ExpertEasy1 markMultiple Choice
CPA · Question 10 · Area II: Security
An organization uses a 'defense-in-depth' strategy. Which of the following best represents this approach?
An organization uses a 'defense-in-depth' strategy. Which of the following best represents this approach?
Answer options:
A.
Relying on a single, highly advanced firewall.
B.
Using a firewall, intrusion detection system, and multi-factor authentication simultaneously.
C.
Conducting penetration testing once a year.
D.
Encrypting data only when it is at rest.
How to approach this question
Look for multiple layers of security controls.
Full Answer
B.Using a firewall, intrusion detection system, and multi-factor authentication simultaneously.✓ Correct
Using a firewall, intrusion detection system, and multi-factor authentication simultaneously.
Defense in depth is the coordinated use of multiple security countermeasures to protect information integrity.
Common mistakes
Confusing defense in depth with just having 'good' security.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium