An organization that handles top-secret defense research maintains a database server containing classified schematics. To comply with policy, the server must be completely unable to send or receive data over any wired or wireless network, thus preventing remote compromise or accidental data exfiltration. Which strategy best satisfies this requirement?
An air-gapped system is physically isolated from all other networks, including the Internet. Because no network interfaces remain connected, data cannot enter or leave electronically, providing maximum protection for highly sensitive assets. A host-based firewall, VLAN segmentation, or an IDS can restrict or monitor traffic, but all still depend on an active network connection and therefore cannot guarantee total isolation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an air-gapped system and how does it enhance security?
Open an interactive chat with Bash
What are the limitations of using a host-based firewall?
Open an interactive chat with Bash
How does network segmentation with VLANs work, and what are its shortcomings?