nerdexam
EC-Council

312-50V10 · Question #467

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malic

The correct answer is C. Defense in depth. Defense in depth is the security strategy of layering multiple independent security controls so that if one fails, others continue to protect the organization.

Information Security and Ethical Hacking Fundamentals

Question

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

Options

  • ASecurity through obscurity
  • BHost-Based Intrusion Detection System
  • CDefense in depth
  • DNetwork-Based Intrusion Detection System

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    92% (23)

Why each option

Defense in depth is the security strategy of layering multiple independent security controls so that if one fails, others continue to protect the organization.

ASecurity through obscurity

Security through obscurity relies on hiding system details to prevent attacks rather than layering controls, and is widely considered an insufficient and unreliable security strategy.

BHost-Based Intrusion Detection System

A Host-Based Intrusion Detection System (HIDS) is a specific single-layer monitoring tool installed on individual hosts, not a multi-layered security strategy.

CDefense in depthCorrect

Defense in depth applies multiple overlapping security controls - such as firewalls, IDS/IPS, endpoint protection, access controls, and encryption - at different layers of the IT infrastructure. This approach ensures that a single point of failure does not compromise the entire environment, because an attacker must defeat each successive layer. The concept originates from military strategy and is codified in frameworks such as NIST SP 800-53 and the CIS Controls.

DNetwork-Based Intrusion Detection System

A Network-Based Intrusion Detection System (NIDS) monitors network traffic at a single vantage point and is one component of a layered strategy, not the strategy itself.

Concept tested: Defense in depth layered security strategy

Source: https://learn.microsoft.com/en-us/azure/well-architected/security/principle-defense-in-depth

Topics

#defense in depth#layered security#security controls#security architecture

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice