Lateral-moving malware has infected the server infrastructure. Which of the following network changes would MOST effectively prevent lateral movement in the future?
A.
Implement DNSSEC in all DNS servers.
B.
Segment the physical network using a VLAN.
C.
Implement microsegmentation on the network.
D.
Implement 802.1X in the network infrastructure.
C. Implement microsegmentation on the network.
Microsegmentation is a security technique that divides a network into smaller, isolated segments or microsegments. Each microsegment can have its own security policies and controls. This is an effective approach to prevent lateral movement by limiting communication between different parts of the network. If lateral-moving malware infects one segment, it won't be able to easily propagate to other segments because communication is restricted.
While the other options (A, B, and D) have their own benefits and security implications, they may not be as effective as microsegmentation in preventing lateral movement. DNSSEC (option A) enhances DNS security but doesn't directly prevent lateral movement. Segmenting the network using VLANs (option B) can help, but it may not provide the same level of granular control and isolation as microsegmentation. Implementing 802.1X (option D) is important for network access control but doesn't directly address lateral movement within the network.
"Another characteristic of APTs is that they move laterally by exploiting open ports and gaps in firewall rules. This lateral movement can be contained by micro-segmenting the network and applying intent-based security policies". Source: https://colortokens.com/blog/advanced-persistent-threats-apt/
The answer is C. The keyword is "most effective". B is a useful control but C is more effective. Microsegmentation is a control for (APT)Advanced Persistent Threats.
Network segmentation breaks the network into zones that typically consist of multiple devices and the applications that they host. Micro-segmentation takes this a step further, placing each device or even each application within its own segment.
Sorry Cloud Micro-segmentation software uses network virtualization technology to create increasingly granular secure zones in data centers and cloud deployments.
https://www.vmware.com/topics/glossary/content/micro-segmentation.html
great link... from that same page:
Micro-segmentation helps in networking by creating “demilitarized zones” for security within one data center and across multiple data centers. By tying fine-grained security policies to individual workloads, micro-segmentation software limits an attacker’s ability to move laterally through a data center, even after infiltrating the perimeter defenses.
This section is not available anymore. Please use the main Exam Page.CV0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
braveheart22
6 months, 1 week agoPongsathorn
1 year, 7 months agoPongsathorn
1 year, 7 months agoSecPlus2022
1 year, 10 months agobagsik89
2 years, 1 month agodavidsvida
2 years, 2 months agobeamage
2 years, 2 months agoDaymeyon
2 years, 2 months agobeamage
2 years, 3 months agoJohnMangley
2 years, 3 months agoZettke
2 years, 5 months ago