Free CCFA-200 Actual Exam Questions s - Question 6 Discussion

Not C, it’s mostly about restricting damage, so B fits better.

B/C? I get why B fits since containment is about stopping spread from a bad host, but C also seems relevant because sometimes containment policies include monitoring to detect issues early. Still, containment’s main goal is damage control, so B probably edges out C. D sounds more like network segmentation than containment, and A doesn’t really align with containment’s purpose. So, I’d stick with B mostly because it’s about minimizing the impact after something goes wrong rather than increasing prevention or just partitioning for privacy.

Option B limits damage from compromised hosts, which fits containment best.

Guessing D here because network containment often involves setting strict boundaries to isolate parts of the network for security reasons, which can overlap with privacy goals. While B is about limiting damage, containment policies usually have a broader role, including controlling access and partitioning to prevent lateral movement. So D might capture the overarching intent better than just damage control. It’s not just about cleaning up after a compromise but proactively managing network zones for security and privacy.

I’m thinking D might be a trap since partitioning sounds like segmentation, not containment. So B still feels right because containment limits damage once a host’s compromised, not just for visibility or privacy reasons.

B Network Containment Policies are all about preventing a compromised device from spreading issues, not about visibility (C) or network partitioning for privacy (D). It’s focused on damage control.

It’s B, because containment means isolating threats to protect the rest of the network.

It’s B because the main point of containment is to stop a compromised host from spreading damage or affecting other parts of the network. It’s less about increasing aggression in prevention (so not A) and more about damage control once a threat is detected or confirmed. Also, it’s not just about visibility (so C is out) and definitely not privacy partitioning like D. The policy’s focus is on limiting impact, which fits with containing a compromised device before things get worse.

D imo, partitioning a network to maintain privacy is more about segmentation and access control than containment. Containment typically focuses on damage control rather than just privacy concerns. That rules out D. A seems off because making prevention policies more aggressive doesn’t directly relate to containment—it’s more about enforcement intensity. C is about visibility, which is useful but not the main goal of containment. So B still feels right since containment’s purpose is to reduce the fallout from a compromised host by restricting its network access.

B tbh, I think Network Containment Policy is mainly about limiting damage when a host gets compromised. It’s like putting a fence around the infected machine so it can’t spread problems elsewhere on the network. The other options feel less relevant-visibility and partitioning are important but fit better with different policies. This one is clearly about containment before things escalate.