A financial services company is redesigning its network security architecture to adopt a Zero Trust model, with the primary goal of mitigating the risk of lateral movement. Which of the following changes BEST represents the implementation of a core Zero Trust principle?
Requiring every access request to any internal application to be authenticated and authorized based on user identity and device health, regardless of the user's network location.
Encrypting all data at rest within the company's data center to protect it from physical theft of hardware.
Deploying a next-generation firewall at the network perimeter with advanced threat intelligence to inspect all ingress and egress traffic.
Implementing mandatory annual security awareness training for all employees to reduce the risk of phishing attacks.
The core principle of a Zero Trust architecture is "never trust, always verify," which means that no user or device is trusted by default, regardless of its location on the network. The best implementation of this principle is to require that every access request be individually authenticated and authorized based on a dynamic assessment of user identity, device health, and other contextual factors. This approach, often enforced through micro-segmentation and granular access policies, directly addresses the goal of preventing lateral movement. Strengthening the perimeter firewall is a feature of traditional security models, which Zero Trust aims to move beyond. Security awareness training and encrypting data at rest are essential security controls, but they do not represent the fundamental architectural shift of Zero Trust, which is focused on dynamically verifying access in transit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is lateral movement in cybersecurity?
Open an interactive chat with Bash
How does Zero Trust prevent lateral movement?
Open an interactive chat with Bash
What is micro-segmentation in Zero Trust architecture?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .