Which of the following BEST represents a defense in depth concept?
A.
Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security on core switches
B.
Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD) encryption
C.
Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management (PAM), security information and event management (SIEM)
D.
Web application firewall (WAF), Gateway network device tuning, Database firewall, Next-Generation Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning
Answer C)
I went with C because it was the only choice that spanned across different parts of a network. Although the other choices did do various layers of protection, they were aimed at protecting just one thing.
C. is the correct answer. Defense in depth involves layering security controls across various levels, including endpoint, network, application, data, and physical layers. Option C provides a more comprehensive range of security measures that span multiple areas, making it a better representation of a defense in depth approach.
Defense in depth applies multiple safeguards to protect an asset.
Went with B because it has different safeguards including a physical control to protect an endpoint/host.
When answering the questions , use this logic, is there an answer that encompasses another option.
For exam , an end point manager would include a few things mentioned in B to protect the “asset” right?
C is best representation of a defense-in-depth approach, which includes a mix of endpoint, network, monitoring, access management, and security intelligence controls.
A defense-in-depth strategy involves layering diverse controls at different levels like endpoint, network, application, data, and physical layers. Option C provides the broadest range of complementary security tools spanning multiple areas.
Option A focuses just on network protections.
Option B focuses just on endpoint protections.
Option D focuses just on perimeter protections.
Defence indept is more than just the OSI or TCP/IP stack. It involves Protection at all level including physical protection and Administrative protection and not just the technical protection part.
I think C is better. Options B only focused on endpoint security. Other aspects (layers) of the network needs to be covered in case there is endpoint breach
C is correct - Think about the OSI or TCP/IP Model. Defense in depth is the ability to provide security on each one of those 7 or 4 layers. That way if one is bypassed....we still have some defense on the next layer.
Defence indept is more than just the OSI or TCP/IP stack. It involves Protection at all level including physical protection and Administrative protection and not just the technical protection part.
B might be true, defense in depth is a combination of administrative, technical, and physical access controls, which means we need to have three different control, for physical control, we might only have Laptop locks for option B,
Defense in depth has three layers (Admin, Logical, Physical). OSI is a logical layer of the defense in depth. B seems to be a better option as it covers phyical and logical controls, most of the other options only cover logical controls.
Port security on core switches or distribution switches should not be done.
It should be on access switches only.
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
YesPlease
11 months, 1 week agoSoleandheel
11 months, 2 weeks agoshmoeee
1 year agoisaac592
1 year, 1 month agoJBAnalyst
9 months, 2 weeks agoInclusiveSTEAM
1 year, 1 month agoHughJassole
1 year, 5 months agoJamati
2 years agojackdryan
1 year, 6 months agoJamati
2 years agoToyeeb
2 years, 1 month agoabb77
2 years agofranbarpro
2 years, 1 month agoToyeeb
2 years, 1 month agoccmmaa
2 years, 1 month agooudmaster
1 year, 11 months agoJohnyDal
1 year, 9 months agoVino22
2 years, 1 month agooudmaster
1 year, 11 months ago