CCZT Online Practice Questions and Answers

Correct Answer: B

(Configuring the security assertion markup language (SAML) service provider only to accept requests from the designated ZT gateway) Explanation: Configuring SAML to accept requests only from the designated ZT gateway ensures that all access requests are authenticated and authorized appropriately. References: Zero Trust Architecture related sources including NIST

Correct Answer: D

The protect surface in a ZTA is the collection of sensitive data, assets, applications, and services (DAAS) that require protection from threats1. One benefit of the protect surface in a ZTA for an organization implementing controls is that it allows the controls to be moved closer to the asset and minimize risk. This means that instead of relying on a single perimeter or boundary to protect the entire network, ZTA enables granular and dynamic controlsthat are applied at or near the DAAS components, based on the principle of least privilege2. This reduces the attack surface and the potential impact of a breach, as well as improves the visibility and agility of the security posture3. References: Zero Trust Architecture | NIST Zero Trust Architecture Explained: A Step-by-Step Approach - Comparitech What is Zero Trust Architecture (ZTA)? - CrowdStrike

Correct Answer: A

In a ZTA, the logical combination of both the policy engine (PE) and policy administrator (PA) is called the policy decision point (PDP). The PE is the component that evaluates the policies and the contextual data collected from various

sources and generates an access decision. The PA is the component that establishes or terminates the communication between a subject and a resource based on the access decision. The PDP communicates with the policy enforcement

point (PEP), which enforces the access decision on the resource.

References:

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2 Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9 What Is a Zero Trust Security Framework? | Votiro, section "The Policy Engine

and Policy Administrator"

Zero Trust Frameworks Architecture Guide - Cisco, page 4, section "Policy Decision Point"

Correct Answer: B

Data sources are the ZT element that provide information that providers can use to keep policies dynamically updated. Data sources are the inputs that feed the policy engine and the policy administrator with the relevant data and context about the entities, resources, transactions, and environment in the ZTA. Data sources help to inform the policy decisionsand actions based on the current state and conditions of the ZTA. Data sources can include identity providers, device management systems, threat intelligence feeds, network monitoring tools, etc. References: Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance, Zero Trust Training (ZTT) - Module 3: ZTA Architecture and Components

Correct Answer: A

Micro-segmentation is a vital ZTA component that enhances network security and simplifies management by creating boundaries between resources in the same network zone. Micro-segmentation divides the network into smaller segments or zones based on the attributes and context of the resources, such as data sensitivity, application functionality, user roles, etc. Micro-segmentation helps to isolate and protect the resources from unauthorized access and lateral movement of attackers within the same network zone. References: Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance, Zero Trust Training (ZTT) - Module 6: Micro-segmentation

Correct Answer: A

SDP features, like multi-factor authentication (MFA), mutual transport layer security (mTLS), and device fingerprinting, protect against phishing attacks by verifying the identity and authenticity of both the user and the device before granting access to a resource. Phishing attacks are attempts to trick users into revealing their credentials or other sensitive information by impersonating a legitimate entity or service1. SDP features can prevent phishing attacks by: MFA: MFA is a security mechanism that requires a user to provide more than one piece of evidence to prove their identity, such as a password, a one-time code, a biometric factor, or a physical token2. MFA can protect against phishing attacks by making it harder for attackers to access a resource even if they manage to obtain the user's password or other credentials2. mTLS: mTLS is a security protocol that enables mutual authentication and encryption between two parties, such as a client and a server3. mTLS can protect against phishing attacks by ensuring that both the client and the server have valid and trusted certificates, and by preventing attackers from intercepting or modifying the communication between them3. Device fingerprinting: Device fingerprinting is a technique that identifies and verifies a device based on its unique characteristics, such as its operating system, browser, IP address, or hardware configuration4. Device fingerprinting can protect against phishing attacks by allowing only authorized devices to access a resource, and by detecting any anomalies or changes in the device's attributes that may indicate a compromise4. References: What is Phishing? | How to Identify and Prevent Phishing Attacks | Cloudflare What is Multi-Factor Authentication (MFA)? | Cloudflare What is Mutual TLS (mTLS)? | Cloudflare What is Device Fingerprinting? | Cloudflare

Correct Answer: A

A common activity in the scope, priority, and business case steps of ZT planning is to determine the organization's current state. This involves assessing the existing security posture, architecture, policies, processes, and capabilities of the

organization, as well as identifying the key stakeholders, business drivers, and goals for the ZT initiative. Determining the current state helps to establish a baseline, identify gaps and risks, and define the scope and priority of the ZT

transformation.

References:

Zero Trust Planning - Cloud Security Alliance, section "Scope, Priority, and Business Case"

The Zero Trust Journey: 4 Phases of Implementation - SEI Blog, section "First Phase: Prepare"

Correct Answer: B

ZTA using enhanced identity governance is an approach to ZTA that strongly emphasizes proper governance of access privileges and entitlements for specific assets. This approach focuses on managing the identity lifecycle, enforcing granular and dynamic policies, and auditing and monitoring access activities. ZTA using enhanced identity governance helps to ensure that only authorized and verified entities can access the protected assets based on the principle of least privilege and the context of the request. References: Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance, Zero Trust Training (ZTT) - Module 5: Enhanced Identity Governance

Correct Answer: B

When preparing to implement ZTA, some changes may be required in the organization's governance, compliance, risk management, and operations. These components are essential for ensuring a successful implementation of ZTA, as they involve the following aspects12: Governance: This refers to the establishment of a clear vision, strategy, and roadmap for ZTA, as well as the definition of roles, responsibilities, and authorities for ZTA stakeholders. Governance also involves the alignment of ZTA with the organization's mission, goals, and objectives, and the communication and collaboration among ZTA teams and other business units. Compliance: This refers to the adherence to the relevant laws, regulations, standards, and policies that apply to the organization's ZTA. Compliance also involves the identification and mitigation of any legal or contractual risks or issues that may arise from ZTA implementation, such as data privacy, security, and sovereignty. Risk management: This refers to the assessment and management of the risks associated with ZTA implementation, such as technical, operational, financial, or reputational risks. Risk management also involves the development and implementation of risk mitigation strategies, controls, and metrics, as well as the monitoring and reporting of risk status and performance. Operations: This refers to the execution and maintenance of the ZTA processes, technologies, and services, as well as the integration and interoperability of ZTA with the existing IT infrastructure and systems. Operations also involve the optimization and improvement of ZTA efficiency and effectiveness, as well as the resolution of any operational issues or incidents. References: Zero Trust Architecture: Governance Zero Trust Architecture: Acquisition and Adoption

Correct Answer: D