What is network segmentation?
Why Interviewers Ask This
This tests whether you can apply Networking knowledge to real-world scenarios. Interviewers are looking for clarity of thought and evidence that you've encountered this in production code.
Answer
Network segmentation is the practice of dividing a network into smaller, isolated segments to improve security, performance, and manageability. Benefits: security containment — if a segment is compromised, the attacker cannot easily move laterally to other segments; reduced broadcast domain — less broadcast traffic improving performance; regulatory compliance — isolate PCI DSS (payment card data) or HIPAA (health data) systems; access control — enforce who can talk to what. Implementation methods: VLANs (Layer 2 segmentation on switches), subnets with ACLs/firewalls (Layer 3), DMZ (Demilitarized Zone) — a separate zone for public-facing servers, isolated from the internal network. Zero Trust architecture takes segmentation further — no implicit trust even inside the network; verify every access request. Segmentation is a fundamental security best practice for defense-in-depth.
Pro Tip
Demonstrate both theoretical understanding and practical experience. Say what it is, then give an example of how you actually used it in a Networking codebase.