Zero Trust 1.2

Question 1

[…] is the approach to security where someone must authenticate each time they want to gain access to a particular resource

Answer 1

Zero Trust

Question 2

Zero trust is implemented by using a combination of […]

Answer 2

• Multifactor Authentication
• Encryption
• Firewalls
• Monitoring / Analytics

Question 3

[…] separates the network into different functional planes and applies to physical, virtual, and cloud components

Answer 3

Planes of Operation

Question 4

The […] Plane is the part of the device that performs the actual security process. Anything that moves data from one part of the network to another.

Answer 4

Data Plane

Question 5

The […] Plane manages the actions of the Data Plane
- Defines policies / rules
- Determines how packets should be forwarded

Ex: Routing Tables, Firewall Rules

Answer 5

Control Plane

Question 6

[…] determines what level of authentication is needed for an individual based on the risk of a breach and makes it stronger if needed. Risk indicators include:
- Relationship to Org
- Physical Location
- IP Address

Answer 6

Adaptive Authentication

Question 7

[…] limits how many places can be used to gain access to the network

Answer 7

Threat Scope Reduction

Question 8

[…] combines the Adaptive Identity with a predefined set of rules. Determines what type of authentication process will be used to determine if the person trying to gain access is really who they say they are

Answer 8

Policy Driven Access Control

Question 9

[…] look at where you are connecting from and where you are trying to connect to and allows you to define rules to determine access
- Untrusted zone to a trusted zone (DENY)
- Trusted zone to Internal zone (ALLOW)

Answer 9

Security Zones

Question 10

All traffic must pass through the […] so that you can determine if traffic should be allowed or denied

Answer 10

Policy Enforcement Point

Question 11

The Policy Enforcement Point does not provide the decision on whether traffic should be allowed or disallowed, but gathers all of the information about the traffic and gives it to the […], which is responsible for the decision

Answer 11

Policy Decision Point

Question 12

The […], which is part of the Policy Decision Point, evaluates each request coming in and decides based on policy if it grants, denies, or revokes access.

Answer 12

Policy Engine

Question 13

The […] communicates with the Policy Enforcement Point the decision of the Policy Engine and tells it to either allow or disallow access. Also generates access tokens or credentials to give to the Policy Enforcement Point.

Answer 13

Policy Administrator

Question 14

The subject is part of the […] Plane

Answer 14

Data Plane

Question 15

The System is part of the […] Plane

Answer 15

Data Plane

Question 16

The Policy Enforcement Point is part of the […] Plane

Answer 16

Data Plane

Question 17

The Policy Decision Point is part of the […] Plane

Answer 17

Control Plane

Question 18

The Policy Engine is part of the […] Plane

Answer 18

Control Plane

Question 19

The Policy Administrator is part of the […] Plane

Answer 19

Control Plane