How can you reduce the blast radius if an attacker compromises one system?
How can you reduce the blast radius if an attacker compromises one system?
To reduce the blast radius if an attacker compromises one system, it is effective to configure applications on distinct virtual networks and only connect them as necessary. This approach isolates systems from one another, limiting an attacker's ability to move laterally and compromise additional systems. By ensuring that each system operates within its own isolated virtual network environment, you can contain potential threats more effectively.
Security Guidance, page 82 A common, practical example leveraging this capability is running most, if not all, applications on their own virtual network and only connecting those networks as needed. This dramatically reduces the blast radius if an attacker compromises an individual system. The attacker can no longer leverage this foothold to expand across the entire data center.
Correct Answer is B: SG: Page # 106 "A common, practical example leveraging this capability is running most, if not all, applications on their own virtual network and only connecting those networks as needed. This dramatically reduces the blast radius if an attacker compromises an individual system."
A common, practical example leveraging this capability is running most, if not all, applications on their own virtual network and only connecting those networks as needed. This dramatically reduces the blast radius if an attacker compromises an individual system. The attacker can no longer leverage this foothold to expand across the entire data center.