NETSEC-GENERALIST · Question #56
NETSEC-GENERALIST Question #56: Real Exam Question with Answer & Explanation
The correct answer is C: Configure separate zones to isolate the imaging trailer's traffic and apply enforcement using the. In a Zero Trust Architecture (ZTA), network segmentation is critical to prevent unauthorized lateral movement within a flat network. Since the hospital system allows mobile medical imaging trailers to connect directly to its internal network, this poses a significant security ris
Question
A hospital system allows mobile medical imaging trailers to connect directly to the internal network of its various campuses. The network security team is concerned about this direct connection and wants to begin implementing a Zero Trust approach in the flat network. Which solution provides cost-effective network segmentation and security enforcement in this scenario?
Options
- ADeploy edge firewalls at each campus entry point to monitor and control various traffic types
- BManually inspect large images like holograms and MRIs, but permit smaller images to pass freely
- CConfigure separate zones to isolate the imaging trailer's traffic and apply enforcement using the
- DConfigure access control lists on the campus core switches to control and inspect traffic based on
Explanation
In a Zero Trust Architecture (ZTA), network segmentation is critical to prevent unauthorized lateral movement within a flat network. Since the hospital system allows mobile medical imaging trailers to connect directly to its internal network, this poses a significant security risk, as these trailers may introduce malware, vulnerabilities, or unauthorized access to sensitive medical data. The most cost-effective and practical solution in this scenario is: Creating separate security zones for the imaging trailers. Applying access control and inspection policies via the hospital's existing core firewalls instead of deploying new hardware. Implementing strict policy enforcement to ensure that only authorized communication occurs between the trailers and the hospital's network. Why Separate Zones with Enforcement is the Best Solution? Network Segmentation for Zero Trust By placing the medical imaging trailers in their own firewall-enforced zone, they are isolated from the main hospital network. This reduces attack surface and prevents an infected trailer from spreading malware to critical hospital systems. Granular security policies ensure only necessary communications occur between zones. Cost-Effective Approach Uses existing core firewalls instead of deploying costly additional edge firewalls at every campus. Reduces complexity by leveraging the current security infrastructure. Visibility & Security Enforcement The firewall enforces security policies, such as allowing only medical imaging protocols while blocking unauthorized traffic. Integration with Threat Prevention and WildFire ensures that malicious files or traffic anomalies Logging and monitoring via Panorama helps the security team track and respond to threats
Topics
Community Discussion
No community discussion yet for this question.