# Subnetting and CIDR One-sentence definition: Using prefix lengths to divide networks and summarize routes for efficiency and control. ## Key Facts - CIDR notation: /24 = 255.255.255.0; fewer hosts with larger prefix. - Route summarization reduces table size and attack surface visibility. - Security: smaller subnets limit broadcast domains and lateral movement. - Plan addressing per zone (DMZ, mgmt, prod) for policy clarity. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick subnetting to enforce segmentation. **Mnemonic:** “**/ = fewer hosts**.” ## Mini Scenario Q: Flat /16 network aids malware spread—fix? A: Subnet into /24s with ACLs. ## Revision Checklist - Convert a mask↔CIDR. - Summarization purpose. - Segmentation benefit. ## Related [[VLANs and Segmentation]] · [[Routing Basics (IGP vs EGP, Static vs Dynamic)]] · [[Firewalls (Types and Placement)]] · [[DDoS Attacks and Defenses]] · [[Zero Trust Network Access (ZTNA)]] · [[Domain 4 - Index]]