A system administrator has installed a new Internet facing secure web application that consists of
a Linux web server and Windows SQL server into a new corporate site. The administrator wants to
place the servers in the most logical network security zones and implement the appropriate
security controls. Which of the following scenarios BEST accomplishes this goal?
A.
Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the
DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL
server in the internal zone. Configure the Windows firewall to allow TCP 80 and 443. Configure the
Internet zone with ACLs of allow 80 and 443 destination DMZ.
B.
Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the
DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place
the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443.
Configure the Internet zone with ACLs of allow 443 destination DMZ.
C.
Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ
one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80
and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and
443. Configure the Internet zone with an ACL of allow 443 destination ANY.
D.
Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one.
Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443.
Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and
1443 destination ANY.