EC-Council
312-50V9 · Question #305
312-50V9 Question #305: Real Exam Question with Answer & Explanation
The correct answer is C: Defense in depth. Defense in depth is the security strategy of layering multiple controls across an IT infrastructure so that failure of one layer does not compromise the entire system.
Question
What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?
Options
- ASecurity through obscurity
- BHost-Based Intrusion Detection System
- CDefense in depth
- DNetwork-Based Intrusion Detection System
Explanation
Defense in depth is the security strategy of layering multiple controls across an IT infrastructure so that failure of one layer does not compromise the entire system.
Common mistakes.
- A. Security through obscurity relies on hiding implementation details to provide security rather than implementing multiple independent protective control layers.
- B. A Host-Based Intrusion Detection System monitors a single host for malicious activity - it is one security component, not a multi-layer defense strategy.
- D. A Network-Based Intrusion Detection System monitors network traffic for intrusions and is also a single-layer control, not a comprehensive multi-layered defense strategy.
Concept tested. Defense in depth multi-layer security strategy
Reference. https://csrc.nist.gov/glossary/term/defense_in_depth
Community Discussion
No community discussion yet for this question.