CISSP Domain 4: Segmentation & Zero Trust Explained

On the CISSP, network architecture questions reward one move: name what the requirement must contain, then match the design - segmentation, micro-segmentation, or zero trust. This Domain 4 deep-dive shows why flat networks turn one phished laptop into a full breach, then builds the containment tools that stop it. With Grace, Fatima, Fenrir, and Isabella, we cover the network-design foundations behind 13% of the current exam, and the question-reading habits that turn BEST and MOST scenarios into quick, defensible picks.

In this video:

• Why a flat network lets one breach reach everything, and how segmentation shrinks the blast radius
• VLANs, subnets, and the DMZ (screened subnet) - where a public-facing server actually belongs
• Micro-segmentation: per-workload, software-defined control of east-west traffic
• Zero trust under NIST SP 800-207: never trust, always verify, and no trust from network location
• The three core components - Policy Engine, Policy Administrator, and Policy Enforcement Point
• Why zero trust is a phased strategy, not a product, plus the AI angle on dynamic policy decisions

The next video in the series moves into secure network components, the firewalls and devices that put these designs to work. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

▶ Watch next: CISSP Domain 4: Wi-Fi, WPA3, 5G & Cloud Security https://www.youtube.com/watch?v=9BsXTWTulxk

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi