CISSP Exam - Question 94

D. Implement network segmentation to achieve robustness. Network segmentation is a security practice that involves dividing a network into smaller, isolated subnetworks, which can limit the potential damage and spread of an attack. This can prevent an attacker from disabling the entire network, and it can also provide additional security controls such as access controls, firewalls, and intrusion detection/prevention systems (IDS/IPS) to further protect critical network assets. Designing networks with the ability to adapt, reconfigure, and fail over can also help to maintain network availability in the face of an attack, but network segmentation is considered the most effective way to prevent an attacker from disabling the entire network. Testing business continuity and disaster recovery (DR) plans and following security guidelines to prevent unauthorized network access are important, but they are not directly related to preventing an attacker from disabling the network.

Option C, "Follow security guidelines to prevent unauthorized network access," is indeed an important strategy to enhance network security. By following security guidelines and implementing measures such as strong access controls, secure authentication mechanisms, and intrusion detection systems, organizations can prevent unauthorized network access and reduce the risk of network compromise. However, in the context of preventing an attacker from disabling a network, implementing network segmentation (Option D) is generally considered a more effective strategy. Network segmentation helps isolate different parts of the network, limiting the impact of a potential breach or attack. While following security guidelines is crucial for overall network security, it may not provide the same level of protection against network disabling as network segmentation. It is important to implement a combination of security measures, including network segmentation, access controls, monitoring, and regular security updates, to safeguard against various threats and ensure the availability and integrity of the network. always, it is never a one approach to perfection

A. Design networks with the ability to adapt, reconfigure, and fail over. Designing networks with the ability to adapt, reconfigure, and fail over is the most effective strategy to prevent an attacker from disabling a network. This approach ensures that if one part of the network is compromised, the rest of the network can continue to function without interruption. This approach also helps to prevent a single point of failure, which can make it more difficult for an attacker to bring down the network. Testing business continuity and disaster recovery (DR) plans is also important, as it helps to ensure that the organization can quickly recover from a network outage or other disruptive event. Following security guidelines to prevent unauthorized network access and implementing network segmentation to achieve robustness are also important strategies for improving network security. However, these strategies alone may not be enough to prevent an attacker from disabling a network.

I think this question is missing something .all answers require imagination to be correct .

A. In my CISSP class the instructor stressed that security must be baked in. This answer talks about designing the network to be resilient right away. I think A encompasses the others, but also with D, I don't think segmentation makes the network robust. It just makes it so if I get access to the main network, I can't log into any server. If I get access to non-prod, I still can't log into anything in prod.

C. Because A and B are reactive, not preventive. D is not going to prevent disabling the network assuming the attacker got into a VLAN and performed other attacks, such as VLAN hopping and etc...

The answer is A The most effective strategy to prevent an attacker from disabling a network is to design networks with adaptability, reconfigurability, and failover capabilities, option A. Building resiliency into the network architecture provides the greatest protection against total denial of service. The network can recover and adapt. Testing DR plans, following security guidelines, and segmentation are beneficial but alone don't prevent full denial if the design is still fragile. While comprehensive security is crucial, a brittle design leaves no options if endpoints are still compromised. Resilient architecture assumes breaches may occur.

Designing networks with adaptability, reconfigurability, and failover mechanisms enhances their resilience and ensures continuity of services even in the face of attacks or disruptions. This approach makes it more difficult for an attacker to disable the network by introducing redundancy and alternative paths.

A. I think the key is that it says "prevent an attacker" instead of talking about maintaining availability during an attack. That's why I think it's C instead of A.

I think the correct answer is A. We are asked about strategy - design networks in a proper way is a strategy. Moreover, C tells us about guidelines to prevent access only, but the question is about disabling network in general.

C. Because A and B are not reactive, not preventive. D is not going to prevent disabling the network assuming the attacker got into a VLAN and performed other attacks, such as VLAN hopping and etc...

A. Design networks with the ability to adapt, reconfigure, and fail over.

A. Design networks with the ability to adapt, reconfigure, and fail over. Even if access controls fails, failover will prevent loss of service

C is about best practice. D is a bit technical but best solution.

A. C is just network access only.. you can still point a DOS and disable a. network. no need for network access to disable a network. Answer is A.

Any network can be hacked

Based on the key statement - prevent an attacker from disabling a network, the answer is A. This will ensure access is provided based on who needs it thus making sure preventing access to others to carry on attacks.