CSA Exam CCZT Topic 1 Question 2 Discussion

Log collection is an essential component of ZTA, as it provides the data needed to monitor, audit, and improve the security posture of the network. By collecting logs from different sources, such as devices, applications, firewalls, gateways, and policies, ZTA can support various functions, such as:

Change management: Logs can help track and document any changes made to the network configuration, policies, or resources, and assess their impact on the security and performance of the network.Logs can also help identify and revert any unauthorized or erroneous changes that may compromise the network integrity1.

Incident management: Logs can help detect and respond to any security incidents, such as breaches, attacks, or anomalies, that may occur in the network.Logs can provide the evidence and context needed to investigate the root cause, scope, and impact of the incident, and to take appropriate remediation actions2.

Visibility and analytics: Logs can help provide a comprehensive and granular view of the network activity, performance, and behavior. Logs can be used to generate dashboards, reports, and alerts that can help measure and improve the network security and efficiency.Logs can also be used to apply advanced analytics techniques, such as machine learning, to identify patterns, trends, and insights that can help optimize the network operations and security3.

Reference=

Zero Trust Architecture: Data Sources

Zero Trust Architecture: Incident Response

Zero Trust Architecture: Visibility and Analytics