Zero Trust Architecture (ZTA) Flashcards

1
Q

What is Zero Trust Architecture?

A

A security model that requires strict identity verification for every person and device trying to access resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Policy-Based Authentication?

A

Modern identity verification - multifactor authentication using a password, a mobile device, and a fingerprint.
Dynamic authentication - example: access permissions change based on location, time, or device security status.
Adaptive risk assessment - a user’s risk level is assessed based on unusual download patterns or access requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is authorization like in Zero Trust?

A

Role-Based Access Control (RBAC) - traditional authorization example: an employee accessing resources based on their role.
Attribute-Based Access Control (ABAC) - example: an employee access a resource based their attributes like location, time of day.
Real-time authorization - example: a user’s access to sensitive data is revoked the moment their role changes in the HR system.
Continuous Re-validation - example: periodic checks where a user is prompted to re-authenticate at random intervals during a session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Least Privilege Access?

A

Principle of Least Privilege - example: employees are given access only to the resources necessary for their job.
Just-In-Time and Just-Enough-Access - example: employees are given temporary access grant to a system for maintenance purposes, and restricting access to only what is needed.
Mitigating risks - Explain how least privilege can prevent a malware infection from spreading beyond its entry point.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly