Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Answer is C increasing network segmentation. There are many ways to reduce the network surface including air gapping. However this is asking for the reduction in the overall attack surface, not just for sensitive systems. Other broad strokes of reducing the attack surface would be things like enforcing zero trust on systems, strong authentication policy enforcement, strict access control processes, etc... anything that can be applied over a wide spread area to reduce potential points of entry.
I need to go with Air Gap here. Reducing the attack surface is achieved by Air Gapping, well from logical attack anyway. If something is properly Air Gapped then it needs a physical interaction to breach it (usb etc... See Stuxnet) Segmentation is great and it should be high on the design agenda of a network but it doesn't make the attack surface smaller it just makes it harder to breach.
Network segmentation doesn't reduce your attack surface, it just isolates the impact of any attack. Air gap is the only solution here that actually reduces attack surface.
I think the segmentation is the best solution to isolated the infection or threat and make it smaller so can be handled easy and controlled it, I going with C.
The attack surface is all the points at which an adversary could interact with the system and potentially compromise it. To determine the attack surface, you must inventory the assets deployed on your network and the processes that those assets support.
The attack surface is the number of all possible points, or attack vectors, where an unauthorized user can access a system and extract data. The smaller the attack surface, the easier it is to protect.
Attack Surface Reduction in 5 Steps
1. Implement Zero-trust Policies
2. Eliminate Complexity
3. Scan for Vulnerabilities
4. Segment Network
5. Train Employees
https://www.fortinet.com/resources/cyberglossary/attack-surface
"The number of systems that are exposed to attackers (commonly called the organization's attack surface) can be reduced by compartmentalizing systems and networks."
Wouldn't segmenting the network create small pieces of the network but when you combine those pieces the total are of the network be the same? Wouldn't moving to cloud-based architecture better as you are transferring some of the risk to the vendor hence reducing the attack surface?
No. Segmentation means for example to split up the network into DMZ and internal network. The attack surface is now reduced, because only the DMZ is exposed to the internet.
You could do that but what company could afford that. Risk analysis man. Is the cost of moving your whole infrastructure feasible. What CIO would sign off on that. The risk would have to be huge and the cost of a breach would have to greatly exceed the price to move it all to the cloud.
I see your logic. That a segmented network is still the same size as the whole prior to segmentation, thus not reduced. However, the source provided states segmentation "helps to reduce the attack surface by increasing the number of barriers an attacker encounters when attempting to travel through the network."
Think of a big, flat network (one big surface). This usually isn't a good idea because if an attacker makes their way in, it's a free for all. BUT, if we segment that network (I guess you can think of it as multiple fragmented surfaces where each fragment is a REDUCED portion of the whole), it becomes harder for the attacker to maneuver throughout the network because there are more barriers. Thus, the overall attack surface is reduced.
Hope this helps clarify.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
I_heart_shuffle_girls
Highly Voted 3 years, 2 months agoObi_Wan_Jacoby
3 years, 2 months agocatastrophie
Highly Voted 1 year, 1 month agoRobV
Most Recent 3 months, 1 week ago2Fish
1 year agoStiobhan
1 year, 1 month agojleonard_ddc
1 year, 2 months agomoonash
1 year, 3 months agososka123
1 year, 4 months agoTeyMe
1 year, 4 months agoKingDeeko
1 year, 5 months agoTag
1 year, 5 months agoR00ted
1 year, 5 months agoamateurguy
1 year, 6 months agoCizzla7049
1 year, 6 months agokchugh
2 years, 9 months agoSniipZ
2 years, 9 months agoMinnesotaMike
2 years, 8 months agovorozco
2 years, 3 months agosomsom
3 years ago