How do you effectively determine whether a network segment should be isolated physically or logically to protect your enterprise assets from unauthorized access? Furthermore, this core architectural component divides a flat infrastructure into smaller, distinct subnetworks to minimize broadcast storms and limit the lateral movement of security threats. Why does failing to establish explicit firewall policies between these different zones completely defeat the purpose of your containment strategy?