A security architect is briefing a board on the difference between defence in depth and zero trust as guiding design principles for a new corporate platform. Which statement BEST captures the conceptual distinction between the two?
- ADefence in depth layers independent controls so that the failure of any single control does not breach the asset, whereas zero trust removes implicit trust based on network location and continuously verifies each subject, device, and request. Correct
- BDefence in depth is a network segmentation technique that encrypts traffic between tiers, while zero trust is a procurement requirement that all suppliers attest to their secure software development practices.
- CDefence in depth replaces perimeter firewalls with identity-aware proxies, while zero trust focuses on encrypting data at rest and in transit at every storage tier.
- DDefence in depth and zero trust are interchangeable terms describing layered authentication, with defence in depth being the older vendor label and zero trust being the modern one.
Why A is correct: This correctly frames defence in depth as a layered-controls strategy whose value is failure tolerance, while zero trust is a trust model that replaces network-perimeter assumptions with per-request verification of identity, device posture, and context.
Why B is wrong: This is tempting because both ideas are often discussed alongside segmentation and supply-chain trust, but defence in depth is a broader layered-controls strategy not limited to network segmentation, and zero trust is a security model rather than a procurement clause.
Why C is wrong: This inverts the two concepts: identity-aware proxies are typical of zero trust enforcement, and ubiquitous encryption is a cryptographic control rather than the essence of either principle.
Why D is wrong: Candidates sometimes treat the terms as synonyms because both involve multiple checks, but they describe different ideas: layered independent controls versus an architectural trust model with no implicit network trust.