When launching a new enterprise solution that manages restricted data, which approach is the BEST method to keep those systems in a protected environment while limiting lateral movement from other segments?
Place the solution on the same network as all other assets, relying on advanced detection tools to identify suspicious traffic
Place the assets behind a shared firewall with minimal rules separating internal and external networks
Use dedicated sub-networks with additional authentication gateways that enforce stricter access policies
Employ a single next-generation firewall with broad connectivity among all internal subnets
Segmentation with stricter access controls prevents unauthorized users from moving across internal boundaries. Dedicated sub-networks and stronger gateways provide coverage against unauthorized traffic and offer an extra layer of scrutiny. A shared firewall with minimal rule sets or broad connectivity lacks rigid segmentation, and depending on detection tools alone does not address deeper access restrictions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation, and why is it important?
Open an interactive chat with Bash
What are authentication gateways, and how do they enhance security?
Open an interactive chat with Bash
How do detection tools differ from preventive methods like segmentation?