An organization wants to limit an attacker's ability to pivot laterally if a single host in the data-center network is compromised. Which of the following design approaches places high-value servers in their own zone with tightly controlled entry and inspection points to achieve this goal?
Implement network segmentation with internal firewalls or microsegmentation
Use port address translation (PAT) to share a single public IP
Bond multiple network links with link aggregation (LACP)
Deploy round-robin load balancing across application servers
Network segmentation (also called microsegmentation when applied at a granular level) isolates critical assets behind dedicated security controls such as internal firewalls or ACLs. By funneling traffic through a limited set of gateways, segmentation shrinks the attack surface and restricts the paths an attacker can use to move laterally. Techniques such as load balancing, PAT, or link aggregation improve performance or address translation but do not inherently prevent lateral movement within the internal network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is microsegmentation, and how does it differ from traditional network segmentation?
Open an interactive chat with Bash
How do internal firewalls contribute to network segmentation security?
Open an interactive chat with Bash
What is lateral movement, and why is it a critical security concern?