Exam SY0-501 topic 1 question 82 discussion

D is a good answer until you read this "that allow user domain segmentation"

control diversity- overlapping protection= keyword

If you have done networking, c makes sense

Is it C or D? I hope I won't have this question in the real exam.

A and C refer to technical controls only, no other types i.e. not defense in depth. B is incorrect too as having multiple copies isnt DiD either. Defense in depth is having layers of different control types e.g. technical, physical, administrative etc. So that only really leaves D, although the domain segmentation is a bit offputting

I think it's C. D says domain segmentation which doesn't make sense in this context. Control diversity allows you to use different types of technical, administrative, and physical controls to add layers of protection.

Moderator, another one to correct

I believe C was answer, D too specific on only NW layered security

C is the only answer that makes sense to me. Control diversity = using physical, administrative, technical controls, etc together to provide layered security or defense in depth. Overlapping protection is the goal, the other answers point too specifically to one aspect of defense.

C: seems to be the best answer; "Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls. For example, technical security controls such as firewalls, intrusion detection systems (IDSs), and proxy servers help protect a network. Physical security controls can provide extra protection for the server room or other areas where these devices are located. Administrative controls such as vulnerability assessments and penetration tests can help verify that these controls are working as expected."

C. A google search for "domain segmentation" and "control diversity" yielded zero results. But I did find the following information: Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls. If one mechanism fails, another steps up immediately to thwart an attack. (Overlapping)

Correct answer D - Defence of depth relies on multiple layered security.. https://www.imperva.com/learn/application-security/defense-in-depth/

I think C is the answer. Defense-in-depth overlapping protection is most important.

None of them is right. Too aspected.

I think it should be either C or D. I do not understand D. What does user domain segmentation mean?