This option best illustrates the principle of "Defense in Depth," where multiple security layers work together. Network security provides the first line of defense by inspecting and filtering traffic at the network perimeter, aiming to block threats before they reach any device. Endpoint security provides a critical second layer of defense directly on the device (e.g., a laptop or server). If a threat bypasses the network controls (for instance, via encrypted traffic or a zero-day exploit), the endpoint security solution (like an antivirus or EDR agent) is positioned to detect and prevent the malicious code from executing and causing harm.

A. Network security's primary function is to protect against cyber threats, not hardware failures, which are addressed by infrastructure resilience and availability measures.

B. This presents a false dichotomy. Both security layers address internal and external threats; they are not exclusively dedicated to one or the other.

C. The roles described are reversed. Network security tools monitor traffic flows, while endpoint security solutions are responsible for scanning the individual host device.

1. Stallings, W., & Brown, L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. In Chapter 8, "Firewalls and Intrusion Prevention Systems," the text describes network-level boundary protection. In Chapter 9, "Malicious Software," it details host-based (endpoint) countermeasures like antivirus, illustrating how network defenses block incoming attacks while endpoint defenses handle malware that reaches the host. This demonstrates the complementary relationship described in option D.

2. Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security (3rd ed.). Jones & Bartlett Learning. Chapter 5, "Network Security," and Chapter 6, "Host Security," explicitly detail this layered approach. Network security (e.g., firewalls) is defined as protecting the network boundary, while host security (endpoint) is defined as protecting individual systems from threats that may have passed through the network, such as malware execution.

3. Carnegie Mellon University, Software Engineering Institute. (2007). Governing for Enterprise Security (GES) Executive Summary (CMU/SEI-2007-TN-020). p. 10. The document discusses a layered defense model, stating, "Perimeter defenses protect the network from the outside... Host-level security protects each individual computer." This directly supports the concept of network security blocking external traffic and endpoint security protecting the device itself.