Exam CISM topic 1 question 186 discussion

Normally, each platform should have separate security controls! A does not specify what controls these are. To meet the defence in depth requirement, it has to be different types of controls NOT just separateed. For all you know the separate controls are multiple instance of a single control type. But to be defence in depth it has to be different types of controls layered. i.e Firewalls, 2FA, OTP, Encryption in flight and at rest. complex passwords, rate limitng and times outs. so B make a lot more sense

The best description of a defense in depth strategy for an organization adopting a hybrid data infrastructure is D. Strict enforcement of RBAC

B is the correct answer, A just mentions separate controls for platforms and programs. This is not a example of Layered defense. In regard to B, we havet Authentication as a example and 3 types of controls applied to it. This is considered Layered.

The correct answer is A. Separate security controls for applications, platforms, programs, and endpoints. Explanation: Defense in depth is a comprehensive strategy that involves implementing multiple layers of security controls at various levels within an organization's IT infrastructure. Given the scenario of adopting a hybrid data infrastructure and transferring non-core applications to cloud service providers while maintaining core business functions in-house, applying a defense in depth strategy would involve creating multiple layers of security controls to safeguard the organization's assets. Option A is the most aligned with the principles of defense in depth, as it suggests having separate security controls for different components of the IT environment, including applications, platforms, programs, and endpoints. This approach ensures that even if one layer of security is breached, other layers provide protection.

A: es defensa en profundidad. Que inlcuye la b.

Additional Layer of protection. Example, MFA is additional protection for login

A. Separate security controls for applications, platforms, programs, and endpoints

this is defense in depth, which is a holistic approach. not only one slide of the problem.

Defense in depth strategy of keeping the CIA of an information asset is both a holistic and comprehensive method of securing applications, programs, platforms and endpoints.

A. Separate security controls for applications, platforms, programs, and endpoints best describes the defense in depth strategy. Defense in depth strategy is a security approach that uses multiple layers of security controls to protect an organization's infrastructure. It is used to protect against various types of threats and vulnerabilities by creating multiple barriers that an attacker must bypass before reaching the target. In this context, implementing separate security controls for applications, platforms, programs, and endpoints allows the organization to protect different aspects of its hybrid data infrastructure, which is composed of cloud and on-premises components. This approach can include different security solutions to provide different layers of protection, such as firewalls, intrusion detection systems, intrusion prevention systems, security information and event management (SIEM) systems, encryption, and access controls, among others. It can be used to protect the infrastructure, data, and applications, and help the organization to achieve a high level of security and compliance.

A is correct

depth strategy means A.