CSA Exam CCZT Topic 2 Question 29 Discussion

Actual exam question for CSA's Certificate of Competence in Zero Trust exam

Question #: 29
Topic #: 2

[All Certificate of Competence in Zero Trust Questions]

Which element of ZT focuses on the governance rules that define

the "who, what, when, how, and why" aspects of accessing target

resources?

APolicy

BData sources

CScrutinize explicitly

DNever trust, always verify

Show Suggested Answer

Suggested Answer: A

Policy is the element of ZT that focuses on the governance rules that define the ''who, what, when, how, and why'' aspects of accessing target resources. Policy is the core component of a ZTA that determines the access decisions and controls for each request based on various attributes and factors, such as user identity, device posture, network location, resource sensitivity, and environmental context. Policy is also the element that enables the ZT principles of ''never trust, always verify'' and ''scrutinize explicitly'' by enforcing granular, dynamic, and data-driven rules for each access request.

Reference=

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2

What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''

Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9

[Zero Trust Frameworks Architecture Guide - Cisco], page 4, section ''Policy Decision Point''

by Reid at Sep 15, 2024, 06:52 AM

Limited Time Offer

25%

Off

Get Premium CCZT Questions as Interactive Web-Based Practice Test or PDF