Introduction to Zero Trust - Definitions, Concepts and Components

Question 1

What does the ZT concept as a cybersecurity approach require according to the CSA?

Answer 1

ZT is a cybersecurity approach that requires the following:
1. Making no assumptions about the trustworthiness of an entity as it requests access to a resource
2. Starting with no pre-established entitlements, then relying on a construct which is used to add entitlements
3. Assuming breach and verifying all workforce, device, workload, network and data access, regardless of where, who, or to what resource with the assumption that breaches are impending or have already occurred

Question 2

What is a Tenet?

Answer 2

A principle generally held to be true

Question 3

How many tenets has ZT according to the USA Department of Defense Zero Trust Reference Architecture?

Answer 3

ZT has 5 major tenets:
1. Assume a hostile environment
2. Assume breach
3. Never trust, always verify
4. Scrutinize explicitly
5. Apply unified analytics

Question 4

DAAS stands for

Answer 4

Data, Applications, Assets and Services

Question 5

What are several design principles of ZTA?

Answer 5

1. Denying access until the requester has been thoroughly authenticated and authorized
2. Allowing access to the network only when requesters (users, machines, processes) authenticate who they are
3. Allowing access to resources only after the requesting entity has been authorized
4. Enforcing least privilege, specifically, granting the least amount of access required
5. Requiring continuous monitoring of existing security controls’ implementation and effectiveness

Question 6

What are the seven pillars of a Zero Trust Architecture?

Answer 6

There are seven pillars of DoD ZTA:
1. Users/identities
2. Devices/endpoints
3. Network/Environment
4. Applications & Workload
5. Data
6. Visibility & Analytics
7. Automation & Orchestration

Question 7

What is in the Users pillar?

Answer 7

• Securing/limiting/enforcing DAAS access for person, non-person, and federated entities through identity, credential and access management capabilities
• MFA and continuous multi-factor authentication
• Continuously authenticate, authorize, and monitor activity patterns
• RBAC and ABAC for authorizing users to access applications/data

Question 8

What is in the Devices / endpoints pillar?

Answer 8

• Identify, authenticate, authorize, inventory, isolate, secure, remediate and control all devices
• Real-time device attestation and patching

E.g., using Mobile device managers or comply-to-connect (C2C)

Question 9

What is in the Network/environment pillar?

Answer 9

Logically and physically segment, isolate and control the on-premise and off-premises network/environment with granular access and policy restrictions:
- Control privileged access
- Manage internal and external data flows
- Prevent lateral movement

Question 10

What is in the Application and Workload pillar?

Answer 10

Tasks on systems or services on-premises as well as applications or services in a cloud environment

Question 11

What is in the Data pillar?

Answer 11

Data categorized in terms of mission criticality under a comprehensive data management strategy.
- Categorization of data
- Encryption at rest and in transit
- Technologies like DRM, DLP, software-defined storage and granular data-tagging

Question 12

What is in the Visibility and Analytics pillar?

Answer 12

Visibility on vital, contextual details to provide a greater understanding of performance, behavior and activity baselines across various ZT pillars. Other monitoring data for situational awareness.

Question 13

What is in the Automation and Orchestration pillar?

Answer 13

Automated security processes to take policy-based actions across the enterprise with speed and at scale. For example Security Orchestration, Automation and Response, integrated with Security Information and Event Management.

Question 14

What does ZT stand for?

Answer 14

Zero Trust

ZT is a set of principles and practices designed for reducing cyber risk in dynamic IT environments.

Question 15

What are the three core components for a Zero Trust Architecture?

Answer 15

1. Communication: a request for an entity to access a resource and the resulting access or session.
2. Identity: The identity of the entity (e.g., user or device) requesting access to the resources
3. Resources: any assets within the target environment.

Question 16

What are two fundamental elements of Zero Trust?

Answer 16

1. Policy: the governance rules that identify the who, what, when, how, why of access to the target resource
2. Data sources: the contextual information providers can use to keep policies dynamically updated

Question 17

What is the primary requirement of the Zero Trust model?

Answer 17

Strict authentication and verification for each person, device, or service trying to access an IT resource

Question 18

In Zero Trust, how is the security posture of a resource assessed?

Answer 18

Based on authentication and authorization controls in place, not by its location

Question 19

What must occur prior to granting network access in a Zero Trust network?

Answer 19

Authentication and explicit authorization

Question 20

True or False: Encrypting communications alone is sufficient for Zero Trust security.

Answer 20

False

Question 21

What is a key aspect of Zero Trust regarding access verification?

Answer 21

Each individual flow must be confirmed as an authorized connection

Question 22

What percentage of attacks start with a breach via a phishing email?

Answer 22

90%

Question 23

What are the steps typically involved in a phishing attack leading to data exfiltration?

Answer 23

1. Breach via phishing email
2. Creation or compromise of an administrative account
3. Lateral movement of malware
4. Exfiltration of enterprise data

Question 24

What does CSA define the Zero Trust concept as?

Answer 24

A cybersecurity approach that requires verification of all access requests

Question 25

What assumption does Zero Trust make about an entity's trustworthiness?

Answer 25

No assumptions; trust is not pre-established

Question 26

Fill in the blank: Zero Trust starts with no pre-established _______.

Answer 26

entitlements

Question 27

What is a recent trend in enterprise security related to Zero Trust?

Answer 27

Increasing number of remote users and assets based in the cloud

Question 28

How are hardware manufacturers and software vendors responding to the shift towards Zero Trust?

Answer 28

Rapidly adopting the ZT model and validating their products for ZT implementation

Question 29

What does it mean to 'assume breach' in Zero Trust?

Answer 29

Most large enterprises experience daily cybersecurity attacks and may already be compromised ## Footnote This tenet suggests managing resources with vigilance, as if an adversary has a foothold in the environment.

Question 30

What is the principle of 'never trust, always verify'?

Answer 30

Deny access by default and authenticate every access request ## Footnote This involves using least privilege, multiple attributes, and dynamic cybersecurity policies for access control.

Question 31

What does it mean to 'scrutinize explicitly'?

Answer 31

Access resources in a secure manner using multiple attributes to determine confidence levels ## Footnote Access is conditional and can change based on actions and confidence levels.

Question 32

What is the fifth major tenet of Zero Trust?

Answer 32

Apply unified analytics ## Footnote This involves using analytics and behavioristics to monitor data, applications, assets, and services, and logging each transaction.

Question 33

Fill in the blank: A tenet is defined as a principle generally held to be _______.

Answer 33

[true]

Question 34

True or False: The Zero Trust model assumes that all users and devices are trusted by default.

Answer 34

False ## Footnote The model assumes a hostile environment and treats all users and devices as untrusted.

Question 35

List the five major tenets of Zero Trust.

Answer 35

* Assume a hostile environment * Assume breach * Never trust, always verify * Scrutinize explicitly * Apply unified analytics

Question 36

What is the first design principle of ZTA9?

Answer 36

Denying access until the requestor has been thoroughly authenticated and authorized ## Footnote This includes inspecting, authenticating, and authorizing users, devices, or individual packets.

Question 37

What does ZTA require regarding access to resources?

Answer 37

Access to resources is temporary and reverification is required ## Footnote The timespan of access is defined by policies.

Question 38

How does access change with Zero Trust (ZT)?

Answer 38

Requesters aren’t allowed access to anything until they authenticate who they are.

Question 39

What must happen before access to resources is granted?

Answer 39

The requesting entity must be authorized.

Question 40

What principle is enforced regarding access rights?

Answer 40

Enforcing least privilege ## Footnote This means granting the least amount of access required.

Question 41

What is required for continuous security in ZTA?

Answer 41

Continuous monitoring of existing security controls’ implementation and effectiveness.

Question 42

What is the Zero Trust Architecture (ZTA)?

Answer 42

A work-in-progress concept with evolving boundaries and definitions

Question 43

How many fundamental pillars of a Zero Trust Architecture are emphasized by the CSA?

Answer 43

Seven

Question 44

What does the Users/identities pillar focus on?

Answer 44

Securing, limiting, and enforcing access for users and entities ## Footnote This includes identity, credential, and access management capabilities like multi-factor authentication (MFA) and continuous multifactor authentication (CMFA).

Question 45

Name two access control methods mentioned in the Users/identities pillar.

Answer 45

* Role-based access control (RBAC) * Attribute-based access control (ABAC)

Question 46

What is essential in the Device/endpoints pillar?

Answer 46

Identifying, authenticating, authorizing, inventorying, isolating, securing, remediating, and controlling all devices

Question 47

What are critical functions in the Device/endpoints pillar?

Answer 47

* Real-time attestation * Patching of devices

Question 48

What should organizations do to their network/environment in a ZT approach?

Answer 48

Segment, isolate, and control both on-premise and off-premises networks

Question 49

What is the importance of macro-segmentation in a ZT approach?

Answer 49

Enables micro-segmentation for greater protections and controls

Question 50

What tasks should the Applications and workload pillar include?

Answer 50

Tasks on systems or services on-premises and cloud environments

Question 51

What should be central to ZT adoption concerning applications?

Answer 51

Securing and managing the application layer, compute containers, and virtual machines

Question 52

What is the purpose of categorizing DAAS in the Data pillar?

Answer 52

To develop a comprehensive data management strategy

Question 53

List three solutions for protecting critical data in the Data pillar.

Answer 53

* Digital Rights Management (DRM) * Data Loss Prevention (DLP) * Granular data-tagging

Question 54

What does the Visibility and analytics pillar improve?

Answer 54

Detection of anomalous behavior and dynamic changes to security policies

Question 55

What is the role of Security Orchestration, Automation, and Response (SOAR) in ZT?

Answer 55

Improves security and decreases incident response times by automating responses to threats

Question 56

What is the purpose of governance in ZT?

Answer 56

To ensure successful implementation and control over goals and actions

Question 57

True or False: Automation and orchestration in ZT only focus on manual processes without policy-based actions.

Answer 57

False

Question 58

Fill in the blank: The _______ pillar involves the automation of manual security processes.

Answer 58

Automation and orchestration

Question 59

What are the three core components of Zero Trust Architecture (ZTA)?

Answer 59

* Communication * Identity * Resources ## Footnote These components are essential for making access decisions.

Question 60

What are the two additional fundamental elements of ZTA?

Answer 60

* Policy * Data sources ## Footnote These elements help define access governance and keep policies updated.

Question 61

What does the Policy Decision Point (PDP) consist of?

Answer 61

* Policy administrator * Policy engine (PE) ## Footnote The PDP determines the rules and communicates them to the PEP.

Question 62

What is the role of the Policy Enforcement Point (PEP)?

Answer 62

Acts as a gateway to ensure access to approved resources has been granted to the correct entity ## Footnote The PEP enforces the rules defined by the PDP.

Question 63

How does NIST define the PDP?

Answer 63

As the control plane responsible for collecting, analyzing, and transforming data into rules for resource access ## Footnote The PDP governs access to resources based on intelligence and rules.

Question 64

What is the function of the PEP in ZTA?

Answer 64

The data plane that enforces rules and provides access to resources based on input from the control plane ## Footnote The PEP executes the access rules set by the PDP.

Question 65

What is the purpose of data sources in the context of ZTA?

Answer 65

To feed data into the PDP to maintain rules and keep the decision-making process updated ## Footnote Various intelligence sources help refine access rules.

Question 66

List some possible information sources for the policy engine.

Answer 66

* Intrusion detection system (IDS)/Intrusion detection and prevention system (IDPS) * Network devices (e.g., firewalls, proxies) * Threat intelligence feeds * Information sharing systems * Denylists and blocklists * Identity providers and access management systems * Legal and regulatory compliance requirements * Asset/device management systems * Public key infrastructure ## Footnote These sources provide critical data for policy enforcement.

Question 67

True or False: Manual management of the access model is recommended in a Zero Trust environment.

Answer 67

False ## Footnote Automation is encouraged to manage the increased number of PEPs effectively.

Question 68

Fill in the blank: The PDP and PEP regulate access to resources by being placed in the __________ of traffic.

Answer 68

access workflow ## Footnote This integration helps enforce access control policies.

Question 69

What advantage does automation provide in a Zero Trust environment?

Answer 69

Supports both granular and global control ## Footnote Automation helps manage complex access models efficiently.