nerdexam
CompTIA

SY0-301 · Question #322

A major security risk with co-mingling of hosts with different security requirements is:

The correct answer is A. Security policy violations.. Placing hosts with varying security requirements on the same network segment creates risk that a compromise of a lower-security host will violate policies protecting more sensitive systems.

Security architecture

Question

A major security risk with co-mingling of hosts with different security requirements is:

Options

  • ASecurity policy violations.
  • BZombie attacks.
  • CPassword compromises.
  • DPrivilege creep.

How the community answered

(26 responses)
  • A
    88% (23)
  • C
    4% (1)
  • D
    8% (2)

Why each option

Placing hosts with varying security requirements on the same network segment creates risk that a compromise of a lower-security host will violate policies protecting more sensitive systems.

ASecurity policy violations.Correct

When systems with different security classifications share the same environment, a compromise or misconfiguration of a lower-security host can expose higher-security systems, directly violating the security policies designed to protect them. Segmentation into separate security zones is the standard architectural control used to prevent this cross-contamination. Co-mingling undermines the foundational principle of least privilege applied to network architecture.

BZombie attacks.

Zombie attacks involve botnet-controlled systems and are a separate threat vector unrelated to the structural risk of co-mingling hosts of different security levels.

CPassword compromises.

Password compromise is a credential-focused threat, not a structural risk specifically caused by mixing hosts with different security requirements on the same segment.

DPrivilege creep.

Privilege creep refers to the gradual accumulation of excessive user rights over time, which is an access management issue rather than a network segmentation concern.

Concept tested: Security risks of mixing hosts with different trust levels

Source: https://csrc.nist.gov/publications/detail/sp/800-125b/final

Topics

#network segmentation#security zones#host isolation#security policy

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice