Introduction to ZTA - Objectives of ZT Flashcards
(99 cards)
1
Q
What is the primary objective of Zero Trust Architecture (ZTA)?
A
To address security risks inherent in the assumption of trust and lack of proper access controls.
2
Q
What are typical approaches to addressing security risks in ZTA?
A
Reducing the attack surface and/or improving the effectiveness of security controls.
3
Q
What is the motivation behind Zero Trust Architecture?
A
To provide a holistic and consistent security approach for protecting an enterprise against malicious actors.
4
Q
What is a key differentiator in ZTA?
A
The ephemeral nature of any trust between data/computing resources and the principals requesting access.
5
Q
How does ZTA enhance an environment’s security posture?
A
Through dynamic policy enforcement and decisioning.
6
Q
What types of attacks does ZTA protect against?
A
Both internal and external attacks that exploit and compromise exposed access mechanisms.
7
Q
What are the technical objectives of a ZT approach?
A
Establishes a framework for protecting resources, simplifies user experience, reduces attack surface size and complexity, enforces least privilege, improves control and resilience, localizes impact radius of a security failure.
8
Q
What are the business objectives of Zero Trust?
A
Reduce risk, improve governance and regulatory compliance, align organization’s culture with risk appetite of its leadership.
9
Q
Fill in the blank: A ZT approach aims to _______ the organization’s attack surface size and complexity.
A
reduce
10
Q
True or False: ZTA only addresses external threats.
A
False
11
Q
What does ZT stand for?
A
Zero Trust
ZT is an approach to cybersecurity that does not inherently trust any entity.
12
Q
What is the core premise of Zero Trust?
A
An organization should not inherently trust any entity that comes from within or beyond its boundaries.
13
Q
What is the goal of the protective framework established by ZT?
A
To enable a shift of focus to more business-oriented goals and protect data based on its value and specific needs.
14
Q
Why are aged cybersecurity techniques becoming ineffective?
A
They yield limited results and inadequate protection due to the increasing frequency and scale of attacks.
15
Q
What types of approaches are no longer practical according to ZT?
A
Approaches based on physical objects and systems, and signature-based threat detection.
16
Q
What factors necessitate a reconsideration of cybersecurity strategies?
A
Increasing frequency and scale of attacks, hyper-connected world, virtualized environments, and software-based organizations.
17
Q
Fill in the blank: The protective framework established by ZT represents a _______ approach to cybersecurity.
A
novel
18
Q
True or False: Zero Trust allows organizations to trust internal entities by default.
A
False
19
Q
What should organizations reconsider according to the ZT framework?
A
Everything from network configurations to detection and prevention approaches.
20
Q
What do organizations need to focus on regarding their data?
A
The value of the data and their specific protection needs.
21
Q
What does ZTA stand for?
A
Zero Trust Architecture
22
Q
How does ZTA reduce management overhead?
A
By applying a consistent access model for all assets and handling access requests uniformly
23
Q
What is the consistent interrogation model used in ZTA for access requests?
A
Who are you? Do you need this access now? Okay, you get this access to this resource for this period
24
Q
List the elements that ZTA models are absent of.
A
- Complicated diagrams of nested groups using legacy access control lists (ACL)
- Layers of groups managed by potentially irrelevant decision-makers
- Stale and orphaned groups
- Authorization mechanisms based on antiquated models/labels
- Delays in provisioning, deprovisioning, or access revocation
25
True or False: ZTA uses legacy access control lists (ACL) with allow and deny parameters.
False
26
What is a key feature of access handling in ZTA?
Every request is handled consistently, just-in-time by the PDPs
27
Fill in the blank: ZTA reduces management overhead by applying a consistent _______ model.
[access]
28
What are PDPs in the context of ZTA?
Policy Decision Points that handle access requests
29
What types of groups does ZTA eliminate to reduce complexity?
* Complicated nested groups
* Stale and orphaned groups
30
What does ZTA aim to eliminate in the authorization process?
Authorization mechanisms based on antiquated models/labels
31
What is the main difference between traditional security architecture and the Zero Trust (ZT) model regarding access decisions?
In traditional security architecture, access decisions are made at the network perimeter, while in the ZT model, each internal resource decides whether to grant access.
32
What happens to denied traffic in traditional security architecture?
Denied traffic is dropped outside of the perimeter.
33
Why is internal traffic often not encrypted in traditional security architectures?
It is rare for organizations to encrypt internal traffic.
34
What actions can an attacker perform once they penetrate the internal network in traditional security architecture?
* Run port scans
* Find vulnerabilities
* Launch denial-of-service attacks
* Steal additional credentials
* Eavesdrop on privileged network traffic
* Move laterally unobstructed
35
How does the Zero Trust model affect an attacker's ability to exploit internal resources?
An attacker is no better off after penetrating external defenses, as each internal resource makes access decisions.
36
Fill in the blank: In a traditional security architecture, the attack surface is every resource, while in the Zero Trust model, it contracts to only _______.
improperly secured resources.
37
True or False: In the Zero Trust model, once an attacker gains access to the internal network, they can move laterally without restrictions.
False
38
What does an organization's ever-expanding digital footprint lead to?
An increasingly complex IT environment
## Footnote
This complexity arises from access decisions made in advance and unmanaged permissions.
39
What are orphaned objects in the context of IT access?
Objects with unmanaged permissions left behind by parties that granted access
## Footnote
These objects can pose security challenges as they may lead to unauthorized access.
40
What is one of the biggest security challenges for organizations due to complexity?
Reduced visibility and increased vulnerabilities
## Footnote
This complexity makes it easier for malicious actors to infiltrate networks.
41
How do newer IT paradigms like hybrid cloud and edge computing affect access control policy management?
They further complicate access control policy management
## Footnote
This results from the diverse environments and configurations involved.
42
What does ZT (Zero Trust) assume about parties requesting application access?
All parties are malicious and should be untrusted
## Footnote
This assumption leads to a more secure approach to access management.
43
What is the main strategy of ZT in managing security?
Creating islands of applications and data to protect
## Footnote
This strategy focuses on protecting specific areas rather than policing the entire network.
44
What do ZT strategies require more of compared to standard security mechanisms?
Far more attributes
## Footnote
This requirement enhances security by providing more granular control.
45
How does ZT help organizations striving for agility?
By reducing security architecture complexity
## Footnote
It achieves this by creating perimeters around applications and identities.
46
What is the effect of ZT on the number of access points in an IT environment?
It reduces the number of access points
## Footnote
This results in tighter control over access levels and privileges.
47
Fill in the blank: ZT provides a robust security mechanism to reduce _______ by creating perimeters around applications and identity.
security architecture complexity
## Footnote
This helps in managing access more effectively.
48
True or False: ZT simplifies access management by assuming all parties are trustworthy.
False
## Footnote
ZT assumes all parties are untrusted to enhance security.
49
What principle does ZT enforce regarding user privileges?
The principle of least privilege
## Footnote
This principle dictates that users and programs should only have the necessary privileges to complete their tasks.
50
How does ZT manage user access?
Users get access to exactly what they need to conduct their business, when they need it
## Footnote
This approach aligns with the principle of least privilege.
51
What is micro-segmentation in the context of ZT?
The creation of zones in an IT environment to isolate workloads for better security
## Footnote
This practice helps users connect to the right application and use only the services they require.
52
What advantage does micro-segmentation provide in security operations?
It simplifies access provisioning
## Footnote
This simplification makes it easier to manage security operations and governance teams.
53
What are purpose-based dedicated identities also known as?
Identity personas
## Footnote
These personas are created for a group of resources that address a common functionality.
54
What is the purpose of creating identity personas in ZT?
To help limit the attack surface created by the compromise of an identity
## Footnote
This approach enhances security by managing how identities are utilized.
55
What is the primary objective of Zero Trust (ZT)?
To enhance and bolster the resilience and the security posture of an enterprise’s IT infrastructure
56
How does ZT reduce visibility for malicious actors?
By ensuring they have reduced visibility into the enterprise’s IT infrastructure and individual assets
57
What does ZTA do to minimize the risk of cross-site attacks?
Restricts lateral movement within the organization
58
What is the impact of containing external users within a small area of the network?
Any resulting security issues can be quickly contained and addressed
59
How does ZT limit the impact radius of security incidents?
By enabling the swift return of systems to their earlier state
60
What ensures that unauthorized scanning and mapping activities are unsuccessful?
The reduced attack surface within the ZT implementation
61
What are the components of the two-layer architecture in ZT?
A separated control plane and data plane
62
What must occur before access is granted to the organization’s network?
Users and their devices must be properly authenticated and authorized
63
True or False: ZTA allows for unrestricted lateral movement within the organization.
False
64
Fill in the blank: The two-layer architecture helps ensure that access is granted only after _______.
[users and their devices have been properly authenticated and authorized]
65
What is a primary goal of Zero Trust Architecture (ZTA)?
To make the incident management process more effective and efficient.
## Footnote
This includes principles like 'never trust, always verify' and presuming an ongoing breach.
66
What does the principle of 'never trust, always verify' entail?
It requires continuous behavioral monitoring of all system entities.
## Footnote
This principle is foundational in Zero Trust Architecture.
67
How does micro-segmentation benefit incident containment?
It reduces the impact radius of potential breaches by restricting a cyber attacker's lateral movement.
## Footnote
This segmentation confines damage to a limited area.
68
What happens when a breach occurs in a Zero Trust environment?
Damage is limited to a confined area, allowing for effective containment, eradication, and remediation efforts.
## Footnote
This is crucial for managing the incident's scope.
69
How does continuous monitoring in ZTA improve incident management?
It allows for more effective identification of anomalies and incidents.
## Footnote
Continuous monitoring is a key feature of Zero Trust Architecture.
70
What is the role of incident-related data in ZTA?
It is used to update the Policy Decision Point (PDP), allowing for dynamic policy definition and enforcement.
## Footnote
This process is critical for limiting impact across the organization’s network.
71
True or False: Zero Trust Architecture assumes that breaches are impossible.
False.
## Footnote
ZTA operates under the presumption of an ongoing breach.
72
Fill in the blank: The principle of continuous network access authorization in ZTA helps to _______.
reduce the impact radius of potential breaches.
73
What is a primary business goal of Zero Trust Architecture (ZTA)?
Reduction of cyber risk
## Footnote
This goal is especially critical for organizations facing complexity from distributed computing infrastructures and migration to the public cloud.
74
What are some technical goals related to risk reduction in ZTA?
Reducing the attack surface and achieving an improved security posture
## Footnote
These goals help organizations maintain resilience against cyber threats.
75
List the types of risks ZTA aims to reduce.
* Improper privilege escalation via lateral movement
* Access beyond need to know requirements
* Access beyond required time frame
* Access by unsecure devices
* Access via unsecured methods
* Compromises via brute force, DDoS, or MITM attacks
* Unauthorized lateral movement
## Footnote
These risks are critical for maintaining security in a connected enterprise.
76
What does ZTA support to protect logins against common attacks?
Multi-Factor Authentication (MFA)
## Footnote
MFA helps defend against brute-force attacks, dictionary attacks, and stolen credentials.
77
What principle is implemented in all ZTA variants to mitigate internal attacks?
Principle of least privilege
## Footnote
This principle ensures that users have the minimum level of access necessary to perform their tasks.
78
How does ZTA prevent unauthorized access to resources?
By applying controls and policies to every protected resource for every access request
## Footnote
This level of granularity enhances security by limiting access.
79
What is a critical requirement of ZTA for cyber risk reduction?
Continuous monitoring
## Footnote
Continuous monitoring helps maintain a strong security posture by investigating potential signs of compromise.
80
How does ZTA mitigate the risk of unauthorized access by compromised accounts?
By using policy-based controls conditioned on user and device security posture
## Footnote
This approach enhances the security framework of the organization.
81
What does the ZT model use to reduce the total risk of running a connected enterprise?
A unified framework provided by a limited number of vendors
## Footnote
This allows enterprises to address major threats with fewer solutions, reducing security flaws.
82
True or False: ZTA does not require mutual authentication between the server and client.
False
## Footnote
Mutual authentication is essential for establishing secure connections.
83
What is the primary objective of Zero Trust (ZT)?
To help organizations achieve and maintain an optimal compliance posture
## Footnote
This reduces both the financial and technical impact of compliance.
84
What are the two key features of ZT that help in compliance management?
* Discovery
* Mapping out of all networked assets and related access controls
85
Why is automatic discovery and validation of assets important in ZT?
Assets and data can only be protected if their presence is known.
86
How does ZT help in segregating resources?
Based on relevant legal, regulatory, and contractual compliance requirements.
87
What does proper implementation of ZT verify?
Authentication and authorization each time traffic moves laterally or inside/outside the network.
88
What is a benefit of verifying authentication and authorization in ZT?
Prevents unauthorized access before data can be accessed, compromised, encrypted for ransom, or exfiltrated.
89
What does ZT create to satisfy regulatory requirements?
An audit trail for record keeping and auditing.
90
What are privacy-related regulations that define stringent requirements for processing PII?
* General Data Protection Regulation (GDPR)
* California Consumer Privacy Act (CCPA)
91
What must organizations build to maintain control and visibility over PII?
An accountability framework that includes components like collection, processing, storage, and purpose.
92
How does ZT enable organizations regarding regulatory compliance?
It helps better align with standard security practices integrated into existing regulatory requirements’ internal controls.
93
Fill in the blank: ZT helps organizations achieve and maintain an optimal _______.
compliance posture
94
What is the ZT model's approach to security?
Never trust, always verify
## Footnote
This approach emphasizes continuous verification of resources and entities within the IT environment.
95
What mindset change does the ZT model promote in organizations?
A coordinated, structured approach to cybersecurity
## Footnote
This change requires organizations to adopt new processes and procedures.
96
What culture must organizations shift to according to the ZT model?
A culture based on processes and procedures that support continuous verification
## Footnote
This shift is necessary to trust entities within the IT environment.
97
Fill in the blank: The ZT model requires enterprises to adopt a _______ approach to cybersecurity.
coordinated, structured
98
True or False: The ZT model allows for trusting entities in the IT environment without verification.
False
## Footnote
The model emphasizes verification before trust.
99
What is the key requirement for trusting entities in a company's IT environment according to the ZT model?
Continuous verification
