ExpertEasy1 markMultiple Choice
CPA · Question 24 · Area II: Security
Which of the following best describes the concept of 'Defense in Depth'?
Which of the following best describes the concept of 'Defense in Depth'?
Answer options:
A.
Using the strongest possible encryption for all data.
B.
Relying on a perimeter firewall to block all threats.
C.
Conducting annual penetration tests.
D.
Implementing multiple layered controls (physical, technical, administrative) so that if one fails, others remain.
How to approach this question
Look for 'layers' or 'multiple' controls. The castle analogy: Moat + Wall + Guards + Keep.
Full Answer
D.Implementing multiple layered controls (physical, technical, administrative) so that if one fails, others remain.✓ Correct
D
Defense in Depth is a security strategy that employs a series of mechanisms to slow the advance of an attack. If one layer (e.g., firewall) is breached, others (e.g., endpoint protection, MFA) are there to stop the threat.
Common mistakes
Thinking one really strong control equals defense in depth.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard