Which statement best describes defense in depth in the context of Annex F controls?

Defense in depth means protecting assets with multiple controls layered across different areas so that no single defense stands alone. The statement that best describes this idea is that security is achieved through multiple overlapping controls at different layers to reduce single points of failure. In Annex F contexts, this involves mixing preventive, detective, and corrective measures across people, processes, technology, and physical security, so if one control is bypassed or fails, others still protect the system. For example, combining strong authentication, network segmentation, encryption, continuous monitoring, access controls, security awareness training, and regular backups creates resilience because security relies on more than one line of defense. Relying on a single, strong control would leave a single point of failure; focusing only on preventive controls ignores the need to detect and respond to incidents; and placing all controls within the IT department neglects the broader organizational and physical layers that defense in depth requires.