"Network segmentation is a security practice that divides a network into smaller, isolated segments to limit access and reduce the attack surface. Firewalls are commonly used to enforce segmentation by creating rules that allow or deny traffic based on source, destination, and port. Tomeet compliance requirements, such as restricting access to internal servers, firewall rules can be configured to block all external traffic while permitting only authorized internal systems to communicate with the segmented servers. This ensures that sensitive resources are isolated from unauthorized access."
[Reference:CompTIA Security+ SY0-701 Study Guide, Domain 2.0: Architecture and Design, Section: "Secure Network Architecture Concepts" (Firewalls and network segmentation are key topics)., Explanation:The requirement is to segment servers on different networks and restrict access to only authorized internal systems. Option A directly addresses this by using firewall rules to block external access while allowing internal traffic, aligning with network segmentation best practices. Option B (WAP) refers to a Wireless Access Point, which doesn’t fit the context of segmentation and could expose resources to public networks. Option C (IPSec tunnel) secures communication but doesn’t inherently segment networks. Option D (jump server) adds a layer of access control but doesn’t address the segmentation requirement alone. Thus, A is the best fit., , , , ]
Submit