An organization decides to remove the assumption that traffic inside the network is safe. Their goal is to verify every connection to mitigate malicious movement while confining suspicious activity to smaller segments. Which design method would best achieve these objectives?
Installing a gateway firewall to filter traffic on the network perimeter
Centralizing sign-on for all users to streamline credential management
Adopting micro-level divisions with distinct rules for each area
Deploying a static inspection system to detect known intrusion signatures
Segmenting the internal network into smaller zones, each with its own policy controls, ensures unverified connections are contained. This approach prevents lateral movement across the network and supports continuous validation. Single sign-on centralizes identity but does not enforce granular trust boundaries. A perimeter-focused firewall does not guarantee internal controls. Signatures alone cannot confirm identity for every session.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is micro-segmentation in network security?
Open an interactive chat with Bash
How does micro-segmentation prevent lateral movement?
Open an interactive chat with Bash
What is the difference between micro-segmentation and perimeter security?