Systems Security Certified Practitioner – SSCP – Question0899 - Systems Security Certified Practitioner

The general philosophy for DMZ's is that:

A. any system on the DMZ can be compromized because it's accessible from the Internet.
B. any system on the DMZ cannot be compromized because it's not accessible from the Internet.
C. some systems on the DMZ can be compromized because they are accessible from the Internet.
D. any system on the DMZ cannot be compromized because it's by definition 100 percent safe and not accessible from the Internet.

Correct Answer: A

Explanation:

Because the DMZ systems are accessible from the Internet, they are more at risk for attacka nd compromise and must be hardened appropriately.
“Any system on the DMZ cannot be compromised because it’s not accessible from the Internet” is incorrect. The reason a system is placed in the DMZ is so it can be accessible from the Internet.
“Some systems on the DMZ can be compromised because they are accessible from the Internet” is incorrect. All systems in the DMZ face an increased risk of attack and compromise because they are accessible from the Internet.
“Any system on the DMZ cannot be compromised because it’s by definition 100 percent safe and not accessible from the Internet” is incorrect. Again, a system is placed in the DMZ because it must be accessible from the Internet.
References: CBK, p. 434 AIO3, p. 483