CompTIA CySA+ CS0-003 (V3) Practice Question

Implementing segmentation and zero trust policies in a network is a fundamental security engineering principle. It ensures that if one part of the system is compromised, the damage is contained and does not spread to other parts of the network. Network segmentation divides the network into multiple segments, each acting as a separate security zone, thereby limiting the potential impact of a breach. A zero trust model enhances this by requiring all users, whether inside or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. This contrasts with traditional network security, which trusts users and endpoints within the network perimeter by default. On the other hand, requiring strong passwords, using hashed and salted passwords, and leveraging N-tier architecture are good security practices but do not inherently prevent the lateral movement of an attacker within a network if a server is compromised.