Zero Trust Architecture (ZTA) Flashcards
What is Zero Trust Architecture?
A security model that requires strict identity verification for every person and device trying to access resources.
What is Policy-Based Authentication?
Modern identity verification - multifactor authentication using a password, a mobile device, and a fingerprint.
Dynamic authentication - example: access permissions change based on location, time, or device security status.
Adaptive risk assessment - a user’s risk level is assessed based on unusual download patterns or access requests.
What is authorization like in Zero Trust?
Role-Based Access Control (RBAC) - traditional authorization example: an employee accessing resources based on their role.
Attribute-Based Access Control (ABAC) - example: an employee access a resource based their attributes like location, time of day.
Real-time authorization - example: a user’s access to sensitive data is revoked the moment their role changes in the HR system.
Continuous Re-validation - example: periodic checks where a user is prompted to re-authenticate at random intervals during a session.
What is Least Privilege Access?
Principle of Least Privilege - example: employees are given access only to the resources necessary for their job.
Just-In-Time and Just-Enough-Access - example: employees are given temporary access grant to a system for maintenance purposes, and restricting access to only what is needed.
Mitigating risks - Explain how least privilege can prevent a malware infection from spreading beyond its entry point.
