Question 38
Domain 4 — Technology, Security, and Resilience ControlsWhat is layered security (defense in depth)?
Correct answer: B
Explanation
Layered security, or defense in depth, means using multiple security controls at different levels so one safeguard backs up another. This approach reduces risk because if one control fails, "multiple overlapping security controls" still protect the system.
Why each option is right or wrong
A. Using only one strong control
B. Implementing multiple overlapping security controls
Defense in depth is the standard security architecture described in NIST SP 800-53 and NIST SP 800-12, where protection is built from several independent safeguards rather than a single barrier. In practice, that means controls at multiple layers—such as physical, network, host, application, and administrative—so if one control is bypassed, the others still limit access or damage.
C. Focusing only on perimeter security
D. Relying solely on employee training