Introduction to ZTA - ZT use cases Flashcards
(140 cards)
1
Q
What is the primary purpose of Zero Trust (ZT) use cases?
A
To address secure access and risk mitigation in various industries
ZT use cases vary architecturally and in their risk mitigation efficacy and limitations.
2
Q
What does the use case description for Remote Access & VPN Replacement entail?
A
Secure remote access to corporate networks has evolved from traditional VPNs to accommodate cloud services
Users now require access to services residing in clouds and associated environments.
3
Q
What are the security risks associated with traditional VPN solutions?
A
Users gain extensive access post-authentication, risking violation of least privilege and potential malware infections
Device authentication is critical to prevent malicious software from impacting organizational assets.
4
Q
What is a significant limitation of traditional VPNs in the context of cloud migration?
A
Substantial performance degradation when accessing cloud-based IT resources
Traditional VPNs terminate at the organization’s perimeter, limiting access to cloud services.
5
Q
What technologies are being used to improve remote access to cloud services?
A
Cloud proxies and SASE (Secure Access Service Edge)
These technologies create encrypted tunnels to external enclaves for better access.
6
Q
Fill in the blank: ZTA enhances the security posture of remote access by including ______ capabilities.
A
SDP (Software-Defined Perimeter) capabilities
Specifically, it includes SPA (Secure Access Protocol) in communications.
7
Q
What does the principle of least privilege entail in the context of VPN access?
A
Users should only have access to the minimum resources necessary for their tasks
This principle helps mitigate security risks by limiting access.
8
Q
True or False: Once authenticated via a VPN gateway, users have unrestricted access to all enterprise assets.
A
True
This unrestricted access can lead to security vulnerabilities if not managed properly.
9
Q
What is the role of device authentication in remote access scenarios?
A
To validate that devices are free from malware before granting network access
This step is crucial to protect organizational assets.
10
Q
What does ZTA stand for?
A
Zero Trust Architecture
11
Q
How does ZTA mitigate VPN’s security gaps?
A
Through more granular, contextual security controls
12
Q
What is a significant drawback of traditional VPN implementations?
A
High latency and a single point of failure/compromise
13
Q
What is the role of the ZT gateway in ZTA?
A
Each service is separately protected by a ZT gateway
14
Q
What must a client do before connecting to an application in ZTA?
A
Authenticate and authorize
15
Q
What protocol is used for secure connections in ZTA?
A
mTLS (mutual Transport Layer Security)
16
Q
What is split tunneling in the context of VPN?
A
A feature that divides internet traffic, sending some through an encrypted tunnel and the rest through an open network
17
Q
What limitations are associated with a ZT environment?
A
Dependent on proven standards like mTLS, SAML, and X.509 certificates
18
Q
What enhances the flexibility of a ZT environment?
A
It can be combined with supplemental security systems such as data encryption and remote attestation
19
Q
True or False: ZTA applies the same policies and security controls to all users regardless of their location.
A
False
20
Q
Fill in the blank: With VPN, users often experience delays, disconnections, and _______.
A
connectivity problems
21
Q
What is the impact of VPN on user connectivity to the internet?
A
It is negatively impacted, even with split tunneling
22
Q
What does ZTA provide a path for?
A
Evolution of security measures
23
Q
What is micro-segmentation?
A
Micro-segmentation enforces the separation of connections between devices on a network
24
Q
How does micro-segmentation prevent traffic from being visible to internal users?
A
By requiring granular, policy-based access for device-to-device connections
25
What is the purpose of creating dynamic, trusted network zones around applications?
To hide applications from unauthorized users and devices
26
What must every device do to communicate with servers in a micro-segmented network?
Initiate its own encrypted tunnel
27
How does micro-segmentation limit the impact of a cyber attack?
By ensuring device access is limited to validated, authorized entities
28
In what environments can micro-segmentation architectures be deployed?
Both cloud environments and on-premise data centers
29
Fill in the blank: Time-based segmentation policies and controls typically become more _______ over time.
[granular]
30
What are some common architectural patterns of micro-segmentation?
* Traditional network segmentation
* Data center (east-west) segmentation
* Application micro-segmentation
* Workload micro-segmentation
31
What happens once cyber attackers gain a foothold into the network?
They typically move laterally to compromise other machines
32
True or False: Network visibility is usually restricted to privileged users in VPN and corporate IT environments.
False
33
What is the security posture enhancement in ZT implementations?
Devices are completely hidden from unknown users
34
What type of request must trusted devices initiate to connect in a ZT environment?
SPA-based request
35
What is a key feature of connections in a micro-segmented network?
Each connection is a separate network impenetrable by other hosts
36
What is a key limitation in user/device interactions?
Stringent control is maintained over users and devices and their respective access to each application or resource.
37
Why is careful integration required in device architecture?
To reduce user/device validation-related latency.
38
What aspect of data flow between devices is not verified?
The data flowing between devices are not verified/validated.
39
What is verified/validated before a connection is granted?
The connecting device’s security posture and identity.
40
Fill in the blank: The architecture and interactions between the devices require careful _______ to reduce user/device validation-related latency.
[integration]
41
True or False: The data between devices is always validated.
False
42
What is the impact of the rise of cloud and SaaS deployment models on organizations?
Access to scalable IT resources, fuels innovation, and boosts productivity
## Footnote
However, it also introduces new IT security challenges beyond traditional corporate firewalls.
43
What are some challenges introduced by each SaaS solution?
Vendor risk management, data protection, access controls, user experience, auditing, monitoring, privileged access management
## Footnote
These challenges must be addressed to ensure security and compliance.
44
What is the shared responsibility model in SaaS?
A model where visibility, governance, and control are reduced, leading to varied security risks
## Footnote
SaaS solutions need to be understood, monitored, and reported for risk acceptance.
45
Why is risk acceptance critical in SaaS implementation?
Data protection compliance measures apply to SaaS providers
## Footnote
Additional controls may be required for risk mitigation.
46
What is 'shadow IT'?
The procurement and use of SaaS applications without the knowledge or permission of IT
## Footnote
This significantly increases the risk of data breaches and security incidents.
47
What should corporate IT specify in their service level agreements/contracts?
Requirements for controls with conformance reporting standards
## Footnote
This helps manage the risks associated with SaaS applications.
48
Why are network-centric security architectures considered inadequate now?
Due to the rise of the mobile workforce and proliferation of cloud applications
## Footnote
Once a security perimeter is breached, threat actors can exploit vulnerabilities across systems.
49
What methods can breach a security perimeter?
Phishing, malware, compromised passwords
## Footnote
These exploits allow threat actors to move freely across security layers.
50
What has gained widespread adoption in the last decade alongside SaaS offerings?
Microservices and third-party APIs
## Footnote
These allow integration with existing systems through publicly supported APIs.
51
What risk does the integration of SaaS offerings through APIs introduce?
Supply chain risk into the ecosystem
## Footnote
Organizations can subscribe to these services instead of building them from scratch.
52
What is the ZT SaaS management model used for?
Mitigating cyber risks inherent in SaaS services
## Footnote
ZT stands for Zero Trust
53
What does the ZT SaaS management model enforce?
Policy-based access control in SaaS applications
## Footnote
This applies regardless of user/device location
54
What does the ZT SaaS model monitor?
All SaaS usage patterns
## Footnote
This helps in identifying potential security risks
55
How do organizations often enhance SaaS security?
With single sign-on security (e.g., SAML) and IP-based access control with a CASB
## Footnote
CASB stands for Cloud Access Security Broker
56
What are the potential drawbacks of using single sign-on and IP-based access control?
Increased latency and degraded performance
## Footnote
This can negatively impact the user experience
57
What advantage does the ZT model provide over traditional methods?
Stronger security for SaaS applications without impacting the user’s experience
58
What does ZT SaaS control depend on?
A SaaS mechanism to control corporate account access
59
What is a key requirement for ZT SaaS control?
Support of client SSO access lists for a SaaS service
60
What does disabling direct access to SaaS services achieve?
Bypassing the SSO access mechanism
61
What are the limitations of ZT and SDP regarding data flow?
Limited ability to control the data flow inside a SaaS instance or between different SaaS applications
62
What is a hybrid cloud?
A hybrid cloud combines on-premises solutions or private cloud(s) with one or more public cloud services
63
What technologies enable connectivity in hybrid clouds?
Technologies like site-to-site VPN and private or dedicated circuits
64
What is a multi-cloud strategy?
A strategy that leverages several cloud service providers, which can include public, hybrid, or private clouds
65
What do hybrid and multi-cloud deployments expand?
The organization’s attack surface
66
What varies among different public cloud providers?
IAM models, security controls, and connectivity methods between VPCs or between VPCs and private clouds
67
What does ZT stand for?
Zero Trust
68
How does the broad level of network access in hybrid and multi-cloud deployments conflict with ZT?
It conflicts with ZT’s least privilege access model
69
What is a potential default access level used by cloud providers?
The most open access levels to maintain interoperability
70
What is the primary benefit of applying ZT across cloud deployments?
Mitigating the security risks inherent in publicly exposed cloud services
71
Fill in the blank: A device/users connection point on a particular network should not determine which _______ are accessible.
cloud services
72
What should happen before users connect to cloud resources?
Users should be identified, authenticated, and authorized
73
Access to services and resources is granted based on what?
What the organization knows about the user/device
74
What security controls are applied to both private and public clouds?
Tunneling and encryption
75
What does ZTA do regarding services and resources?
Hides all the services and resources, regardless of their location
76
True or False: Users have access to resources before completing authentication and authorization.
False
77
What does ZTA enforce between the user device and the PEP?
A mutually encrypted tunnel
## Footnote
ZTA stands for Zero Trust Architecture.
78
What access model does ZTA enforce?
Least privilege access model
## Footnote
This model is based on granular and resource/service-based access policies.
79
How does ZT improve the user experience?
By eliminating single choke points
## Footnote
This distributed architecture prevents delays and single point failures.
80
What is a challenge in implementing a truly cloud and vendor agnostic ZT?
Varying design patterns of competing cloud providers
## Footnote
Different cloud providers may have distinct implementation requirements.
81
How does the implementation of SSO differ among cloud providers?
It varies; for example, Azure AD differs from Azure cloud
## Footnote
Google Cloud Platform (GCP) also differs from an OpenStack-based private cloud.
82
What is a limitation regarding interconnections in multi-cloud deployments?
They are vendor-dependent
## Footnote
There isn't one standard protocol or implementation for these interconnections.
83
True or False: Best practices can guarantee a standard protocol for ZT implementation.
False
## Footnote
There is no single standard protocol or implementation for ZT.
84
What does OT stand for in an industrial context?
Operational Technology
## Footnote
OT primarily exists in industrial environments where processes are regulated to achieve desired outcomes.
85
What are the primary systems associated with the OT environment?
Industrial control systems (ICS) and IIoT devices
## Footnote
IIoT stands for Industrial Internet of Things.
86
How was the traditional OT environment characterized?
Closed, physically air-gapped networks and systems.
87
What do newer OT solutions offer compared to traditional ones?
Advanced features related to connectivity and automation
## Footnote
Examples include smart OT devices.
88
What is the trend regarding reliance on OT-generated data?
Increasing rapidly.
89
What must organizations do when adopting new OT technologies?
Plan for accessible, secure, and resilient deployments.
90
What risk is associated with exposing smart OT devices to the internet?
Introduction of external cyber threats into enterprise networks.
91
What do ZT security best practices mandate regarding connected entities?
Every connected entity must have an identity and be part of the ZT Framework.
92
What are the components that must be considered in the ZT Framework?
* Users
* Devices
* Virtual infrastructure
* Cloud assets
93
What is the definition of cyber-physical systems (CPS) according to NIST SP 1500-201?
Integration of physical components, networked systems, embedded computers, and software for information sharing.
94
What future applications are CPS foundational for?
* Smart services
* Smart cities
* Smart health care management
95
What is a key characteristic of CPS?
Cross-disciplinary in nature.
96
CPS provides seamless integration of which two types of systems?
Cyber and physical systems.
97
What does IoT stand for?
Internet of Things
## Footnote
IoT refers to a network of devices connected to the internet.
98
What are IoT devices equipped with?
Software and/or sensors
## Footnote
These are essential for collecting and transmitting data.
99
How do IoT devices connect to the internet?
Via wifi or other wireless/wired technology
## Footnote
This connectivity enables communication between devices.
100
Give two examples of home IoT devices.
* Home automation solutions
* Smart doorbells
## Footnote
These devices enhance convenience and security in homes.
101
Give two examples of industrial IoT devices.
* Smart farming devices
* Assembly line robots
## Footnote
These devices improve operational efficiency in industries.
102
What does IIoT stand for?
Industrial Internet of Things
## Footnote
IIoT is a specific subset of IoT focused on industrial applications.
103
What are the main benefits of IIoT systems for industrial enterprises?
* Improvements in efficiency
* Increases in productivity
* Automation
* Continuous monitoring
* Analysis
## Footnote
These benefits are crucial for enhancing industrial operations.
104
What does ICS stand for?
Industrial Control Systems
105
Name three types of control systems included in ICS.
* Supervisory Control and Data Acquisition (SCADA) systems
* Distributed Control Systems (DCS)
* Programmable Logic Controllers (PLC)
106
What are COTS devices?
Commercial-off-the-shelf networked devices
107
What topology do ICS systems typically consist of?
Bus topology
108
What is a significant risk introduced by connecting ICS to internal IT networks?
Cyber-physical risk
109
Which principles make up the CIA Triad?
* Confidentiality
* Integrity
* Availability
110
In ICS, which two principles of the CIA Triad are prioritized over confidentiality?
* Availability
* Integrity
111
Name two types of malicious actors with interest in ICS vulnerabilities.
* Terrorists
* State-sponsored actors
112
What is one common type of attack on ICS?
Attacks that plant malicious software
113
Fill in the blank: Over 400 ICS vulnerabilities were disclosed in ______.
2019
114
What is a common method used to gain initial access to OT networks?
Spear phishing
115
True or False: Security hardening and patching on ICS systems is straightforward.
False
116
What does ZT stand for in the context of risk mitigation?
Zero Trust
117
What does SDP stand for?
Software Defined Perimeter
118
What is the primary benefit of implementing ZT in IIoT devices?
Enforce stronger device integrity and data confidentiality
119
Name two types of authentication enforced by SDP for IIoT devices.
* IIoT device authentication
* Adaptive risk-based user authentication (e.g., MFA)
120
What is a key challenge when applying ZT to OT environments?
Device resource constraints
121
Fill in the blank: ICS systems rely on OT protocols such as ______ for control plane functionality.
ModBus or Profinet
122
What is one limitation of ZT related to IIoT devices?
Harder to patch and/or upgrade
123
What approach may be necessary for ZTA design due to device limitations?
Agentless micro-segmentation or external proxy-based approach
124
What type of inspection can be implemented to detect and block known attack types?
Deep packet inspection
125
What does 5G stand for?
Fifth generation wireless technology
126
What are some key applications of 5G technology?
Applications include smart cities, autonomous vehicles, remote healthcare, and more.
127
What are the three main types of communication that 5G provides?
* Enhanced mobile broadband (eMBB)
* Massive machine-type communications (mMTC)
* Ultra-reliable low-latency communications (uRLLC)
128
How does 5G improve connectivity in highly populated areas?
By using tiny cells as signal repeaters, enhancing speed, network capacity, and reliability.
129
What is the role of the core network in 5G?
It routes data and connects different portions of the access network.
130
What is mobile edge computing (MEC) in the context of 5G?
MEC places compute and storage resources closer to the customer to improve application performance.
131
What security risks are introduced by 5G's open architecture?
It creates an expansive attack surface from user equipment to core nodes.
132
What technology does 5G leverage that can be vulnerable to attacks if not secured?
Software-defined networking (SDN) technologies.
133
Why is physical security crucial in 5G networks?
Because devices and infrastructure are closer to the end user, increasing the risk of physical tampering.
134
What type of malware is particularly concerning in 5G networks?
Lateral moving malware.
135
What role does ZT device protection play in 5G networks?
It verifies the authenticity of software downloads and updates in the system.
136
What kind of attacks are 5G networks vulnerable to due to their architecture?
Man-in-the-middle (MITM) attacks.
137
What does ZT data protection ensure in the context of IoT and 5G?
Only authenticated and authorized systems can access protected data.
138
What is a limitation in integrating ZT with 5G infrastructure?
Access to network drivers in 5G infrastructure equipment may be difficult to obtain.
139
What challenge does ZT face regarding identity and authorization in 5G?
It may be difficult to implement in devices with generic software process names.
140
What future development is needed for ZT to support 5G edge configurations?
An agentless approach to facilitate the myriad of edge configurations.
