An organization wants to limit an attacker's ability to pivot laterally if a single host in the data-center network is compromised. Which of the following design approaches places high-value servers in their own zone with tightly controlled entry and inspection points to achieve this goal?
Implement network segmentation with internal firewalls or microsegmentation
Use port address translation (PAT) to share a single public IP
Deploy round-robin load balancing across application servers
Bond multiple network links with link aggregation (LACP)
Network segmentation (also called microsegmentation when applied at a granular level) isolates critical assets behind dedicated security controls such as internal firewalls or ACLs. By funneling traffic through a limited set of gateways, segmentation shrinks the attack surface and restricts the paths an attacker can use to move laterally. Techniques such as load balancing, PAT, or link aggregation improve performance or address translation but do not inherently prevent lateral movement within the internal network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is lateral movement in a cybersecurity context?
Open an interactive chat with Bash
What are controlled entry points in network security?
Open an interactive chat with Bash
How does zoning reduce the attack surface in a network?