap. An air gap is a security measure that physically isolates a computer or network from other systems and networks, including the internet. This means that there is no direct connection between the air-gapped system and any other system, making it impossible for network-based threats to reach the isolated system.
"Air gap," is the most effective way to protect an application server running unsupported software from network threats. Air gapping involves physically isolating the server from any external networks, making it inaccessible from the internet or other connected systems.
An air-gapped system is physically isolated from any external networks, meaning there is no network connection whatsoever. It provides the highest level of security by ensuring that the system is completely isolated from potential network threats. A screened subnet is a network segment that is placed between an organization's internal network and an external network (e.g., the internet). It provides a layer of security by separating external-facing servers (like web servers) from the internal network. This helps in controlling and monitoring incoming and outgoing traffic.
A. air gap A screened subnet is still accessible.
A. Air gap The most effective way to protect an application server running software that is no longer supported from network threats is to use an air gap.
Airgap is an extreme form of isolation, where a network has no physical or wireless connection to any other network. Notice the question mentioned "an application server running aoftware" based on this you want to balance your option with security and functionality and this what makes Screened Subnet suffice.
A. Air gap
D. Screened subnet