Which statement describes a defense-in-depth approach?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Cybercrime Test with comprehensive coverage of real-world scenarios, various security domains, and expert techniques. Enhance your knowledge with flashcards and extensive question explanations. Ace your exam confidently!

Multiple Choice

Which statement describes a defense-in-depth approach?

Explanation:
Defense in depth means applying multiple security controls across people, processes, and technology so that if one layer fails, others still protect assets. This layered approach creates redundancy and reduces the chance that a single vulnerability leads to a breach, while also providing a broader range of detection and response capabilities. By combining user training and policy with access controls and incident response, along with technical measures like firewalls, monitoring, encryption, and patch management, an organization builds overlapping protections that cover different angles of risk. The statement reflects this approach by emphasizing multiple layers of controls across people, processes, and technology. Relying on a single firewall does not provide layering, so it doesn’t fit defense in depth. Eliminating human security oversight ignores the essential roles of policies, training, and incident response. Making all detections automatic without monitoring misses the need for ongoing human and automated review to interpret alerts and respond effectively.

Defense in depth means applying multiple security controls across people, processes, and technology so that if one layer fails, others still protect assets. This layered approach creates redundancy and reduces the chance that a single vulnerability leads to a breach, while also providing a broader range of detection and response capabilities. By combining user training and policy with access controls and incident response, along with technical measures like firewalls, monitoring, encryption, and patch management, an organization builds overlapping protections that cover different angles of risk. The statement reflects this approach by emphasizing multiple layers of controls across people, processes, and technology.

Relying on a single firewall does not provide layering, so it doesn’t fit defense in depth. Eliminating human security oversight ignores the essential roles of policies, training, and incident response. Making all detections automatic without monitoring misses the need for ongoing human and automated review to interpret alerts and respond effectively.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy