An organization wants to secure data in a cloud environment. Its security model requires that all users be authenticated and authorized. Security configuration and posture must be continuously validated before access is granted or maintained to applications and data. There is also a need to allow certain application traffic and deny all other traffic by default. Which technology must be used to implement these requirements?
To secure data in a cloud environment and meet the requirements of authenticating and authorizing all users, continuously validating security postures, and controlling application traffic, microsegmentation is the most appropriate technology. Microsegmentation allows for the creation of highly secure zones that can isolate individual workloads and enforce strict access policies, which denies all other traffic by default except for explicitly allowed application traffic. This aligns perfectly with the described security model, ensuring enhanced security and compliance in the cloud environment.
Microsegmentation is NOT for posturing checking. All the requirements criteria is met by Access Control Policies where you can define in ISE, Authentication, Authorization (Assign SGT in this part, which is the microsegmentation), then use Access List to deny or allow traffic Answer is B
I incline more to microsegmentation. Access control and Identity based access is without doubt necessary part of that, but the whole enforcement technology is microsegmentation.
The key point is all users must be authenticated / authorised (RBAC), using identity based access control, so ISE. Micro segmentation is also part of the solution using SGT. Access policy brings these components together. Answer: B
Its security model requires that all users be authenticated and authorized. How does micro segmentation do this?
Have to agree with the others who voted for Option D. The keywords that stood out to me were "...allowing certain application traffic and deny all other traffic by default." This is possible ONLY with microsegmentation. With ACL's - the opposite of that is true - traffic is allowed by default unless explicitly stated otherwise with rules denying certain traffic. https://www.cisco.com/c/en/us/products/security/what-is-microsegmentation.html
B is correct guys!
I agree that it's D
I prefer D
They r talking about and questioning technology..... Microsegmentation is the technology so D
Answer is Microsegmentation. Software defined access provides Microsegmentation capabilities and centralised administration of which the Cisco ISE is part, hence the user part of the question. https://www.ciscopress.com/articles/article.asp?p=3100056&seqNum=3
https://www.cisco.com/c/en/us/products/security/what-is-microsegmentation.html
D is my answer guys. Cheers
Read this guys: https://www.cisco.com/c/en/us/products/security/zero-trust.html#~solutions
https://www.theasciiconstruct.com/post/sda_security_2/ D
The answer is D. microsegmentation.
they asking about the model, access control policy is not a model, microsegmentation is a security deployment model - I am going for B
Micro-segmentation software uses network virtualization technology to create increasingly granular secure zones in data centers and cloud deployments, which isolate each individual workload and secure it separately.
It's B - Access Control Policy I think that mentioned "cloud environment" in the question is just catch. Rest of the question is all about USERS, their authentication, authorization, POSTURE (you are not posturing applications or workloads in the cloud but users), deny/allow applications - TrustSec policy - all about ISE. Microsegmentation is related to APPLICATIONS and WORKLOADS, I haven't found any mention about USERS. "Micro-segmentation creates secure zones across cloud and data center environments to isolate application workloads from one another and secure them individually. With micro-segmentation, firewall policies limit east-west traffic between workloads based on a zero-trust security approach to reduce attack surfaces, prevent the lateral movement of threats to contain breaches, and strengthen regulatory compliance. Micro-segmentation is also referred to as application segmentation or east-west segmentation in a multicloud data center." https://www.cisco.com/c/en/us/products/security/what-is-microsegmentation.html
In DNA Center / SD Access the micro segmentation happens via SGTs. So one COULD argue that micro segmentation involves authentication in the Cisco world. You login via 802.1x and you get a role / an SGT assigned via which the segmentation happens via SGACLs.