An organization is deploying a workflow that transfers sensitive information across multiple services, including third-party connections. They want a design that confirms the request source, enforces usage limits, and validates data structures before relaying information to back-end services. Which approach addresses these goals while reducing questionable traffic to vital systems?
Encrypt traffic when communicating with external providers but avoid adding controls on local connections
Set up an inspection system that intercepts requests, performs data format checks, and uses token-based controls before allowing back-end access
Adopt frequent reauthentication for users yet skip validation for privileged service interactions
Require development teams to manually examine service requests on backend systems
An inspection system that intercepts requests, checks data structures, and uses token-based checks aligns with a Zero Trust model by not granting access until requests pass policy and format checks. Encrypting traffic for external endpoints without further internal controls leaves potential internal threats unchecked. Relying on manual reviews introduces delays and human error, and ignoring validation for certain calls breaks the principle of verifying all service traffic. A dedicated inspection layer systematically applies security measures to inbound requests, significantly strengthening the overall defense.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Zero Trust model in cybersecurity?
Open an interactive chat with Bash
How does a token-based control system enhance security?
Open an interactive chat with Bash
Why are data format checks critical for secure workflows?