PrepAway - Latest Free Exam Questions & Answers

Which statement below is accurate about the reasons to implement a layered security architecture?

Which statement below is accurate about the reasons to implement a layered security architecture?

PrepAway - Latest Free Exam Questions & Answers

A.
A layered approach doesn’t really improve the security posture of the organization.

B.
A layered security approach is intended to increase the work-factor for an attacker.

C.
A good packet-filtering router will eliminate the need to implement a layered security
architecture.

D.
A layered security approach is not necessary when using COTS products.

Explanation:
Security designs should consider a layered approach to address or protect against a specific threat or
to reduce a vulnerability. For example, the use of a packet-filtering router in conjunction with an
application gateway and an intrusion detection system combine to increase the work-factor an
attacker must expend to successfully attack the system. The need for layered protections is
important when commercialoffthe- shelf (COTS) products are used. The current state-of-the-art for
security quality in COTS products do not provide a high degree of protection against sophisticated
attacks. It is possible to help mitigate this situation by placing several controls in levels, requiring
additional work by attackers to accomplish their goals. Source: NIST Special Publication 800-27,
Engineering Principles for Information Technology Security (A Baseline for Achieving Security).


Leave a Reply