The defense-in-depth model recommends:
AInvesting all security budget into one extremely strong layer (usually the firewall) and ignoring the others
BReplacing every encryption algorithm every 90 days regardless of need
CDeleting all logs to prevent attackers from learning the environment
DLayering multiple independent security controls — physical, identity, network, compute, application, data — so a single failure doesn't compromise the whole stack
Answer & Solution
Correct answer: D. Layering multiple independent security controls — physical, identity, network, compute, application, data — so a single failure doesn't compromise the whole stack
Defense-in-depth = multiple layers, so an attacker who breaks one still faces several more. Investing in a single layer is the anti-pattern; deleting logs and panicked crypto-rotation aren't part of the model.
Related questions
An administrator wants to grant a contractor read-only access to ONE specific resource groWhich Microsoft Entra capability adds a second authentication factor like an AuthenticatorMicrosoft Defender for Cloud is best described as:The Zero Trust security model is based on which guiding principle?Microsoft Entra Domain Services differs from Microsoft Entra ID in that Domain Services:Microsoft Entra B2B (external identities) is designed to let an organisation:Azure role-based access control (RBAC) grants permissions by combining three things. WhichPasswordless authentication on Microsoft Entra typically replaces the password with which