CAS-002 · Question #285
CAS-002 Question #285: Real Exam Question with Answer & Explanation
The correct answer is D: Lack of diversity increases the impact of specific events or attacks.. Consolidating to a single vendor or design eliminates architectural diversity, meaning one vulnerability or attack can compromise all systems simultaneously. This monoculture risk represents the greatest security threat from uniformity.
Question
Options
- ACompetitors gain an advantage by increasing their service offerings.
- BVendor lock in may prevent negotiation of lower rates or prices.
- CDesign constraints violate the principle of open design.
- DLack of diversity increases the impact of specific events or attacks.
Explanation
Consolidating to a single vendor or design eliminates architectural diversity, meaning one vulnerability or attack can compromise all systems simultaneously. This monoculture risk represents the greatest security threat from uniformity.
Common mistakes.
- A. Competitors gaining market advantage is a business strategy concern, not a security risk resulting directly from infrastructure design consolidation.
- B. Vendor lock-in affecting pricing negotiation is a financial and contractual risk, not a direct security risk arising from design uniformity.
- C. The open design principle holds that security should not rely on obscurity - it is not directly violated by choosing a single vendor or uniform design.
Concept tested. Security architecture diversity and monoculture risk
Reference. https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
Community Discussion
No community discussion yet for this question.