1.8 Zero Trust Flashcards
N10-009 Obj. 1.8 Summarize evolving use cases for modern network environments. (10 cards)
What is the traditional approach to network security and its limitation?
Traditionally, security focuses on protecting the network perimeter, but once inside, the network was broadly accessible, creating internal vulnerabilities.
Transcript: “Traditionally, we’ve always done a good job at protecting the edges of our network… But once you’re on the inside… very accessible.” (0:01–0:16)
What is Zero Trust and its core principle?
Zero Trust is a security model where no user, device, or application is trusted by default, and all access must be verified.
Transcript: “With zero trust, every user, every device, and every application is inherently untrusted.” (0:35–0:42)
What technologies support a Zero Trust model?
Authentication, encyption, internal firewalls, network monitoring, and other layered security controls.
Transcript: “We’ll be implementing technologies… authentication, encryption, additional firewalls, monitoring…” (0:51–1:00)
What is adaptive identity in authentication?
It adjusts authentication requirements based on user identity, location, IP address, and behavior to assess risk.
Transcript: “With an adaptive identity, every authentication process considers who’s trying to authenticate…” (1:23–2:01)
What factors can influence access after authentication (Authorization)?
User roles, location, device certification, and job-based permissions determine what data and functions are accessible.
Transcript: “We need to understand what type of access that user should have… part of the help desk… manager…” (2:56–3:29)
Why should admin rights be limited?
Admin rights give full system access, and if compromised (e.g., via malware), they pose a significant security risk.
A best practice is to provide the least access needed to complete your job – Least Privilege Access
Transcript: “Administrators have full access… malware now has administrative access…” (4:11–4:29)
What challenge does user and application dispersion create?
Users and apps are globally distributed, making it difficult to secure communications across varied environments.
Transcript: “Users can be located anywhere… applications… across the internet… private data center.” (4:31–4:56)
What is SASE and what does it provide?
SASE (Secure Access Service Edge) is a cloud-based security framework offering secure, seamless access to resources regardless of user or application location.
Transcript: “SASE… stands for Secure Access Service Edge… security technologies into the cloud…” (5:05–5:24)
What features can be part of a SASE solution?
Zero Trust Network Access, Firewall-as-a-Service, DNS security, and built-in QoS and routing.
Transcript: “Zero trust network access, firewall as a service, and DNS security…” (6:03–6:08)
How does SASE benefit end users?
It offers seamless, always-on security without requiring users to manually manage their securite connections.
Transcript: “Users don’t have to worry about turning on or turning off this SASE functionality…” (6:14–6:21)
