Exam SY0-601 topic 1 question 605 discussion

Segmentation involves dividing a network into separate subnetworks or segments, each with its own security controls and access permissions. By segmenting the network, the administrator can isolate sensitive customer data from the main corporate network, reducing the risk of unauthorized access to the data.

*On Exam, Taken On July 31, 2023*

Isolation ensures that sensitive systems or data are physically or logically disconnected from other networks or systems. -Physical isolation involves segregating an entire network from others or a system from external interference. Faraday cages and air-gapped networks exemplify physical isolation. -Logical isolation is achieved through segmentation, dividing a large network into smaller isolated segments. The scenario specifies that customer data remains within our network but in an isolated section apart from the main corporate network.

Questions specifies it should not be accessible to "users", not admins. Segmentation is the way to go. Isolation, by most applications, would also prevent administrators from accessing it through the network.

IMO, Answer is A because of the wording "separate part of the network." It doesn't say, "Separate network" which would imply isolation.

Isolation is what, segmentation is how.

B is right. some chose A, but segmentation still accessible from main network, it is possible. however, isolation, say air gap or something like that, is fully not accessible.

Segmentation divides a network into smaller, controlled segments for security purposes, while isolation completely separates a network or system to protect sensitive assets or mitigate risks.

"mam" corporate network?

Answer is B. Isolation It asks for the most APPROPIATE choice. Isolation involves physically or logically separating different parts of the network to prevent unauthorized access. By isolating the network segment containing customer data from the main corporate network, the administrator ensures that only authorized personnel can access this sensitive information. This approach enhances security by reducing the risk of unauthorized access or data breaches.

Going with B, based on the additional information from 701 Study Guide from Dion Training. Now that there is a 701 exam, it makes sense why some material tested is not found on 601. Isolation seems to fit ■ Isolation - Isolate vulnerable systems from the enterprise network ■ Segmentation - Divide the network into segments to limit the impact of breaches Professor Messer 601 With an isolation policy we can disable the connection between this laptop and the rest of the network. And we might also put this device on its own isolated VLAN, which means that it would be able to communicate to other devices on the isolated VLAN, but no one else inside of the organization. https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/security-configurations/

an example of network segmentation is where a corp network is divided into IT, marketing, management, retail, warehouse, database, etc. logically each network segment should have the ability to talk to each other; otherwise the corp network wouldn't be functional. the context of the question appears to imply the customer data requires air gap which I believe network segmentation wouldn't provide

This approach provides a strong level of security and confidentiality for sensitive data.

Isolation isn't part of exam objectives, going with A.

B. Isolation Network Isolation is the process of creating a standalone network with no connectivity to other parts of the network. This is a stringent form of segregation that can protect sensitive data from unauthorize access or tampering. Network segmentation, on the other hand, involves dividing a network into subnets to control access and traffic flow. This can improve network performance and security, but it does not completely isolate the network from other segments.

Isolation is more appropriate for achieving the goal of storing customer data on a separate part of the network that is not accessible to users on the corporate network. While segmentation (Option A) can be a part of the isolation solution, the most direct and specific answer is network isolation, as it ensures complete separation and inaccessibility between the isolated parts of the network.

Isolating a vpc/subnet is a form of segmentation. Answer is A.