Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CSA Exam CCZT Topic 2 Question 29 Discussion

Actual exam question for CSA's CCZT exam
Question #: 29
Topic #: 2
[All CCZT Questions]

Which element of ZT focuses on the governance rules that define

the "who, what, when, how, and why" aspects of accessing target

resources?

Show Suggested Answer Hide Answer
Suggested Answer: A

Policy is the element of ZT that focuses on the governance rules that define the ''who, what, when, how, and why'' aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of ''never trust, always verify'' and ''scrutinize explicitly'' by enforcing granular, dynamic, and data-driven rules for each access request.

Reference=

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2

What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''

Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9

[Zero Trust Frameworks Architecture Guide - Cisco], page 4, section ''Policy Decision Point''


by Reid at Sep 15, 2024, 06:52 AM

Limited Time Offer

25%

Off

Get Premium CCZT Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Nan
1 months ago
Wait, is the answer 'Scrutinize explicitly'? Because that's what I do with my ex's social media posts. Zero trust, you know?
upvoted 0 times
...
Mike
2 months ago
This is a piece of cake! Policy is the answer, no doubt. It's the 'rulebook' of zero trust.
upvoted 0 times
...
Meaghan
2 months ago
Policy, for sure. It's the foundation of zero trust, like the constitution for a country.
upvoted 0 times
...
Carissa
2 months ago
Definitely 'Never trust, always verify'. Isn't that the whole point of zero trust? Verify everything before allowing access.
upvoted 0 times
Cyril
29 days ago
D) Never trust, always verify
upvoted 0 times
...
Viki
1 months ago
C) Scrutinize explicitly
upvoted 0 times
...
Reena
1 months ago
B) Data sources
upvoted 0 times
...
Colene
1 months ago
A) Policy
upvoted 0 times
...
...
Jolanda
2 months ago
Hmm, I'm not sure. Maybe it's Data sources? That could be where the 'who, what, when, how, and why' information is stored.
upvoted 0 times
...
Maybelle
2 months ago
I think it's Policy. That's the element that defines the governance rules for accessing resources.
upvoted 0 times
Helaine
23 days ago
Policy is crucial for setting the rules on accessing target resources.
upvoted 0 times
...
Lorrine
29 days ago
Yes, Policy defines the 'who, what, when, how, and why' aspects of accessing resources.
upvoted 0 times
...
Son
1 months ago
I agree, Policy is the element that focuses on governance rules.
upvoted 0 times
...
...
Glendora
2 months ago
Haha, I bet the answer is C) Scrutinize explicitly. That's the only one that sounds like it could be related to governance rules. Or maybe it's just a trick question and the answer is 'all of the above'?
upvoted 0 times
...
Quinn
2 months ago
Hmm, I'm not sure. Maybe it's D) Never trust, always verify. Isn't that the whole point of zero trust architecture?
upvoted 0 times
Dallas
1 months ago
So, the answer is D) Never trust, always verify.
upvoted 0 times
...
Cherry
1 months ago
Yes, that's correct. Zero trust is all about not trusting anything by default.
upvoted 0 times
...
Flo
2 months ago
I think you're right. It's all about verifying everything before granting access.
upvoted 0 times
...
...
Gwenn
2 months ago
I think it's A) Policy. The governance rules that define the 'who, what, when, how, and why' aspects of accessing resources are all about policy.
upvoted 0 times
Jamal
1 months ago
I'm leaning towards B) Data sources.
upvoted 0 times
...
Corinne
1 months ago
I believe it's C) Scrutinize explicitly.
upvoted 0 times
...
Margot
1 months ago
I think it might be D) Never trust, always verify.
upvoted 0 times
...
Gregoria
1 months ago
I agree, it's definitely A) Policy.
upvoted 0 times
...
...
Blossom
2 months ago
I'm not sure, but I think it could also be D) Never trust, always verify, as it emphasizes the importance of verifying access.
upvoted 0 times
...
Paola
3 months ago
I agree with Laine, because policies define the rules for accessing resources.
upvoted 0 times
...
Laine
3 months ago
I think the answer is A) Policy.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77