ISC2 CISSP Practice Question

Virtual Local Area Networks (VLANs) are the correct solution for this scenario because they are specifically designed to provide Layer 2 traffic isolation on a shared physical network infrastructure. By creating separate broadcast domains for each department (trading, research, administrative), VLANs ensure that traffic from one department does not cross over into another at Layer 2, effectively segmenting the network as required.

Network Address Translation (NAT) operates at Layer 3 and is used to translate IP addresses (typically private to public), but it does not provide Layer 2 traffic isolation between systems on the same internal network. Software-Defined Networking (SDN) is a network architecture approach that decouples the control and data planes; while it can be used to manage and configure segmentation policies like VLANs, SDN itself is the architectural approach, not the specific isolation technology. Port security is a switch feature that restricts access to a port based on MAC addresses but does not create broad, segment-wide isolation between groups of devices across multiple switch ports.