The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data should be
segregated from the main corporate network to prevent unauthorized access and that access to the IT systems
should be logged.
Which of the following would BEST meet the CISO’s requirements?
Layer 2 switches
The basic purpose of a firewall is to isolate one network from another.
A: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the
process of monitoring the data that is transmitted across a network.
B: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused
attacks, such as bandwidth-based DoS attacks.
D: Web proxies are used to forward HTTP requests.
E: Layer 2 switching uses the media access control address (MAC address) from the host’s network interface
cards (NICs) to decide where to forward frames. Layer 2 switching is hardware based, which means switches
use application-specific integrated circuit (ASICs) to build and maintain filter tables (also known as MAC
address tables or CAM tables).
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014,