CompTIA Security+ (SY0-501) — Question 184

A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another.
Which of the following should the security administrator do to rectify this issue?

Answer options

• A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability
• B. Recommend classifying each application into like security groups and segmenting the groups from one another
• C. Recommend segmenting each application, as it is the most secure approach
• D. Recommend that only applications with minimal security features should be segmented to protect them

Correct answer: B

Explanation

The correct answer is B because classifying applications into like security groups allows for effective management while still addressing security concerns. Option A is incorrect as it suggests a selective approach that may leave vulnerable applications unprotected. Option C, while secure, does not accommodate the database administrators' need for ease of administration. Option D is misguided as it suggests only low-security applications need protection, which undermines overall security strategy.