An organization decides to remove the assumption that traffic inside the network is safe. Their goal is to verify every connection to mitigate malicious movement while confining suspicious activity to smaller segments. Which design method would best achieve these objectives?
Centralizing sign-on for all users to streamline credential management
Adopting micro-level divisions with distinct rules for each area
Deploying a static inspection system to detect known intrusion signatures
Installing a gateway firewall to filter traffic on the network perimeter
Segmenting the internal network into smaller zones, each with its own policy controls, ensures unverified connections are contained. This approach prevents lateral movement across the network and supports continuous validation. Single sign-on centralizes identity but does not enforce granular trust boundaries. A perimeter-focused firewall does not guarantee internal controls. Signatures alone cannot confirm identity for every session.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is micro-level division in network design?
Open an interactive chat with Bash
How does microsegmentation prevent lateral movement?
Open an interactive chat with Bash
What is the difference between microsegmentation and traditional perimeter firewalls?