What is Defense in Depth?

  1. Multiple layers of security controls to protect systems ✓
  2. Keeping security procedures secret
  3. Single strong firewall
  4. Relying solely on encryption

Correct answer: Multiple layers of security controls to protect systems

Option A is correct because Defense in Depth is a security strategy that layers multiple independent controls, such as firewalls, intrusion detection, access controls, encryption, and physical security, so that the failure of any single layer does not result in a complete compromise. Option B is incorrect because security through obscurity, the idea of keeping procedures secret, is widely considered an insufficient standalone strategy and is not what Defense in Depth means. Option C is incorrect because relying on a single strong firewall is the antithesis of Defense in Depth; it creates a single point of failure rather than multiple overlapping defenses. Option D is incorrect because relying solely on encryption addresses only confidentiality in transit or at rest and neglects authentication, availability, physical security, and other essential control layers.

Topic: · defense in depth, layered security, cissp, security architecture

Practice CISSP Questions Free