(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Practice this question and more.


Which strategy involves breaking LANs into very small, highly localized zones using firewalls?

  1. Network Segmentation

  2. Microsegmentation

  3. VLAN Configuration

  4. Access Control

The correct answer is: Microsegmentation

Microsegmentation is a security strategy that focuses on dividing a Local Area Network (LAN) into very small and distinct zones. This approach provides a granular level of control over security by using firewalls to enforce security policies for each individual zone. By isolating workloads and applications in this manner, organizations can limit lateral movement within the network, which minimizes the potential impact of a security breach. In microsegmentation, each segment can be monitored and protected independently, allowing for specific security measures tailored to the requirements of that zone. This strategy effectively enhances security by ensuring that even if one segment is compromised, the breach may not easily spread to other segments, thus offering a more robust defense against various types of attacks. Microsegmentation can be implemented using software-defined networking technologies, making it a flexible solution within dynamic and cloud-based environments. The other strategies listed, such as network segmentation, also involve dividing networks, but they typically do so at a broader level (e.g., separating different departments or functionalities), while VLAN configuration focuses on separating networks logically without necessarily emphasizing security features. Access control pertains to regulating who can access resources rather than specifically the method of dividing the network into smaller zones for security purposes.