14 Oct Practice Test Question – Security Principles
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Which one of the following security principles does NOT describe a standard best practice in cybersecurity?
A. Security through obscurity
B. Least privilege
C. Separation of duties
D. Defense in depth
Correct Answer: A
Security through obscurity is an outdated concept that says that the security of a control may depend upon the secrecy of the details of that control’s inner function. Security professionals should not use controls that rely upon security through obscurity. The principles of least privilege, separation of duties, and defense in depth are all sound security practices.
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments