Exam CAS-004 topic 1 question 83 discussion

C:Micro-segmentation is a network security technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment

Option B, proxied application data connections enabled by API gateways, could potentially be used to enforce access controls, but it would not allow the system to dynamically construct one-to-one subject/object access paths. Option D, VLANs (Virtual Local Area Networks) enabled by network infrastructure devices, could also potentially be used to enforce access controls, but it would not allow the system to dynamically construct one-to-one subject/object access paths.

Predefined Services Access: Microsegmentation allows fine-grained security policies to be defined and enforced at the individual workload level. This means you can specify exactly which services each user can access. Unique Allow Lists: SDN enables dynamic and flexible management of network policies. You can create unique security policies for each user or group of users, allowing for personalized allow lists. Dynamic Access Paths: SDN allows the network to dynamically construct one-to-one access paths between subjects (users) and objects (services) based on predefined policies. This ensures that users can only access the services they are permitted to, and these paths can be dynamically adjusted as needed

Microsegmentation enabled by software-defined networking. Controlled Access to Predefined Services: Microsegmentation allows the network to be divided into smaller segments or zones to control access between various parts of the network. It enables the isolation of services and resources, ensuring that users can only access predefined services as required. Unique Allow Lists for Each User: With microsegmentation, access control lists (ACLs) or policies can be customized for each user or user group. This customization facilitates the creation of unique allow lists, defining specific access permissions for different users. Construction of One-to-One Subject/Object Access Paths Dynamically: Microsegmentation in software-defined networking enables dynamic creation and management of access paths between subjects (users) and objects (services/resources). This dynamic configuration allows for one-to-one access paths to be established as needed, providing granular access control.

Keywords to focus on: "predefined resources" "each user defined access" "one-to-one subject object" "dynamically" Microsegmentation Look up Zscaler microsegmentation Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

"Micro-segmentation uses an allow-list model to significantly reduce this attack surface across different workload types and environments."

B seems most likely to me.