Of the following options, which risk/threat does SDP mitigate by mandating micro-segmentation and implementing least privilege?
Answer(s): D
SDP mitigates the risk of broken access control by mandating micro-segmentation and implementing least privilege. Micro-segmentation divides the network into smaller, isolated segments that can prevent unauthorized access and contain lateral movement. Least privilege grants the minimum necessary access to users and devices for specific resources, while hiding all other assets from their view. This reduces the attack surface and prevents attackers from exploiting weak or misconfigured access controls
What should an organization's data and asset classification be based on?
Answer(s): C
Data and asset classification should be based on the sensitivity of data, which is the degree to which the data requires protection from unauthorized access, modification, or disclosure. Data sensitivity is determined by the potential impact of data loss, theft, or corruption on the organization, its customers, and its partners. Data sensitivity can also be influenced by legal, regulatory, and contractual obligations.
Certificate of Competence in Zero Trust (CCZT) prepkit, page 10, section 2.1.1 Identify and protect sensitive business data with Zero Trust, section 1 Secure data with Zero Trust, section 1SP 800-207, Zero Trust Architecture, page 9, section 3.2.1
Which security tools or capabilities can be utilized to automate the response to security events and incidents?
Answer(s): B
SOAR is a collection of software programs developed to bolster an organization's cybersecurity posture. SOAR tools can automate the response to security events and incidents by executing predefined workflows or playbooks, which can include tasks such as alert triage, threat detection, containment, mitigation, and remediation. SOAR tools can also orchestrate the integration of various security tools and data sources, and provide centralized dashboards and reporting for security operations.
Certificate of Competence in Zero Trust (CCZT) prepkit, page 23, section 3.2.2 Security Orchestration, Automation and Response (SOAR) - Gartner Security Automation: Tools, Process and Best Practices - Cynet, section "What are the different types of security automation tools?"Introduction to automation in Microsoft Sentinel
Network architects should consider__________ before selecting an SDP model.Select the best answer.
Different SDP deployment models have different advantages and disadvantages depending on the organization's use case, such as the type of resources to be protected, the location of the clients and servers, the network topology, the scalability, the performance, and the security requirements. Network architects should consider their use case before selecting an SDP model that best suits their needs and goals.
Certificate of Competence in Zero Trust (CCZT) prepkit, page 21, section 3.1.2 6 SDP Deployment Models to Achieve Zero Trust | CSA, section "Deployment Models Explained" Software-Defined Perimeter (SDP) and Zero Trust | CSA, page 7, section 3.1 Why SDP Matters in Zero Trust | SonicWall, section "SDP Deployment Models"
Post your Comments and Discuss CSA CCZT exam with other Community members:
Onkar commented on December 26, 2024 Questions looks promising. Anonymous upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the CCZT content, but please register or login to continue.