CompTIA Network+ Practice Test

What is meant by 'security through obscurity'?

• A. Using limited software licenses to prevent use
• B. Relying on complexity or secrecy instead of solid security practices
• C. Storing security keys in hidden locations
• D. Uncertain security measures that evolve with threats

The correct answer is: Relying on complexity or secrecy instead of solid security practices

The concept of 'security through obscurity' refers to the practice of attempting to protect a system by keeping the details of its implementation hidden, rather than by using strong security measures. This approach can lead to a false sense of security, as it relies on the assumption that if attackers do not know how a system works, they cannot exploit its vulnerabilities. However, if the underlying security practices are weak, simply hiding information will not provide effective protection. This methodology is criticized in the security community because it does not address the real threats; it merely obscures them. True security should be based on robust, well-tested security practices that can withstand attacks, rather than relying on the secrecy of methods or mechanisms. For instance, a system could be well-secured while still being transparent about its design, allowing for peer review and external verification. Other options discussed in the question do not align with the concept of security through obscurity. Limiting software licenses concerns access control and licensing models, while storing security keys in hidden places is more about key management than obscurity. Lastly, evolving security measures relate more to adapting security policies to new threats rather than relying on obscurity.