An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting
division require access to a server in the Sales division, but no users in the Human Resources division
should have access to resources in any other division, nor should any users in the Sales division have
access to resources in the Accounting division. Which of the following network segmentation schemas
would BEST meet this objective?

A.
Create two VLANS, one for Accounting and Sales, and one for Human Resources.

B.
Create one VLAN for the entire organization.

C.
Create two VLANs, one for Sales and Human Resources, and one for Accounting.

D.
Create three separate VLANS, one for each division.

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
Communications between ports within the same VLAN occur without hindrance, but communications
between VLANs require a routing function.
Incorrect Answers:
A: The question states that users in the Sales division should not have access to resources in the
Accounting division. Because communications between ports within the same VLAN occur without
hindrance, this answer would allow the Sales division access to resources in the Accounting division.
B: The question states that no users in the Human Resources division should have access to resources in
any other division, nor should any users in the Sales division have access to resources in the Accounting
division. this answer would not meet those requirements because communications between ports within
the same VLAN occur without hindrance.
C: The question states that users in the Human Resources division should not have access to resources in
any other division. Because communications between ports within the same VLAN occur without
hindrance, this answer would allow the Human Resources division access to resources in the Sales
division.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 23