What is a common method for protecting a network's internal resources?

• A. Using a demilitarized zone (DMZ) to separate external and internal traffic.
• B. Encrypting all internal traffic with SSL
• C. Routing all traffic through the firewall without segmentation
• D. Placing internal servers in the core network

Answer: (A)

Creating a buffer between the internet and the internal network is a common way to protect internal resources. A DMZ (demilitarized zone) places systems that must be reachable from outside (like web or mail servers) in a separate zone outside the core internal network, with strict access controls enforced by firewalls. This setup means any compromise of a publicly facing server is contained in the DMZ, and hostile traffic attempting to reach internal systems must pass through additional security checks. The internal network stays isolated behind the firewall, reducing the blast radius and giving security teams a clearer chokepoint for monitoring and response.

Encrypting all internal traffic with SSL helps protect data in transit but doesn’t create the necessary separation from the internet or restrict access paths to internal resources. Routing all traffic through a firewall without segmentation removes the protective barrier that a DMZ provides. Placing internal servers directly in the core network increases exposure, making it easier for attackers who breach the perimeter to reach sensitive resources.