Question

Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers do not have to communicate with each other although they are located on the same subnet. Both servers need to communicate with the data server that is located on the inside network. Which configuration will isolate the servers from inside attacks?

a.Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN promiscuous ports.
b.Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN community ports.
c.Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.
d.Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.

Answer 1

c.Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.

Step-by-step explanation:

Primary VLANs which can only be reached by using promiscuous port, comprises of the gateway and isolated VLANs for users to get out of a network.

The isolated ports can only communicate i.e send and receive data with the promiscuous ports; Fa3/34 and Fa3/35.

Also, WS_1 and WS_2 can neither send nor receive data with the data server, thus we isolate them.