ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security engineer is redesigning the company campus network. Finance application servers must be isolated from hundreds of IoT devices to reduce layer-2 broadcast traffic and to enforce firewall rules between the two groups, yet all equipment must stay on the same physical access switches due to budget limits. Which solution BEST meets these requirements with minimal new hardware?
Assign Finance servers and IoT devices to different IP subnets while leaving them in the same VLAN.
Enable switch port mirroring on Finance ports to monitor and restrict unwanted traffic.
Create separate VLANs for Finance and IoT and route traffic between them through a layer 3 firewall.
Apply static MAC address filtering rules on each switch port used by IoT devices.
Creating separate VLANs for the Finance servers and IoT devices places each group in its own logical network segment, which breaks up the shared layer-2 broadcast domain. By ensuring that any inter-VLAN communication is routed through a layer 3 firewall, the engineer can apply granular security policies while still permitting necessary traffic. Merely assigning different IP subnets without VLAN separation leaves both groups in the same broadcast domain, so broadcasts still reach all ports. Switch port mirroring is a monitoring feature and does not provide segmentation or traffic control. Static MAC filtering can limit device access but does not create separate broadcast domains and is difficult to manage at scale. Therefore, using distinct VLANs with inter-VLAN firewalling is the most effective and scalable choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN and why is it important in network segmentation?
Open an interactive chat with Bash
How does a layer 3 firewall enforce security between VLANs?
Open an interactive chat with Bash
Why is enabling switch port mirroring not a suitable alternative for network segmentation?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .