nerdexam
(ISC)2

CISSP · Question #767

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the or

The correct answer is D. Implement logical network segmentation at the switches. Once a sniffer is installed on an internal host, network segmentation limits the scope of traffic the attacker can capture by confining broadcast domains and restricting lateral visibility across the network.

Submitted by jordan8· Mar 5, 2026Communication and Network Security

Question

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Options

  • AImplement packet filtering on the network firewalls
  • BRequire strong authentication for administrators
  • CInstall Host Based Intrusion Detection Systems (HIDS)
  • DImplement logical network segmentation at the switches

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    7% (2)
  • C
    22% (6)
  • D
    67% (18)

Why each option

Once a sniffer is installed on an internal host, network segmentation limits the scope of traffic the attacker can capture by confining broadcast domains and restricting lateral visibility across the network.

AImplement packet filtering on the network firewalls

Packet filtering on firewalls controls traffic entering or leaving the network perimeter but does not restrict what a sniffer can see on internal LAN segments where the compromised host already resides.

BRequire strong authentication for administrators

Strong authentication for administrators protects against unauthorized access to systems but does not prevent a sniffer already installed on an internal host from capturing plaintext or broadcast traffic on the local network.

CInstall Host Based Intrusion Detection Systems (HIDS)

A Host-Based Intrusion Detection System monitors activity on individual hosts and may detect the sniffer after installation, but it is a detective control rather than a preventive one and does not limit the attacker's ability to capture network traffic from other hosts.

DImplement logical network segmentation at the switchesCorrect

Logical network segmentation using VLANs at the switch layer divides the network into isolated broadcast domains, meaning a sniffer on one segment can only capture traffic within that VLAN rather than traffic traversing the entire network. This directly limits the attacker's ability to passively collect credentials, session tokens, or sensitive data from other network segments. Segmentation is the most effective mitigation because it architecturally restricts the reach of a passive eavesdropping tool regardless of other controls.

Concept tested: Network segmentation to limit internal sniffing scope

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-1/configuration_guide/vlan/b_171_vlan_9300_cg/configuring_vlans.html

Topics

#network segmentation#defense in depth#post-breach mitigation#lateral movement

Community Discussion

No community discussion yet for this question.

Full CISSP Practice