New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CSA Exam CCZT Topic 2 Question 29 Discussion

Actual exam question for CSA's CCZT exam
Question #: 29
Topic #: 2
[All CCZT Questions]

Which element of ZT focuses on the governance rules that define

the "who, what, when, how, and why" aspects of accessing target

resources?

Show Suggested Answer Hide Answer
Suggested Answer: A

Policy is the element of ZT that focuses on the governance rules that define the ''who, what, when, how, and why'' aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of ''never trust, always verify'' and ''scrutinize explicitly'' by enforcing granular, dynamic, and data-driven rules for each access request.

Reference=

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2

What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''

Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9

[Zero Trust Frameworks Architecture Guide - Cisco], page 4, section ''Policy Decision Point''


Contribute your Thoughts:

Nan
2 months ago
Wait, is the answer 'Scrutinize explicitly'? Because that's what I do with my ex's social media posts. Zero trust, you know?
upvoted 0 times
...
Mike
2 months ago
This is a piece of cake! Policy is the answer, no doubt. It's the 'rulebook' of zero trust.
upvoted 0 times
...
Meaghan
2 months ago
Policy, for sure. It's the foundation of zero trust, like the constitution for a country.
upvoted 0 times
...
Carissa
2 months ago
Definitely 'Never trust, always verify'. Isn't that the whole point of zero trust? Verify everything before allowing access.
upvoted 0 times
Cyril
1 months ago
D) Never trust, always verify
upvoted 0 times
...
Viki
1 months ago
C) Scrutinize explicitly
upvoted 0 times
...
Reena
1 months ago
B) Data sources
upvoted 0 times
...
Colene
1 months ago
A) Policy
upvoted 0 times
...
...
Jolanda
2 months ago
Hmm, I'm not sure. Maybe it's Data sources? That could be where the 'who, what, when, how, and why' information is stored.
upvoted 0 times
...
Maybelle
2 months ago
I think it's Policy. That's the element that defines the governance rules for accessing resources.
upvoted 0 times
Helaine
28 days ago
Policy is crucial for setting the rules on accessing target resources.
upvoted 0 times
...
Lorrine
1 months ago
Yes, Policy defines the 'who, what, when, how, and why' aspects of accessing resources.
upvoted 0 times
...
Son
1 months ago
I agree, Policy is the element that focuses on governance rules.
upvoted 0 times
...
...
Glendora
2 months ago
Haha, I bet the answer is C) Scrutinize explicitly. That's the only one that sounds like it could be related to governance rules. Or maybe it's just a trick question and the answer is 'all of the above'?
upvoted 0 times
...
Quinn
2 months ago
Hmm, I'm not sure. Maybe it's D) Never trust, always verify. Isn't that the whole point of zero trust architecture?
upvoted 0 times
Dallas
1 months ago
So, the answer is D) Never trust, always verify.
upvoted 0 times
...
Cherry
1 months ago
Yes, that's correct. Zero trust is all about not trusting anything by default.
upvoted 0 times
...
Flo
2 months ago
I think you're right. It's all about verifying everything before granting access.
upvoted 0 times
...
...
Gwenn
2 months ago
I think it's A) Policy. The governance rules that define the 'who, what, when, how, and why' aspects of accessing resources are all about policy.
upvoted 0 times
Jamal
1 months ago
I'm leaning towards B) Data sources.
upvoted 0 times
...
Corinne
1 months ago
I believe it's C) Scrutinize explicitly.
upvoted 0 times
...
Margot
1 months ago
I think it might be D) Never trust, always verify.
upvoted 0 times
...
Gregoria
2 months ago
I agree, it's definitely A) Policy.
upvoted 0 times
...
...
Blossom
3 months ago
I'm not sure, but I think it could also be D) Never trust, always verify, as it emphasizes the importance of verifying access.
upvoted 0 times
...
Paola
3 months ago
I agree with Laine, because policies define the rules for accessing resources.
upvoted 0 times
...
Laine
3 months ago
I think the answer is A) Policy.
upvoted 0 times
...

Save Cancel