A Solutions Architect has been tasked with designing a comprehensive security policy methodology for a...

Micro-Segmentation for Granular Security (Correct Answer - C):

Micro-segmentationinNSX-Tenablesgranular firewall policiesat theworkload level, ensuring strictsegregation of trafficacross different departments.

It allowszero trust security, ensuringonly authorized communicationsoccur between workloads,reducing attack surfaces.

This is particularly critical forfinancial institutionsthat needregulatory compliance(e.g., PCI-DSS, GDPR, ISO 27001).

Incorrect Options:

(A - Intrusion Detection & Prevention - IDS/IPS):

IDS/IPS providesthreat detection, but itdoes not segment workloadsor enforceaccess control.

(B - Identity-Based Firewalling):

NSX Identity Firewall (IDFW)can be useful for user-based policies butis not a replacement for network segmentation.

(D - Network Introspection):

NSX Network Introspectionis used forthird-party security integrations, not as aprimary segmentation strategy.

VMware NSX 4.x Reference:

VMware NSX-T Security Reference Guide

Micro-Segmentation Best Practices in NSX-T