During a security review, an administrator notes that all servers handling payment-card data have been placed in VLAN 20 on the same physical switch, while user workstations remain in VLAN 10. An ACL on the core switch blocks traffic between the two VLANs except for a few strictly required services. Which of the following best describes the security control the company is using to protect the payment-card systems?
Using separate VLANs with ACLs confines sensitive traffic to its own logical segment. Logical segmentation (also called virtual segmentation) divides a single physical network into smaller, isolated sections-typically with VLANs or subnetting-so that an attacker who compromises one segment cannot freely move into others. Physical isolation (air-gapping) would require separate hardware and cabling, NAT functions at the IP-translation layer but does not enforce intra-LAN separation, 802.1X controls port authentication rather than traffic between segments, and high-availability clustering focuses on uptime rather than segmentation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of logical segmentation in a network?
Open an interactive chat with Bash
How does logical segmentation improve security against data breaches?
Open an interactive chat with Bash
What are the benefits of implementing a segmented network architecture?