Comprehensive and Detailed Explanation From Exact Extract:
Defense-in-Depth (DiD) is a layered security strategy referenced in SRE’s discussions of secure infrastructure and resilience. The perimeter layer is responsible for controlling and monitoring traffic flowing into and out of the network from external sources, such as the public Internet. This includes firewalls, intrusion detection systems, load balancers, and boundary network controls.
While SRE focuses primarily on reliability, the SRE Book stresses the importance of resilient system boundaries: “Perimeter protections are critical where external traffic enters the system.” (SRE Book – Security and Infrastructure considerations).
Option C correctly identifies the Perimeter Layer as the network boundary where data flows in/out from other networks—including the Internet.
Option A (Host layer) secures individual machines.
Option B (Physical layer) refers to hardware, power, racks, etc.
Option D (Data layer) protects stored data, not ingress/egress traffic.
Thus, C is correct.
[References:, Site Reliability Engineering, discussions on system boundaries and secure infrastructure., Defense-in-Depth model (industry standard, aligned with SRE security considerations)., , ]
Submit