A network administrator needs to improve security by isolating traffic between the company's Engineering and Marketing departments. Both departments connect to the same physical switch. Which of the following solutions should the administrator implement to logically separate the two departments' networks?
Configure a Layer 4 firewall to filter TCP/UDP traffic.
Implement VLANs to create separate broadcast domains.
Deploy an IPS to monitor for and block anomalous traffic.
Install a separate physical switch for each department.
A Virtual Local Area Network (VLAN) is the appropriate solution for logically segmenting a network on shared physical infrastructure like a switch. By placing the Engineering and Marketing departments on separate VLANs, the administrator creates two distinct broadcast domains. This prevents traffic from one department from being directly visible to the other, enhancing security and containment. While installing a separate physical switch would achieve separation, it is a physical solution, not logical, and is less efficient. A Layer 4 firewall filters traffic based on port numbers, and an Intrusion Prevention System (IPS) actively monitors for threats, but neither provides the fundamental logical network separation on a single switch that VLANs are designed for.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does VLAN improve security by logically separating network segments?
Open an interactive chat with Bash
What are some common use cases for implementing VLANs in an organization?
Open an interactive chat with Bash
What is the difference between physical network segmentation and VLAN-based segmentation?