How are services protected in a legacy scenario when they are discoverable on the public Internet?
(Select all that apply)
Correct Answer: A, C, D
Explanation:
The correct answers are A, C, and D. In a legacy architecture, applications that are exposed and
discoverable on the public Internet are usually protected by building a DMZ (demilitarized zone) and
placing multiple security technologies in front of the service. This commonly includes a large security
stack made up of separate appliances or services for functions such as load balancing, firewalling,
distributed denial-of-service (DDoS) protection, and related edge security controls. A web application
firewall (WAF) is also a standard protective element in these public-facing designs because it adds
inspection and protection for web-based attack patterns and internet-originated abuse.
Option B, DAST, is not a correct answer because Dynamic Application Security Testing is a testing and
assessment method, not a live architectural protection control that sits inline to defend exposed
services in production. Zero Trust architecture contrasts with this legacy model by removing direct
public discoverability and reducing dependence on a complex exposed edge stack. Instead of
defending openly exposed applications with layered perimeter tools, Zero Trust aims to make
applications less discoverable and access more identity- and policy-driven.
Demo Practice Mode
You are viewing only the questions marked as Demo.