SANS SEC530 Defensible Security Architecture
and Engineering Exam (Latest Update 2025 /
2026) Questions & Answers with Rationales|
100% Correct | Grade.
1.
Which of the following best describes the goal of a defensible security architecture?
A. Prevent every attack before it reaches the endpoint
B. Ensure that every system uses identical configurations
C. Design layered controls that can detect, contain, and recover from attacks
D. Eliminate the need for monitoring
Answer: C
Rationale: Defensible architectures assume compromise is possible and build layered
detection and containment capabilities.
2.
Which security model uses multiple independent levels of security (MILS) to isolate
components?
A. Bell-LaPadula
B. Clark-Wilson
C. Biba
D. MILS architecture
Answer: D
Rationale: MILS provides strong separation between trusted and untrusted components
to ensure containment.
3.
,A Zero-Trust network relies primarily on:
A. Firewall ACLs between VLANs
B. Implicit internal trust
C. Continuous verification and least privilege
D. Air-gapped internal segments
Answer: C
Rationale: Zero Trust = never trust, always verify; every connection is validated and
authorized dynamically.
4.
Which security framework emphasizes mapping defenses to attack stages?
A. ISO 27001
B. MITRE ATT&CK
C. NIST SP 800-53
D. COBIT
Answer: B
Rationale: MITRE ATT&CK catalogs adversary tactics/techniques, enabling detection and
control mapping.
5.
The concept of “defense in depth” means:
A. Deploying multiple controls across different layers
B. Using identical controls for redundancy
C. Relying only on antivirus and firewalls
D. Focusing on perimeter controls
Answer: A
Rationale: Multiple diverse controls at each layer reduce single-point failures.
6.
Which network segmentation principle most improves containment?
A. Flat VLAN design
, B. Micro-segmentation with identity-based access
C. Macro-segmentation only by geography
D. Single shared subnet for all assets
Answer: B
Rationale: Micro-segmentation reduces lateral movement via per-workload access
enforcement.
7.
Which technology provides integrity assurance for boot components?
A. TPM-based secure boot
B. BIOS password
C. Full-disk encryption
D. VPN
Answer: A
Rationale: TPM verifies signatures of boot loaders and firmware to ensure trusted
startup.
8.
A defensible architecture assumes:
A. Perfect patch management
B. No insider threats
C. Compromise will happen
D. Attacks are rare
Answer: C
Rationale: Planning for inevitable compromise drives resilience.
9.
What is the main advantage of network choke points?
A. Easier bypass by attackers
B. Centralized inspection and control
and Engineering Exam (Latest Update 2025 /
2026) Questions & Answers with Rationales|
100% Correct | Grade.
1.
Which of the following best describes the goal of a defensible security architecture?
A. Prevent every attack before it reaches the endpoint
B. Ensure that every system uses identical configurations
C. Design layered controls that can detect, contain, and recover from attacks
D. Eliminate the need for monitoring
Answer: C
Rationale: Defensible architectures assume compromise is possible and build layered
detection and containment capabilities.
2.
Which security model uses multiple independent levels of security (MILS) to isolate
components?
A. Bell-LaPadula
B. Clark-Wilson
C. Biba
D. MILS architecture
Answer: D
Rationale: MILS provides strong separation between trusted and untrusted components
to ensure containment.
3.
,A Zero-Trust network relies primarily on:
A. Firewall ACLs between VLANs
B. Implicit internal trust
C. Continuous verification and least privilege
D. Air-gapped internal segments
Answer: C
Rationale: Zero Trust = never trust, always verify; every connection is validated and
authorized dynamically.
4.
Which security framework emphasizes mapping defenses to attack stages?
A. ISO 27001
B. MITRE ATT&CK
C. NIST SP 800-53
D. COBIT
Answer: B
Rationale: MITRE ATT&CK catalogs adversary tactics/techniques, enabling detection and
control mapping.
5.
The concept of “defense in depth” means:
A. Deploying multiple controls across different layers
B. Using identical controls for redundancy
C. Relying only on antivirus and firewalls
D. Focusing on perimeter controls
Answer: A
Rationale: Multiple diverse controls at each layer reduce single-point failures.
6.
Which network segmentation principle most improves containment?
A. Flat VLAN design
, B. Micro-segmentation with identity-based access
C. Macro-segmentation only by geography
D. Single shared subnet for all assets
Answer: B
Rationale: Micro-segmentation reduces lateral movement via per-workload access
enforcement.
7.
Which technology provides integrity assurance for boot components?
A. TPM-based secure boot
B. BIOS password
C. Full-disk encryption
D. VPN
Answer: A
Rationale: TPM verifies signatures of boot loaders and firmware to ensure trusted
startup.
8.
A defensible architecture assumes:
A. Perfect patch management
B. No insider threats
C. Compromise will happen
D. Attacks are rare
Answer: C
Rationale: Planning for inevitable compromise drives resilience.
9.
What is the main advantage of network choke points?
A. Easier bypass by attackers
B. Centralized inspection and control
