Network Segmentation — CompTIA Security+ (SY0-701) Practice Questions
Network segmentation is the practice of dividing a network into smaller, isolated zones using VLANs, subnets, firewalls, or access control lists so that a compromise in one zone does not automatically grant access to others. It reduces the attack surface and limits the blast radius of breaches, ransomware, or insider threats. The Security+ exam tests segmentation in the context of least privilege, zero trust, and protecting sensitive environments such as industrial control systems or cardholder data environments.
Free questions on network segmentation
What is a DMZ (Demilitarized Zone)?
Free question · easy · full answer + explanation
More network segmentation questions in the full bank
- In network segmentation, what is the purpose of a DMZ (Demilitarized Zone)? Unlock answer & explanation →
- An organization discovers a data breach where an attacker gained access to the database through a web application vulnerability. Log analysis shows the attacker spent 3 weeks inside the network before being discovered. Which security control should have MOST significantly reduced the dwell time? Unlock answer & explanation →
- What is the role of a demilitarized zone (DMZ)? Unlock answer & explanation →