AP Cybersecurity Unit 2 Lesson 2 Quiz
Lesson 2.2 Quiz: Defense-in-Depth
5 questions — Demonstrate your understanding of layered security architecture
Catalyst Biotech Labs is designing a defense-in-depth strategy to protect $400M in gene therapy research. The security team must justify every layer to the budget committee, explaining what each layer protects against and why it is needed even when other layers exist.
(A) Incorrect — cost savings are not a security justification for layered defense.
(C) Incorrect — antivirus does not improve performance; it provides malware detection.
(D) Incorrect — vendor bundle pricing is a procurement decision, not a security justification.
(B) Incorrect — no security architecture guarantees invulnerability; defense-in-depth increases difficulty and detection probability.
(C) Incorrect — each layer should be as effective as possible; partial effectiveness at every layer is not the design goal.
(D) Incorrect — while due diligence matters legally, defense-in-depth is a security strategy, not a legal strategy.
(A) Incorrect — cameras and badge readers are physical; penetration testing and visitor logs are administrative; only encryption and IDS are technical.
(B) Incorrect — penetration testing (a scheduled assessment procedure) and visitor sign-in logs (a policy requirement) are administrative controls.
(D) Incorrect — individual controls compose defense-in-depth layers when deployed together across multiple categories.
(A) Incorrect — while least privilege is relevant, the scenario specifically illustrates the danger of an unprotected layer.
(C) Incorrect — separation of duties is about dividing responsibilities, not about security awareness training.
(D) Incorrect — defense-in-depth requires ALL layers to be addressed; strong technical controls cannot fully compensate for zero human-layer protection.
(A) Incorrect — there is no universal “sufficient” number of layers; adequacy depends on context.
(C) Incorrect — the OSI model describes networking layers, not security layers; there is no requirement to match them.
(D) Incorrect — defense-in-depth is proactive; waiting until after a breach to add layers is reactive and inadequate.
AP® is a registered trademark of the College Board, which was not involved in the production of this content.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]