Exam 350-701 topic 1 question 308 discussion

Answer is NOT C, its B. B is a better description of microsegmentation. C might be a method to achieve it, but it doesn't describe it.

B: Because it is MicroSegmentation not Segmentation.

Why is not B? Microsegmentation involves applying a zero-trust security model, where communication between different servers, containers, or workloads is strictly controlled and allowed only when explicitly defined. This is usually achieved by using network security policies and access controls to specify and limit the communication paths between individual applications or workloads. B. Environments apply a zero-trust model and specify how applications on different servers or containers can communicate.

C. Environments deploy centrally managed host-based firewall rules on each server or container. The question asks for a description of microsegmentation, not the benefits or an example of when it's used. Microsegmentation specifically refers to a very granular approach to network segmentation where security policies are applied at the individual workloads, containers or VMs. "Microsegmentation divides traditional network segments into many smaller segments...This granular segmentation makes it possible to apply detailed security policies to individual workloads such as VMs and containers." A) Describes a container orchestration platform, but not microsegmentation itself. B) Describes a zero-trust model, which is a security principle, not a description of microsegmentation. D) Describes VLAN segmentation, which is not microsegmentation.

B might be correct. https://blogs.cisco.com/security/zero-trust-microsegmentation-workload-security-oh-my

Isnt it D?

Why not D?