The SecOps Group Exam CNSP Topic 10 Question 7 Discussion

Network segmentation isolates network zones for security, but certain techniques can circumvent these controls, a focus of CNSP penetration testing.

Why D is correct:

A: DNS tunneling encodes data in DNS queries, bypassing segmentation via legitimate DNS traffic.

B: VLAN hopping exploits switch misconfigurations (e.g., double tagging) to access other VLANs.

C: Covert channels use hidden communication paths (e.g., timing channels) to evade segmentation.

All are valid techniques per CNSP for testing segmentation controls.

Why other options are incomplete: A, B, or C alone exclude other viable methods, making D the comprehensive answer.