Designing Layered Defense Scenarios
Combine controls into the end-to-end architectures the exam favors.
Defense in Depth
The exam favors defense in depth: multiple independent layers so that if one fails, others still protect the workload.
No single control is enough. The best answer usually combines identity, network, data, and detection controls rather than relying on one.
Layering at the Edge
At the network edge, stack protections:
- Shield absorbs DDoS floods.
- WAF filters malicious web requests.
- CloudFront terminates TLS and shrinks the origin's exposure.
Each layer handles a different threat class.
All lessons in this course
- Connecting the Six Exam Domains
- Designing Layered Defense Scenarios
- Decoding Tricky Scenario Questions
- Your Final Study Plan and Checklist