PBQ — Network Diagram · Security Control Placement

PBQ

Network Diagram — Security Control Placement

SY0-701 Obj 3.2 · Security Architecture & Zones

Acme Corp is redesigning its network security architecture. The network has three zones: Internet (untrusted), a DMZ (hosts public-facing servers), and an Internal network (hosts workstations and databases).

Place each security control from the bank below into the correct zone. Each zone has labeled slots — drag the right control to the right slot. Some controls may not be used.

Drag controls from the bank into the correct zone slots

🗃️ Available Security Controls

🛡️ Perimeter Firewall

🌐 WAF

🔍 Network IDS

🔒 NAC

🍯 Honeypot

🔗 Proxy Server

📊 SIEM

🛡️ Internal Firewall

Network Topology — place controls in the correct zones

Internet Zone (Untrusted)

🌍Internet / External Users

Between Internet ↔ DMZ

→

DMZ

🖥️Web Server (192.168.1.10)

📧Mail Server (192.168.1.20)

Protect Web Server (HTTP attacks)

Detect intrusions in DMZ

Decoy to lure attackers

→

Internal Network (Trusted)

💻Workstations

🗄️Database Server

Between DMZ ↔ Internal

Endpoint access control

Log aggregation & alerting

All PBQ Labs