BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CSA Exam CCZT Topic 2 Question 29 Discussion

Actual exam question for CSA's CCZT exam
Question #: 29
Topic #: 2
[All CCZT Questions]

Which element of ZT focuses on the governance rules that define

the "who, what, when, how, and why" aspects of accessing target

resources?

Show Suggested Answer Hide Answer
Suggested Answer: A

Policy is the element of ZT that focuses on the governance rules that define the ''who, what, when, how, and why'' aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of ''never trust, always verify'' and ''scrutinize explicitly'' by enforcing granular, dynamic, and data-driven rules for each access request.

Reference=

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2

What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''

Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9

[Zero Trust Frameworks Architecture Guide - Cisco], page 4, section ''Policy Decision Point''


by Reid at Sep 15, 2024, 06:52 AM

Limited Time Offer

25%

Off

Get Premium CCZT Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Nan
19 days ago
Wait, is the answer 'Scrutinize explicitly'? Because that's what I do with my ex's social media posts. Zero trust, you know?
upvoted 0 times
...
Mike
20 days ago
This is a piece of cake! Policy is the answer, no doubt. It's the 'rulebook' of zero trust.
upvoted 0 times
...
Meaghan
21 days ago
Policy, for sure. It's the foundation of zero trust, like the constitution for a country.
upvoted 0 times
...
Carissa
24 days ago
Definitely 'Never trust, always verify'. Isn't that the whole point of zero trust? Verify everything before allowing access.
upvoted 0 times
Cyril
3 days ago
D) Never trust, always verify
upvoted 0 times
...
Viki
6 days ago
C) Scrutinize explicitly
upvoted 0 times
...
Reena
9 days ago
B) Data sources
upvoted 0 times
...
Colene
14 days ago
A) Policy
upvoted 0 times
...
...
Jolanda
27 days ago
Hmm, I'm not sure. Maybe it's Data sources? That could be where the 'who, what, when, how, and why' information is stored.
upvoted 0 times
...
Maybelle
30 days ago
I think it's Policy. That's the element that defines the governance rules for accessing resources.
upvoted 0 times
Lorrine
3 days ago
Yes, Policy defines the 'who, what, when, how, and why' aspects of accessing resources.
upvoted 0 times
...
Son
14 days ago
I agree, Policy is the element that focuses on governance rules.
upvoted 0 times
...
...
Glendora
1 months ago
Haha, I bet the answer is C) Scrutinize explicitly. That's the only one that sounds like it could be related to governance rules. Or maybe it's just a trick question and the answer is 'all of the above'?
upvoted 0 times
...
Quinn
1 months ago
Hmm, I'm not sure. Maybe it's D) Never trust, always verify. Isn't that the whole point of zero trust architecture?
upvoted 0 times
Dallas
6 days ago
So, the answer is D) Never trust, always verify.
upvoted 0 times
...
Cherry
9 days ago
Yes, that's correct. Zero trust is all about not trusting anything by default.
upvoted 0 times
...
Flo
20 days ago
I think you're right. It's all about verifying everything before granting access.
upvoted 0 times
...
...
Gwenn
1 months ago
I think it's A) Policy. The governance rules that define the 'who, what, when, how, and why' aspects of accessing resources are all about policy.
upvoted 0 times
Jamal
6 days ago
I'm leaning towards B) Data sources.
upvoted 0 times
...
Corinne
7 days ago
I believe it's C) Scrutinize explicitly.
upvoted 0 times
...
Margot
14 days ago
I think it might be D) Never trust, always verify.
upvoted 0 times
...
Gregoria
17 days ago
I agree, it's definitely A) Policy.
upvoted 0 times
...
...
Blossom
1 months ago
I'm not sure, but I think it could also be D) Never trust, always verify, as it emphasizes the importance of verifying access.
upvoted 0 times
...
Paola
2 months ago
I agree with Laine, because policies define the rules for accessing resources.
upvoted 0 times
...
Laine
2 months ago
I think the answer is A) Policy.
upvoted 0 times
...

Save Cancel