nerdexam
(ISC)2

CISSP · Question #1478

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the or

The correct answer is D. Implement logical network segmentation at the switches. Once a sniffer is installed on an internal host, network segmentation limits the broadcast domains and VLANs visible to that compromised machine, reducing the attacker's ability to capture traffic from other network segments.

Submitted by kavita_s· Mar 5, 2026Security Architecture and Engineering

Question

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Options

  • AImplement packet filtering on the network firewalls
  • BInstall Host Based Intrusion Detection Systems (HIDS)
  • CRequire strong authentication for administrators
  • DImplement logical network segmentation at the switches

How the community answered

(39 responses)
  • A
    26% (10)
  • B
    8% (3)
  • C
    10% (4)
  • D
    56% (22)

Why each option

Once a sniffer is installed on an internal host, network segmentation limits the broadcast domains and VLANs visible to that compromised machine, reducing the attacker's ability to capture traffic from other network segments.

AImplement packet filtering on the network firewalls

Packet filtering on perimeter firewalls controls ingress and egress traffic at the network boundary but does not restrict what an internal sniffer can observe on the local network segment after the perimeter has already been breached.

BInstall Host Based Intrusion Detection Systems (HIDS)

HIDS monitors activity on individual hosts and can detect suspicious behavior, but it does not prevent a sniffer already installed on a different compromised host from capturing network traffic traversing shared segments.

CRequire strong authentication for administrators

Strong authentication for administrators protects privileged account access but does not limit the network traffic visible to a sniffer that has already been installed on an internal machine by an attacker who bypassed the perimeter.

DImplement logical network segmentation at the switchesCorrect

Logical network segmentation using VLANs and switch-level controls confines broadcast traffic to specific segments, meaning a sniffer on one compromised host can only capture traffic within its own VLAN or subnet. This directly limits lateral reconnaissance by preventing the attacker from seeing traffic destined for other segments. Without segmentation, a sniffer on a flat network can potentially capture all broadcast and multicast traffic across the entire organization.

Concept tested: Network segmentation to limit sniffing after compromise

Source: https://www.cisecurity.org/controls/network-monitoring-and-defense

Topics

#Network segmentation#Intrusion mitigation#Defense in depth#Lateral movement

Community Discussion

No community discussion yet for this question.

Full CISSP Practice