Which statement best describes network segmentation?

• A. Centralizing all services into a single broadcast domain.
• B. Dividing the network into segments to limit lateral movement and improve security monitoring.
• C. Encrypting all stored data at rest.
• D. Increasing protocol complexity to hinder attackers.

Answer: (B)

Network segmentation is about dividing the network into smaller, controlled parts so traffic can be restricted and monitored per segment. This approach limits what an attacker can reach if one part of the network is compromised, reducing lateral movement from one segment to another. It also makes security monitoring more effective, since you can apply specific access controls and detection rules within each segment and tailor policies to the needs of that area. That’s why describing segmentation as dividing the network into segments to limit lateral movement and improve security monitoring is the best fit. The other statements don’t describe segmentation: centralizing services into a single broadcast domain would increase, not reduce, risk and broadcast traffic; encrypting data at rest protects data storage rather than how the network is laid out; increasing protocol complexity does not implement segmentation and can hinder legitimate use.