nerdexam
(ISC)2

CISSP · Question #1318

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

The correct answer is C. People, technology, and operations. Defense in depth is a security strategy that recognizes information security cannot be achieved through technology alone, but requires a balanced focus on people, technology, and operations working together.

Submitted by diego_uy· Mar 5, 2026Security Architecture and Engineering

Question

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options

  • ADevelopment, testing, and deployment
  • BPrevention, detection, and remediation
  • CPeople, technology, and operations
  • DCertification, accreditation, and monitoring

How the community answered

(52 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    92% (48)
  • D
    2% (1)

Why each option

Defense in depth is a security strategy that recognizes information security cannot be achieved through technology alone, but requires a balanced focus on people, technology, and operations working together.

ADevelopment, testing, and deployment

Development, testing, and deployment describe phases of a software development lifecycle (SDLC), not the foundational elements of an information security philosophy like defense in depth.

BPrevention, detection, and remediation

Prevention, detection, and remediation describe phases of an incident response or threat management cycle, which is a subset of security operations rather than the overarching pillars of defense in depth.

CPeople, technology, and operationsCorrect

Defense in depth as defined by frameworks like NIST and ISC2 explicitly identifies people, technology, and operations as the three primary pillars of a comprehensive security posture. People encompasses training and awareness, technology covers tools and controls, and operations refers to the processes and procedures that tie them together - no single element is sufficient without the others.

DCertification, accreditation, and monitoring

Certification, accreditation, and monitoring relate to the risk management and authorization processes used in government frameworks such as NIST RMF, not the primary balanced elements of defense in depth.

Concept tested: Defense in depth primary pillars: people, technology, operations

Source: https://www.nist.gov/system/files/documents/2017/06/05/040-056_chapter3.pdf

Topics

#defense in depth#security principles#people, process, technology#information security strategy

Community Discussion

No community discussion yet for this question.

Full CISSP Practice