New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CAS-005 Exam - Topic 3 Question 17 Discussion

Actual exam question for CompTIA's CAS-005 exam
Question #: 17
Topic #: 3
[All CAS-005 Questions]

[Governance, Risk, and Compliance (GRC)]

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

Show Suggested Answer Hide Answer
Suggested Answer: C

The best solution to harden a three-tier environment (web, database, and application servers) is to implement microsegmentation on the server VLANs. Here's why:

Enhanced Security: Microsegmentation creates granular security zones within the data center, allowing for more precise control over east-west traffic between servers. This helps prevent lateral movement by attackers who may gain access to one part of the network.

Isolation of Tiers: By segmenting the web, database, and application servers, the organization can apply specific security policies and controls to each segment, reducing the risk of cross-tier attacks.

Compliance and Best Practices: Microsegmentation aligns with best practices for network security and helps meet compliance requirements by ensuring that sensitive data and systems are properly isolated and protected.


CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl

NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies

CIS Controls: Control 12 - Boundary Defense

by Valentine at Jul 09, 2025, 09:39 PM

Limited Time Offer

25%

Off

Get Premium CAS-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dyan
2 months ago
SASb solutions are great for user restrictions, but not the best here.
upvoted 0 times
...
Afton
2 months ago
I disagree, a firewall at the core is more effective.
upvoted 0 times
...
Wade
3 months ago
Implementing microsegmentation? That's a solid choice!
upvoted 0 times
...
Frederic
3 months ago
Wait, isn't a VPN just for remote access?
upvoted 0 times
...
Hershel
3 months ago
Microsegmentation is definitely the way to go for better security!
upvoted 0 times
...
Farrah
3 months ago
I feel like configuring a SASb solution could help, but I’m not clear on how it compares to the other options for hardening the servers.
upvoted 0 times
...
Louann
4 months ago
I practiced a similar question where implementing a firewall was the answer, but I wonder if that's enough compared to microsegmentation in this case.
upvoted 0 times
...
Darci
4 months ago
I’m not entirely sure, but I think deploying a VPN might not be the best solution for hardening the environment. It feels more like a network access control measure.
upvoted 0 times
...
Irma
4 months ago
I remember studying about microsegmentation and how it can enhance security by isolating different server types. It seems like a strong option here.
upvoted 0 times
...
Cristy
4 months ago
I'm a bit confused by the options. Deploying a VPN or a SASL solution doesn't seem to directly address the requirement of separating the server tiers. Installing a firewall as the network core also doesn't sound like the right approach. I think I need to focus on the microsegmentation option and make sure I understand how it works to secure the three-tier architecture.
upvoted 0 times
...
Marion
4 months ago
Okay, I've got this. The key is to isolate the different server tiers and control access between them. Implementing microsegmentation on the server VLANs is the way to go - it'll allow me to create granular security policies and restrict communication between the tiers. Seems like the most robust solution here.
upvoted 0 times
...
Dion
5 months ago
Hmm, I'm a bit unsure about this one. The question mentions a three-tier architecture, so I'm wondering if a VPN or SASL solution might be more appropriate to control access between the tiers. I'll need to think through the pros and cons of each option carefully.
upvoted 0 times
...
Kati
5 months ago
This looks like a classic network segmentation and access control question. I'd start by considering the key requirements - separating the web, database, and application servers, and hardening the environment. Implementing microsegmentation on the server VLANs seems like the best approach to achieve that.
upvoted 0 times
...
Colette
6 months ago
SASb? Is that some kind of new acronym? Microsegmentation is the industry-standard approach for this use case.
upvoted 0 times
Chauncey
5 months ago
SASb stands for Secure Access Service Edge, it's a cloud-native security solution.
upvoted 0 times
...
...
Bette
6 months ago
Haha, a VPN to prevent remote access? What is this, the 90s? Microsegmentation is the clear winner.
upvoted 0 times
...
Magda
6 months ago
I don't know, a firewall at the core seems a bit overkill. Microsegmentation is more surgical and efficient.
upvoted 0 times
Rosio
5 months ago
I agree, microsegmentation is definitely more efficient.
upvoted 0 times
...
Dusti
5 months ago
I agree, microsegmentation is definitely more efficient and targeted.
upvoted 0 times
...
...
Izetta
6 months ago
I think installing a firewall and making it the network core could also be a strong solution to protect the servers.
upvoted 0 times
...
Becky
7 months ago
I'm not sure, but I think deploying a VPN could also be a good option to prevent unauthorized access.
upvoted 0 times
...
Adell
7 months ago
Microsegmentation is definitely the way to go here. It's the most comprehensive solution to secure the three-tier architecture.
upvoted 0 times
Markus
6 months ago
Deploying a VPN could also help in preventing unauthorized access to server VLANs.
upvoted 0 times
...
Jeffrey
6 months ago
I agree, microsegmentation is the best option for securing the three-tier architecture.
upvoted 0 times
...
...
Precious
7 months ago
I agree with Yoko, microsegmentation would provide better security for the servers.
upvoted 0 times
...
Yoko
7 months ago
I think the best solution is implementing microsegmentation on the server VLANs.
upvoted 0 times
...

Save Cancel