Which method can be used to enforce multiple layers of protection in a security architecture?

Disable ads (and more) with a membership for a one time $4.99 payment

Excel in the Certmaster CE Security+ Domain 3.0 Security Architecture Assessment. Use interactive flashcards and multiple-choice questions with hints and explanations. Be exam-ready with confidence!

Implementing network segmentation is a highly effective strategy for enforcing multiple layers of protection in a security architecture. This approach divides a network into smaller, manageable segments or zones that can be secured independently. Each segment can have its own security policies, controls, and monitoring, which allows for more granular defense mechanisms.

With network segmentation, even if an attacker penetrates one segment, the impact can be contained, preventing further access to the entire network. This layered approach enhances security because it limits the lateral movement of threats and creates targeted defenses that can be tailored to specific risks associated with each segment. For instance, a more stringent security posture can be applied to sensitive data segments compared to less critical areas.

In contrast, relying solely on a single firewall appliance does not provide the diverse and multifaceted protection needed to address various security threats effectively. Establishing a single point of control may lead to vulnerabilities because it presents an attractive target for attackers. Regularly updating antivirus signatures is indeed important for maintaining endpoint security, but it does not provide the comprehensive layer of protection that network segmentation offers when it comes to reducing overall risk across an entire network.