Exam CISM topic 1 question 186 discussion

B is the correct answer, A just mentions separate controls for platforms and programs. This is not a example of Layered defense. In regard to B, we havet Authentication as a example and 3 types of controls applied to it. This is considered Layered.

The correct answer is A. Separate security controls for applications, platforms, programs, and endpoints. Explanation: Defense in depth is a comprehensive strategy that involves implementing multiple layers of security controls at various levels within an organization's IT infrastructure. Given the scenario of adopting a hybrid data infrastructure and transferring non-core applications to cloud service providers while maintaining core business functions in-house, applying a defense in depth strategy would involve creating multiple layers of security controls to safeguard the organization's assets. Option A is the most aligned with the principles of defense in depth, as it suggests having separate security controls for different components of the IT environment, including applications, platforms, programs, and endpoints. This approach ensures that even if one layer of security is breached, other layers provide protection.

A: es defensa en profundidad. Que inlcuye la b.

Additional Layer of protection. Example, MFA is additional protection for login

A. Separate security controls for applications, platforms, programs, and endpoints

this is defense in depth, which is a holistic approach. not only one slide of the problem.

Defense in depth strategy of keeping the CIA of an information asset is both a holistic and comprehensive method of securing applications, programs, platforms and endpoints.

A. Separate security controls for applications, platforms, programs, and endpoints best describes the defense in depth strategy. Defense in depth strategy is a security approach that uses multiple layers of security controls to protect an organization's infrastructure. It is used to protect against various types of threats and vulnerabilities by creating multiple barriers that an attacker must bypass before reaching the target. In this context, implementing separate security controls for applications, platforms, programs, and endpoints allows the organization to protect different aspects of its hybrid data infrastructure, which is composed of cloud and on-premises components. This approach can include different security solutions to provide different layers of protection, such as firewalls, intrusion detection systems, intrusion prevention systems, security information and event management (SIEM) systems, encryption, and access controls, among others. It can be used to protect the infrastructure, data, and applications, and help the organization to achieve a high level of security and compliance.

A is correct

depth strategy means A.