Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 200-201 Topic 3 Question 91 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 91
Topic #: 3
[All 200-201 Questions]

Which of these is a defense-in-depth strategy principle?

Show Suggested Answer Hide Answer
Suggested Answer: C

Defense-in-depth is a layered security strategy that aims to protect information and resources through multiple security measures.

One of its key principles is the concept of least privilege, which means providing users and systems with the minimum level of access necessary to perform their job functions.

By assigning only the necessary permissions, the attack surface is reduced, and the potential damage from a compromised account or system is minimized.

This principle helps in mitigating the risk of unauthorized access and limits the capabilities of an attacker if they gain access to an account.


Defense-in-Depth Strategy by NIST

Principle of Least Privilege in Cybersecurity

Layered Security Approach Explained

Contribute your Thoughts:

Mauricio
4 months ago
D seems like the odd one out here. Disabling admin accounts? That's just basic, not defense-in-depth.
upvoted 0 times
Lindsey
3 months ago
B) Assign the least network privileges to segment network permissions.
upvoted 0 times
...
Dalene
4 months ago
A) identify the minimum resource required per employee.
upvoted 0 times
...
...
Dominga
4 months ago
I think D) is important too, but C) is more about limiting access to what's necessary.
upvoted 0 times
...
Matthew
4 months ago
Haha, I bet the answer is 'all of the above'. Security people love layering on the controls!
upvoted 0 times
Ernest
4 months ago
D) Disable administrative accounts to avoid unauthorized changes.
upvoted 0 times
...
Thaddeus
4 months ago
C) Provide the minimum permissions needed to perform Job functions.
upvoted 0 times
...
Dannette
4 months ago
B) Assign the least network privileges to segment network permissions.
upvoted 0 times
...
Judy
4 months ago
A) identify the minimum resource required per employee.
upvoted 0 times
...
...
Marica
5 months ago
I'm not sure, but D) Disable administrative accounts also sounds like a good defense strategy.
upvoted 0 times
...
Iraida
5 months ago
I agree with Eladia, C) makes sense for defense-in-depth strategy.
upvoted 0 times
...
Hyun
5 months ago
I'm going with C. Giving the minimum permissions needed is a classic security principle.
upvoted 0 times
Kiley
3 months ago
Assigning the least network privileges can also help in segmenting network permissions.
upvoted 0 times
...
Laurel
3 months ago
I think disabling administrative accounts is also important to prevent unauthorized changes.
upvoted 0 times
...
Vincent
3 months ago
I agree, giving minimum permissions is crucial for security.
upvoted 0 times
...
Desmond
4 months ago
C and D both sound like good strategies to me.
upvoted 0 times
...
Dominque
4 months ago
I think D is also important, disabling admin accounts can prevent unauthorized changes.
upvoted 0 times
...
Haley
4 months ago
I agree, C is definitely a key defense-in-depth strategy principle.
upvoted 0 times
...
...
Eladia
5 months ago
I think the answer is C) Provide the minimum permissions needed to perform Job functions.
upvoted 0 times
...
Shaun
5 months ago
I think B is the right answer. Segmenting network permissions is a key part of defense-in-depth.
upvoted 0 times
Ira
4 months ago
It's important to consider all these principles for a strong defense-in-depth strategy.
upvoted 0 times
...
Beckie
4 months ago
D is also a good strategy, disabling administrative accounts can prevent unauthorized changes.
upvoted 0 times
...
Annice
4 months ago
I think C is also important, providing minimum permissions needed for job functions.
upvoted 0 times
...
Noel
5 months ago
I agree, segmenting network permissions is crucial for defense-in-depth.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77