CompTIA CASP+ (CAS-004) — Question 462

A company recently suffered a ransomware outbreak within its virtualized server environment. After the incident, the Chief Information Security Officer created the following requirements for all server environments:

• Only explicitly allowed traffic shall be permitted.
• Inter-VLAN traffic must be filtered.
• Intra-VLAN traffic must be filtered.
• VM traffic residing on the same host must be filtered.

Which of the following best meets these requirements?

Answer options

• A. NGFW
• B. Microsegmentation
• C. Screened subnet
• D. NAC
• E. VNET

Correct answer: B

Explanation

Microsegmentation is the correct choice as it enables granular traffic control within the data center, allowing for filtering of both Inter-VLAN and Intra-VLAN traffic, as well as VM traffic on the same host. NGFW focuses on network-level traffic control but does not specifically address the intra-host filtering needs. The other options, such as Screened subnet, NAC, and VNET, do not provide the same level of control and segmentation necessary for fulfilling all specified requirements.