A company keeps an out-of-date shipping application that has known security issues, yet is critical for business operations. The IT team wants to maintain functionality and limit infiltration attempts to the main infrastructure. Which approach is considered an effective method to reduce risk from this older system?
Forward all traffic over a single network port and block everything else at the perimeter
Rotate the system into the production network, relying on host-level controls
Set outbound connections on the system as unrestricted and block incoming requests
Place the system in a dedicated VLAN with restricted access policies and monitor activity
Segmenting outdated systems into a dedicated VLAN with access restrictions and monitoring helps reduce lateral movement and detect misuse. Host-level controls alone are insufficient for high-risk systems. VLAN isolation, firewall rules, and IDS enhance defense-in-depth without disrupting required operations. Alternatives fail to contain threats or protect against exploitation of unpatched vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN and how does it improve network security?
Open an interactive chat with Bash
How does monitoring activity in a VLAN detect misuse or threats?
Open an interactive chat with Bash
Why are host-level controls insufficient for high-risk systems?