Exam CISSP topic 1 question 382 discussion

Data segmentation seems more appropriate. I am loosing confidence in the correctness of the answers. If the answers ARE incorrect then it is damaging for everyone who are trying to learn here

Of the given answers only Traffic filtering is a valid Virtual Network Configuration for VM Protection. A. Data segmentation - not the same as network segmentation B. Data encryption - not a virtual network configuration C. Traffic filtering - is a virtual network configuration (e.g. via a firewall) D. Traffic throttling - better than A and B but C is best. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125B.pdf VM Protection through Traffic Control Using Firewalls: "The primary use of a firewall is for traffic control. In a virtualized infrastructure, traffic control for VM protection is to be exercised for the following two scenarios: • Traffic flowing between any two virtual network segments (or subnets) • All traffic flowing into and out of a VM" Big thanks to Jay327 and CuteRabbit168 for their answers. Helped me out!

To best protect virtual machines (VMs), the most effective virtual network configuration option is network segmentation, which involves dividing the virtual network into separate subnets to isolate traffic and restrict communication between different VM groups, significantly enhancing security by limiting potential attack vectors.

C is correct

C. This is crucial for controlling and monitoring network traffic, but it primarily addresses network-level threats and does not prevent or mitigate hypervisor-related attacks or VM-to-VM threats. A. This can prevent VMs from interacting with each other in unauthorized ways and reduce the risk of attacks like VM Escape, where a malicious VM could potentially access other VMs or the hypervisor. Segmentation also supports defense in depth by limiting the scope of an attack (attack surface), ensuring that if one segment is compromised, the attacker cannot easily move laterally to other segments.

I vote for C, because data segmentation contains network segmentation, but this would us not help. We need to filter with a firewall.

Network works with the traffic, throttling does solve nothing, but filtering can pass or block traffic.

Answer: traffic filtering 1. Access Control: Traffic filtering allows organizations to define specific rules that determine which types of traffic are allowed or blocked. For example, they can create rules to only allow traffic from trusted sources or specific IP addresses, while blocking traffic from potentially malicious sources. This helps prevent unauthorized access to the VMs. 2. Protection against Attacks: By implementing traffic filtering, organizations can block or restrict traffic associated with known attack vectors, such as denial-of-service (DoS) attacks, port scanning, or malware communication. This helps mitigate the risk of VMs being targeted and compromised by malicious activities. 3. Segmentation and Isolation: Traffic filtering enables organizations to segregate and isolate different VMs or groups of VMs within the virtual network. This helps contain any potential security breaches or incidents, as traffic between VMs can be restricted and monitored.

Traffic filtering is a VM configuration, Data segmentation is not

answer is D. think Defense in Depth... A. Data Segmentation will still require firewall for filtering. B. Data Encryption is the best option but it is not a network configuration C. Traffic Filtering.. provide security filtering.. but if you think defense in Depth.. Traffic throttling. Traffic Throttling: Description: Control or limit the rate of data transfer or the number of requests between devices or applications to prevent resource abuse and manage bandwidth usage. Implementation: Implement Quality of Service (QoS) policies to prioritize critical applications. Use rate limiting or traffic shaping mechanisms to prevent DDoS attacks and control the flow of traffic.

Selected Answer A The best virtual network configuration option to protect virtual machines (VMs) is A - data segmentation. Data segmentation involves separating VMs into different virtual networks based on factors like function, data sensitivity, and access requirements. This helps isolate critical assets, enforce restrictions between VM groups, and limit lateral movement in the event an attacker gains access. Data encryption (B) protects data confidentiality but does not stop attacks or restrict access between VMs. Traffic filtering (C) controls allowed protocols/ports but permits all traffic within the same network. Traffic throttling (D) reduces network DoS impact but does not truly protect VMs from being compromised.

C. Traffic filtering Traffic filtering in a virtual network environment ensures that only authorized traffic reaches the virtual machines, while unauthorized or potentially malicious traffic is blocked or discarded. This helps in protecting the VMs from various network-based attacks and unauthorized access. While data segmentation, data encryption, and traffic throttling have their own security and performance merits, traffic filtering directly acts as a protective measure for VMs against unwanted network traffic.

As BP lopbster said "Data segmentation is not the same as network segmentation", therefore the answer is C: Traffic filtering

The best virtual network configuration option to protect virtual machines (VMs) is C. Traffic filtering. Traffic filtering is the process of controlling the flow of traffic between different networks or hosts. It can be used to block malicious traffic, prevent unauthorized access to VMs, and protect sensitive data.

The best virtual network configuration option to protect virtual machines (VM) is traffic filtering. Traffic filtering controls the inbound and outbound network traffic to and from the virtual machines based on predefined rules. By doing so, it can prevent unauthorized access to the virtual machines and protect them from malicious attacks.

c. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125B.pdf The common requirement in all the use cases discussed above is that all inter-VM traffic must be subjected to policy-based inspection and filtering

Traffic filtering is the process of selectively allowing or blocking network traffic based on predefined criteria. This is typically done using a firewall or other network security device. The purpose of traffic filtering is to protect network resources and prevent unauthorized access to sensitive data. By selectively allowing or blocking traffic based on predefined rules, traffic filtering can help prevent malware, viruses, and other types of attacks from entering a network.