Exam CISSP topic 1 question 94 discussion

D. Implement network segmentation to achieve robustness. Network segmentation is a security practice that involves dividing a network into smaller, isolated subnetworks, which can limit the potential damage and spread of an attack. This can prevent an attacker from disabling the entire network, and it can also provide additional security controls such as access controls, firewalls, and intrusion detection/prevention systems (IDS/IPS) to further protect critical network assets. Designing networks with the ability to adapt, reconfigure, and fail over can also help to maintain network availability in the face of an attack, but network segmentation is considered the most effective way to prevent an attacker from disabling the entire network. Testing business continuity and disaster recovery (DR) plans and following security guidelines to prevent unauthorized network access are important, but they are not directly related to preventing an attacker from disabling the network.

This approach ensures that the network can maintain its functionality even when under attack. This strategy offers resilience against a wide range of attacks. Examples include: 1. Software-Defined Networking (SDN): SDN controllers enable dynamic network reconfiguration and policy enforcement. 2. Network Function Virtualization (NFV): Virtualizes network services to allow for rapid deployment and scaling. 3. Load Balancers: Distribute traffic across multiple servers to prevent overload and ensure availability. 4. Automated Failover Systems: Tools like Kubernetes for container orchestration support automatic failover for applications. These solutions collectively enhance network resilience and continuity.

Based on the key statement - prevent an attacker from disabling a network, the answer is A. This will ensure access is provided based on who needs it thus making sure preventing access to others to carry on attacks.

Any network can be hacked

A. C is just network access only.. you can still point a DOS and disable a. network. no need for network access to disable a network. Answer is A.

I think the correct answer is A. We are asked about strategy - design networks in a proper way is a strategy. Moreover, C tells us about guidelines to prevent access only, but the question is about disabling network in general.

C is about best practice. D is a bit technical but best solution.

A. I think the key is that it says "prevent an attacker" instead of talking about maintaining availability during an attack. That's why I think it's C instead of A.

A. Design networks with the ability to adapt, reconfigure, and fail over. Even if access controls fails, failover will prevent loss of service

A. Design networks with the ability to adapt, reconfigure, and fail over.

Designing networks with adaptability, reconfigurability, and failover mechanisms enhances their resilience and ensures continuity of services even in the face of attacks or disruptions. This approach makes it more difficult for an attacker to disable the network by introducing redundancy and alternative paths.

The answer is A The most effective strategy to prevent an attacker from disabling a network is to design networks with adaptability, reconfigurability, and failover capabilities, option A. Building resiliency into the network architecture provides the greatest protection against total denial of service. The network can recover and adapt. Testing DR plans, following security guidelines, and segmentation are beneficial but alone don't prevent full denial if the design is still fragile. While comprehensive security is crucial, a brittle design leaves no options if endpoints are still compromised. Resilient architecture assumes breaches may occur.

C. Because A and B are reactive, not preventive. D is not going to prevent disabling the network assuming the attacker got into a VLAN and performed other attacks, such as VLAN hopping and etc...

C. Because A and B are not reactive, not preventive. D is not going to prevent disabling the network assuming the attacker got into a VLAN and performed other attacks, such as VLAN hopping and etc...

Option C, "Follow security guidelines to prevent unauthorized network access," is indeed an important strategy to enhance network security. By following security guidelines and implementing measures such as strong access controls, secure authentication mechanisms, and intrusion detection systems, organizations can prevent unauthorized network access and reduce the risk of network compromise. However, in the context of preventing an attacker from disabling a network, implementing network segmentation (Option D) is generally considered a more effective strategy. Network segmentation helps isolate different parts of the network, limiting the impact of a potential breach or attack. While following security guidelines is crucial for overall network security, it may not provide the same level of protection against network disabling as network segmentation. It is important to implement a combination of security measures, including network segmentation, access controls, monitoring, and regular security updates, to safeguard against various threats and ensure the availability and integrity of the network. always, it is never a one approach to perfection

A. In my CISSP class the instructor stressed that security must be baked in. This answer talks about designing the network to be resilient right away. I think A encompasses the others, but also with D, I don't think segmentation makes the network robust. It just makes it so if I get access to the main network, I can't log into any server. If I get access to non-prod, I still can't log into anything in prod.

I think this question is missing something .all answers require imagination to be correct .