During a security review, an IT team observes that once a laptop connects to the company VPN, it can reach any internal resource on the same subnet without further authentication. To better align with Zero Trust principles and prevent lateral movement, which of the following changes should be implemented?
Replace static routes with a dynamic routing protocol like OSPF for improved pathfinding.
Enable split tunneling on the VPN to separate corporate and internet-bound traffic.
Implement microsegmentation to create granular security zones and verify each access request.
Upgrade the perimeter firewall to a next-generation model with deep packet inspection.
The core principle of Zero Trust is "never trust, always verify," which means trust should not be automatically granted based on network location (like being connected via VPN). Implementing microsegmentation directly supports this strategy by dividing the internal network into small, isolated zones and requiring that access to each zone or workload be individually authenticated and authorized. This approach effectively prevents the lateral movement of threats. Upgrading the perimeter firewall, enabling split tunneling, or changing routing protocols are actions that do not address the core issue of excessive internal trust.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is microsegmentation in Zero Trust?
Open an interactive chat with Bash
Why is lateral movement a security risk?
Open an interactive chat with Bash
How does Zero Trust differ from traditional perimeter-based security?