2.2 - Zero trust

Question 1

What is Zero Trust?

Answer 1

It is a security framework that requires all subjects, assets, and workflows to be authenticated, authorised and continuously validated before allowing access to applications and data

Question 2

What are the main principles of zero trust

Answer 2

Continuous verification - always verify access

Access Limitation - Access is granted on per-session basis (has a time limit)

Limit the ‘blast radius’ - Minimise impact if internal or external resources are breached (e.g. segmentation, least privilege

Automate - Context, collection, and response are meant to be automatically collected (e.g. credentials, workloads, endpoints SIEMS, Threat intelligence

Question 3

What are the ZT components

Answer 3

Policy Decision Point (PDP)

Policy Engine (PE)

Policy Administrator (PA)

Policy Enforcement Point (PEP)

Question 4

What is a control plane

Answer 4

It is a system that management and coordinates access to resources, handles authentication, authorisation and policy enforcement

Question 5

What is the data plane

Answer 5

This is where the application and service communication flows, it handles the actual data transfer and processing (moves data between software components

Question 6

What is the Policy Decision Point (PDP)?

Answer 6

PDP has two logical components Policy engine and policy administrator

Question 7

What is the Policy Engine (PE)?

Answer 7

Policy Engine (PE) - responsible for the ultimate decision to grant access to the given subject

Question 8

What is the Policy Administrator (PA)?

Answer 8

Generates any session-specific authentication, authentication token, or credential used to access an enterprise resource

Question 9

What is the Policy Enforcement Point (PEP)?

Answer 9

Responsible for enabling monitoring, and eventually termination connections between a subject and an enterprise resource