Micro-segmentation is the correct answer because it involves subdividing the network into smaller zones, each with their own security controls. It enables granular control over east-west traffic within the data center, which limits the scope of a breach to a small segment, thereby containing threats and reducing the overall attack surface. A physical firewall, while an important security measure, would not provide the same level of granularity and containment within a cloud environment. VLANs provide some level of segmentation, but they are typically used for dividing the network on a larger scale and are not as effective for the granular, server-level control that micro-segmentation offers. Network Access Control (NAC) focuses on controlling access to the network and is not specifically designed for the intra-server traffic containment.