Certified Information Systems Security Professional (CISSP) — Question 39

Which of the following BEST represents a defense in depth concept?

Answer options

• A. Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security on core switches
• B. Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD) encryption
• C. Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management (PAM), security information and event management (SIEM)
• D. Web application firewall (WAF), Gateway network device tuning, Database firewall, Next-Generation Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning

Correct answer: C

Explanation

Option C is the correct answer as it includes multiple layers of security measures that work together to protect endpoints and manage access effectively, which is the essence of defense in depth. The other options, while they contain security components, do not provide a comprehensive multi-layered approach like option C does.