What does the concept of "defense in depth" refer to?

  1. Implementing multiple layers of security controls ✓
  2. Focusing all security budget on perimeter defenses
  3. Using the strongest single security control available
  4. Encrypting all data at rest and in transit

Correct answer: Implementing multiple layers of security controls

Option A is correct because defense in depth is the security strategy of implementing multiple, overlapping layers of controls, such as firewalls, intrusion detection, access controls, and encryption, so that if one layer fails, additional layers continue to protect assets. Option B is incorrect because concentrating all resources on perimeter defenses is the opposite philosophy and creates a single point of failure. Option C is incorrect because relying on one strong control, however powerful, eliminates redundancy and leaves the system vulnerable if that control is bypassed or fails. Option D is incorrect because encrypting data at rest and in transit is one important control, but it addresses only confidentiality and represents just one layer rather than the multi-layered strategy that defines defense in depth.

Topic: · defense in depth, layered security, security architecture, cissp security principles

Practice CISSP Questions Free