Certified Ethical Hacker (CEH v13) — Question 63

Given the complexities of an organization’s network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH). you are tasked with enhancing the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?

Answer options

• A. Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization.
• B. Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack.
• C. Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems.
• D. Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.

Correct answer: B

Explanation

The correct answer is B, as a Defense-in-Depth strategy effectively utilizes multiple layers of security to protect against various threats, making it harder for attackers to breach the system. While A, C, and D are important elements of security, they do not offer the same comprehensive layered defense that B provides, which is essential in counteracting sophisticated attacks.